COMP 2067

Introduction to
Formal Reasoning
Revision
Dr. Kweh Yeah Lun
Tactics
• assume h
• means that we are going to prove an implication by assuming the
premise (the left-hand side) and using this assumption to prove
the conclusion (the right-hand side).
• exact h,
• We complete the proof by telling Lean that there is an assumption
that exactly matches the current goal.
• Example:
Try it!
• apply h
• if we have assumed an implication h : P → Q and our current goal
matches the right-hand side we can use this assumption to reduce
the problem to showing P
• Example:

Try it!
• constructor
• split the goal involving conjunction into two goals
• that is the goal: P ∧ Q becomes two goals, one is P, and the other
one is Q
• also split the goal: P ↔ Q into two goals: one is P → Q, and the
other one is Q → P.
• This is because P ↔ Q is (P → Q) ∧ (Q → P)
• Example:

Try it!
• For premise involving conjunction: cases pq with p q
• Split the premise into two premises
• that is premise: P ∧ Q into premise: P and premise: Q
• Example:

Try it!
• left and right
• To prove a disjunction P ∨ Q we can either prove P or prove Q.
• Example:

Try it!
• For premise involving disjunction: cases pq with p q
• Split the premise into two cases, one for P and the other one for Q
resulting in two subgoals.
• Example:

Try it!
• True is like empty conjunction
• combining no statements with "∧" doesn't affect the
overall truth value, which remains simply “True”.
• there is no statement to make it “false”.
• Tactic constructor can be used to close the proof.
• Example:
Try it!
• False is like empty disjunction
• there are no propositions to consider, so there are no
conditions to be met for the disjunction to be true.
• Symmetrically there is no way to prove false because we neither
have left nor right.
• However, doing cases on false as an assumption makes the current
goal go away as by magic and leaves no goals to be proven.
• Example:

Try it!
• We define ¬P as P → false which means that P is impossible.
• Here, when applying tactic assume P, then goal will be false
• Example:

Try it!
Predicate Logic
• Predicate
• a function-like construct that takes one or more
inputs (arguments) and returns a proposition
• the truth value of a predicate depends on the input
values
• when applied to specific objects, a predicate
evaluates to a proposition, which can be true or
false
• Predicates are often used to define properties and
conditions in mathematics and logic
Universal Quantifier
“If all students are clever then if all clever students are funny then all
students are funny.”
• (∀ x : A, PP x) → (∀ y : A, PP y → QQ y) → ∀ z : A , QQ z
• A stands for the type of students in the class, PP x means x is clever
and QQ x means x is funny
• Try it!
Tactic: assume for universal
quantifier
• To prove a goal of the form ∀ a ∈ A, a is clever in Lean, start with
assume a.
• This introduces a general element a from A that you must then show
to be clever.
Tactic: apply for universal quantifier
• If your premise is a universal quantification (e.g., "for all a in A, a is
clever") and your goal is to prove the specific instance of that
property for a particular a (e.g., "a is clever"), you can directly use the
apply tactic on the premise to close the goal.
• Lean recognizes that the premise covers all elements of A, including
the a in your goal.
The existential quantifier
• To prove a proposition of the form ∃ x : A , PP x, it is sufficient to prove
PP a for any a : A.
• Use existsi a for this and then prove PP a.
• Note that a can be any expression of type A, not necessarily a variable.
Tactic: cases … with … for premise
(assumption) involving existential
quantifier
• To use an assumption of the form h : ∃ x : A, P x, use cases h with x px
which replaces h with two assumptions x : A and px : P x.
• The tactic cases ... with ... applied to an existential assumption like
∃x∈A, P(x) allows you to unpack this assumption.
• It tells Lean, "Since we know such an x exists, let's give it a name, say
a, and we can now assume that a is in A and P(a) holds true for this
specific a."
Tactic: existsi
• If you have already assumed the existence of a specific element a in A
(as a premise), and your goal is to prove that there exists some
element in A with a certain property, you can use existsi a to directly
point to the existing a as the element satisfying that existence claim.
Intuitionistic logic and classical logic

Intuitionistic logic
• emphasizes constructive proofs, proving existence by providing an
actual example or method satisfying the proposition.
• It rejects the Law of Excluded Middle (LEM), meaning it doesn't
assume every statement is either true or false.
• Double negation elimination (¬¬P ⊧ P) isn't always valid.
• You need a constructive proof even after negating twice.
• Examples of constructive proofs:
• Proving that there exist even and odd natural numbers:
• Instead of using a proof by contradiction, a constructive proof would show
how to build even and odd numbers starting from 0 (e.g. 2 is constructed
by adding 1 to 1, and 3 is constructed by adding 1 to 2).
• Applications of constructive proofs:
• Computer science: Verification of programs, design of algorithms, and type
theory
Classical logic
• Bivalence: Every proposition is either true or false.
• There are no "third truth values" like "unknown" or
"indeterminate."
• known as the Law of Excluded Middle (EM).
• Non-contradiction: A proposition cannot be both true and false at the
same time.
• Double negation elimination: If the negation of the negation of a
proposition is true, then the proposition itself is true.
• This means "not not P" logically implies "P".
• Reasoning principles: Classical logic provides various rules and
principles for drawing valid conclusions from given propositions, such
as modus ponens, modus tollens, and syllogism.
 Law of Excluded Middle and RAA
• Axiom: The law of the excluded middle
Every proposition is either true or false.
• That is: For any proposition P: P ∨ ¬ P
• In latin this law is called Tertium non datur, which translates to the 3rd
is not given.
• Applying in Lean code: cases em P with p np
• Example: De Morgan’s 2nd Law – Left to right direction using em P

