Search code examples
coqprooftheorem-provingcoq-tactic

Stuck proving lemma with unprovable subgoals

I'm trying to prove a lemma that's based on the following definitions.

Section lemma.

Variable A : Type.
Variable P : A -> Prop.

Variable P_dec : forall x, {P x}+{~P x}.

Inductive vector : nat -> Type :=
  | Vnil : vector O
  | Vcons : forall {n}, A -> vector n -> vector (S n).

  Arguments Vcons {_} _ _.

Fixpoint countPV {n: nat} (v : vector n): nat :=
match v with
| Vnil => O
| Vcons x v' => if P_dec x then S (countPV v') else countPV v'
end.

The lemma I'm trying to prove is as follows

Lemma lem: forall (n:nat) (a:A) (v:vector n), 
      S n = countPV (Vcons a v) -> (P a /\ n = countPV v).

I've tried a lot of things and currently I'm at this point.

Proof.
  intros n a v.
  unfold not in P_dec.
  simpl.
  destruct P_dec.
  - intros.
    split.
    * exact p.
    * apply eq_add_S.
      exact H.
  - intros.
    split.

The context at this point:

2 subgoals
A : Type
P : A -> Prop
P_dec : forall x : A, {P x} + {P x -> False}
n : nat
a : A
v : vector n
f : P a -> False
H : S n = countPV v
______________________________________(1/2)
P a
______________________________________(2/2)
n = countPV v

My issue is that I seem to be stuck with two subgoals that I can not prove and the available context does not seem to be helpful. Can anyone provide me with some pointers to move on?

EDIT:

I've proven the lemma by contradicting H:

assert (countPV v <= n).
* apply countNotBiggerThanConstructor.
* omega.
Qed.

where countNotBiggerThanConstructor is:

Lemma countNotBiggerThanConstructor: forall {n : nat} (v: vector n), countPV v <= n.
Proof.
  intros n v.
  induction v.
  - reflexivity.
  - simpl.
    destruct P_dec.
    + apply le_n_S in IHv.
      assumption.
    + apply le_S.
      assumption.
Qed.
Solution

  • Notice that H can't possibly be true. That is a good thing, if you can prove False, you can prove anything. So I would do contradict H next (and you don't need that last split).

    Overall your proof seems a little messy to me. I suggest thinking about how you would prove this lemma on paper and trying to do that in Coq. I am not an expert in Coq, but I think it would also help you realize, that you need to use contradiction in this case.

    (Edit: BTW other answers suggesting that this lemma does not hold are wrong, but I can't comment with my 1 reputation)