Proving f (f bool) = bool

Question

How can I in coq, prove that a function f that accepts a bool true|false and returns a bool true|false (shown below), when applied twice to a single bool true|false would always return that same value true|false:

(f:bool -> bool)

For example the function f can only do 4 things, lets call the input of the function b:

• Always return true
• Always return false
• Return b (i.e. returns true if b is true vice versa)
• Return not b (i.e. returns false if b is true and vice vera)

So if the function always returns true:

f (f bool) = f true = true

and if the function always return false we would get:

f (f bool) = f false = false

For the other cases lets assum the function returns not b

f (f true) = f false = true
f (f false) = f true = false

In both possible input cases, we we always end up with with the original input. The same holds if we assume the function returns b.

So how would you prove this in coq?

Goal forall (f:bool -> bool) (b:bool), f (f b) = f b.

Answer 1

Goal forall (f:bool -> bool) (b:bool), f (f (f b)) = f b.
Proof.
intros.
remember (f true) as ft.
remember (f false) as ff.
destruct ff ; destruct ft ; destruct b ; 
    try rewrite <- Heqft ; try rewrite <- Heqff ; 
    try rewrite <- Heqft ; try rewrite <- Heqff ; auto.
Qed.

Answer 2

A tad shorter proof:

Require Import Sumbool.

Goal forall (f : bool -> bool) (b:bool), f (f (f b)) = f b.
Proof.
  destruct b;                             (* case analysis on [b] *)
    destruct (sumbool_of_bool (f true));  (* case analysis on [f true] *)
    destruct (sumbool_of_bool (f false)); (* case analysis on [f false] *)
    congruence.                           (* equational reasoning *)
Qed.

Answer 3

In SSReflect:

Require Import ssreflect.

Goal forall (f:bool -> bool) (b:bool), f (f (f b)) = f b.
Proof.
move=> f.
by case et:(f true); case ef:(f false); case; rewrite ?et ?ef // !et ?ef.
Qed.

Answer 4

Thanks for wonderful assignment! Such a lovely theorem!

This is the proof using C-zar declarative proof style for Coq. It is a much longer than imperative ones (altrough it might be such because of my too low skill).

Theorem bool_cases : forall a, a = true \/ a = false.
proof.
    let a:bool.
    per cases on a.
    suppose it is false.
        thus thesis.
    suppose it is true.
        thus thesis.
    end cases.
end proof. Qed.

Goal forall (b:bool), f (f (f b)) = f b.
proof.
    let b:bool.
    per cases on b.

    suppose it is false.
        per cases of (f false = false \/ f false = true) by bool_cases.
        suppose (f false = false).
            hence (f (f (f false)) = f false).
        suppose H:(f false = true).
            per cases of (f true = false \/ f true = true) by bool_cases.
            suppose (f true = false).
                hence (f (f (f false)) = f false) by H.
            suppose (f true = true).
                hence (f (f (f false)) = f false) by H.
            end cases.
        end cases.

    suppose it is true.
        per cases of (f true = false \/ f true = true) by bool_cases.
        suppose H:(f true = false).
            per cases of (f false = false \/ f false = true) by bool_cases.
            suppose (f false = false).
                hence (f (f (f true)) = f true) by H.
            suppose (f false = true).
                hence (f (f (f true)) = f true) by H.
            end cases.
        suppose (f true = true).
            hence (f (f (f true)) = f true).
        end cases.

end cases.
end proof. Qed.