apply vs rewrite

These two tactics are almost never interchangeable.

• apply implements the following rule, which means “to prove B, it's enough to prove A and A → B”

  $$\frac{AA\to B}{B}$$

• rewrite implements a different rule that means “to prove C, it's enough to prove x = y and C with all x replaced by y”:

  $$\frac{x=y[y/x]C}{C}$$

Use apply when the conclusion of a hypothesis matches the goal:

H: … → conclusion
===================
conclusion

Use rewrite when a hypothesis is an equality about a variable mentionned in the goal:

H: a = …
==================
… a …

Here is a concrete example:

Goal forall {A B} (f: A -> B) l, length (map f l) = length l.
forall (A B : Type) (f : A -> B) (l : list A),
Datatypes.length (map f l) = Datatypes.length l
Proof.
forall (A B : Type) (f : A -> B) (l : list A),
Datatypes.length (map f l) = Datatypes.length l
  induction l; simpl; [ reflexivity | ].
A, B: Type
f: A -> B
a: A
l: list A
IHl: Datatypes.length (map f l) = Datatypes.length l
S (Datatypes.length (map f l)) =
S (Datatypes.length l)

apply doesn't work out of the box, because the goal doesn't match; we can either use rewrite and equality or f_equal and apply:

   apply IHl.
In environment
A : Type
B : Type
f : A -> B
a : A
l : list A
IHl : Datatypes.length (map f l) = Datatypes.length l
Unable to unify
 "Datatypes.length (map f l) = Datatypes.length l"
with
 "S (Datatypes.length (map f l)) =
  S (Datatypes.length l)".
   rewrite IHl.
A, B: Type
f: A -> B
a: A
l: list A
IHl: Datatypes.length (map f l) = Datatypes.length l
S (Datatypes.length l) = S (Datatypes.length l)
   reflexivity.
Qed.

Here's how it looks with apply:

Goal forall {A B} (f: A -> B) l, List.length (map f l) = List.length l.
forall (A B : Type) (f : A -> B) (l : list A),
Datatypes.length (map f l) = Datatypes.length l
Proof.
forall (A B : Type) (f : A -> B) (l : list A),
Datatypes.length (map f l) = Datatypes.length l
  induction l; simpl; [ reflexivity | ].
A, B: Type
f: A -> B
a: A
l: list A
IHl: Datatypes.length (map f l) = Datatypes.length l
S (Datatypes.length (map f l)) =
S (Datatypes.length l)

   f_equal.
Datatypes.length (map f l) = Datatypes.length l
   apply IHl.
Qed.

Implicit quantification in lemma statements

The following two lemmas statements mean the same thing, but they behave slightly differently:

Lemma lt_transitive_forall : forall i j k: nat,
    i < j -> j < k -> i < k.
forall i j k : nat, i < j -> j < k -> i < k
Proof.
forall i j k : nat, i < j -> j < k -> i < k
  induction i.
forall j k : nat, 0 < j -> j < k -> 0 < k
i: nat
IHi: forall j k : nat, i < j -> j < k -> i < k
forall j k : nat, S i < j -> j < k -> S i < k 2: {
i: nat
IHi: forall j k : nat, i < j -> j < k -> i < k
forall j k : nat, S i < j -> j < k -> S i < k
    Check IHi.
IHi
     : forall j k : nat, i < j -> j < k -> i < k
Abort.

Lemma lt_transitive_params i j k :
  i < j -> j < k -> i < k.
i, j, k: nat
i < j -> j < k -> i < k
Proof.
i, j, k: nat
i < j -> j < k -> i < k
  induction i.
j, k: nat
0 < j -> j < k -> 0 < k
i, j, k: nat
IHi: i < j -> j < k -> i < k
S i < j -> j < k -> S i < k 2: {
i, j, k: nat
IHi: i < j -> j < k -> i < k
S i < j -> j < k -> S i < k
    Check IHi.
IHi
     : i < j -> j < k -> i < k
Abort.