Try it!
Principle of Indirect Proof (RAA)
• to prove P it is sufficient to show that ¬P is impossible.
• In latin, it is known as reduction ad absurdo (reduction to the absurd).
• Applying raa in Lean: constant raa : ¬¬P → P
• Apply double negation on the goal
• Example:

Try it!
Classical Predicate Logic
• Can use classical logic in predicate logic even though the explanation
using truth tables doesn’t work anymore.
• There are predicate logic counterparts of the de Morgan laws which
now say that you can move negation through a quantifier by negating
the component and switching the quantifier.
• Example on em:

Try it
• Tactic cases em:
• Previously, cases em P with p np
• In general: cases em HP with Hp Hnp
• The cases em tactic is used to split the proof into two cases:
• which is HP is true (Hp) or HP is false (Hnp).
Summary of tactics
Boolean: Definition of bnot, band
and bor
bnot (!)
• negate the input
• If the input is true (tt), then the output is false (ff).
• If the input is false (ff), then the output is true (tt).
band (&&)
• If the 1st argument is tt, that is band tt : bool → bool, then this is just
the identity on the 2nd argument, because band tt tt = tt and band tt ff
= ff.
• If the 1st argument is ff then the outcome will be ff regardless of what
the 2nd argument is.
• In another words, band ff : bool → bool is the constant function which
will always return ff.
bor (||)
• If the 1st argument is tt, bor tt : bool → bool is always tt
• If the 1st argument is ff, bor ff : bool → bool is just an identity on the
2nd argument.
Proving some basic properties on
Boolean
• To reason about bool, use cases x to analyze a variable x : bool which
means that there are two possibilities tt and ff.
• Example: state and prove in predicate logic that every element of bool
is either tt or ff:

Try it!
Structural Recursion
(a) add 2 4 (b) leb 2 4 (c) leb 2 2
List
• For any type A: can construct empty list: list [] : list A, which is also
called nil.
• If there is an element a : A and a list l : list A, then the list a :: l : list A
can be formed with a in front of l
• Example: 1 :: [2,3] = [1,2,3].
• Also known as cons.
• Example: [1,2,3] = 1 :: 2 :: 3 :: [] or using nil and cons, which is cons 1
(cons 2 (cons 3 nil))
• All lists can be created from nil and cons
• Hence lists can be defined inductively in a manner very similar to ℕ
Try it

• This declaration means:

• For any type A : Type, there is a new type list A : Type
• There are elements nil : list A, and given a : A and l : list A, then
function cons a l.
• All the elements of list A can be generated by nil and then applying
cons a finite number of times,
• nil and cons a l are different elements,
• cons is injective, i.e. given cons a as = cons b bs, then a = b and as =
bs.
Basic Properties of list
• Most of the basic properties and their proofs are very similar to the
natural numbers.
• First: show that nil ≠ a :: l which corresponds to 0 ≠ succ n and true ≠
false.
• These properties are called no confusion properties.
• Use contradiction as before.

Try it!
Insertion Sort
• Here is the recursive function implementing the algorithm:

Try it!

• Using ins, it is easy to implement sort by inserting one element after

the other, recursively:

Try it!
Trees
• The definition has two constructors, leaf and node, which are used to
construct elements of the Tree type.
• leaf: represents a leaf node in a tree structure.
• node: represents a non-leaf node in a tree structure.
• It takes three arguments:
• The first argument is another tree, which represents the left
subtree.
• The second argument is a natural number (ℕ), typically
representing some value associated with the node.
• The third argument is another tree, representing the right subtree.
• By using these constructors recursively, you can build complex tree
structures where each node can have two subtrees (left and right) or
be a leaf with no subtrees.
• Each node has at most two children.
Tree Sort
• leverages the properties of a Binary Search Tree (BST) to sort a
collection of comparable items.
• Two main steps: Building the Binary Search Tree, and In-order
Traversal of the BST
• Give yourself a big clap.
• You have survive until the end. 
• Any question?
• Good luck in exam!
• Enjoy!
“Learning is the only thing the mind never
exhausts, never fears, and never regrets.”
– Leonardo da Vinci.

Hope you all enjoy this module!