The key difference is that in the second version, i, j, and k are already “introduced”, as if we had run intros, and as a result the induction hypothesis doesn't get forall-quantified over j and k.

induction vs destruct

If you want to perform case analysis on some expression x, use destruct x and not induction x. While the latter will essentially do the same for non-recursive inductive types, the former is much more idiomatic and does what you intended with recursive inductive types. With recursive inductive types, using induction x would add unnecessary induction hypotheses to the environment.

Consider the following example:

Lemma prec_lt: forall n: nat, n > 0 -> n - 1 < n.
forall n : nat, n > 0 -> n - 1 < n
Proof.
forall n : nat, n > 0 -> n - 1 < n

We want to perform case analysis on n to treat the case n = 0 separately.

  intro n.
n: nat
n > 0 -> n - 1 < n induction n.
0 > 0 -> 0 - 1 < 0
n: nat
IHn: n > 0 -> n - 1 < n
S n > 0 -> S n - 1 < S n
  -
0 > 0 -> 0 - 1 < 0 intro ABS.
ABS: 0 > 0
0 - 1 < 0 unfold ">" in ABS.
ABS: 0 < 0
0 - 1 < 0
    exfalso.
ABS: 0 < 0
False apply (Nat.lt_irrefl 0).
ABS: 0 < 0
0 < 0 assumption.
  -
n: nat
IHn: n > 0 -> n - 1 < n
S n > 0 -> S n - 1 < S n

Performing induction on n adds an unnecessary induction hypothesis to the environment.

Abort.

Lemma prec_lt: forall n: nat, n > 0 -> n - 1 < n.
forall n : nat, n > 0 -> n - 1 < n
Proof.
forall n : nat, n > 0 -> n - 1 < n
  intro n.
n: nat
n > 0 -> n - 1 < n destruct n.
0 > 0 -> 0 - 1 < 0
n: nat
S n > 0 -> S n - 1 < S n
  -
0 > 0 -> 0 - 1 < 0 intro ABS.
ABS: 0 > 0
0 - 1 < 0 unfold ">" in ABS.
ABS: 0 < 0
0 - 1 < 0
    exfalso.
ABS: 0 < 0
False apply (Nat.lt_irrefl 0).
ABS: 0 < 0
0 < 0 assumption.
  -
n: nat
S n > 0 -> S n - 1 < S n

Here, we do not have an unnecessary induction hypothesis in the environment.

    intros _.
n: nat
S n - 1 < S n simpl.
n: nat
n - 0 < S n rewrite Nat.sub_0_r.
n: nat
n < S n
    unfold "<".
n: nat
S n <= S n reflexivity.
Qed.

Manually selecting subgoals

When you have many goals, we do not recommend selecting subgoals manually (don't write 1,3,9,57: reflexivity). It's inelegant, hard to read, and brittle (if goals get ordered differently the wrong goals will get selected).

Instead, if you have many goals, use automation! See this exercise for an example.

Unnecessary steps

Here is a (non-exhaustive) list of steps that can be shortened or removed:

• simpl and intros are unnecessary before reflexivity.

• intros x is redundant before destruct/induction x if x was a forall-quantified variable.

• destruct x; destruct y can be replaced with destruct x, y.

• try repeat is equivalent to repeat: repeat never fails!

Avoid automatically generated names

Always choose names for your variables/hypotheses: this makes it easier for everyone (including yourself!) to follow your proof at a glance. For example:

Goal forall n m : nat, n <= m -> n * n <= m * m.
forall n m : nat, n <= m -> n * n <= m * m
Proof.
forall n m : nat, n <= m -> n * n <= m * m
  induction m; intros.
n: nat
H: n <= 0
n * n <= 0 * 0
n, m: nat
IHm: n <= m -> n * n <= m * m
H: n <= S m
n * n <= S m * S m
  -
n: nat
H: n <= 0
n * n <= 0 * 0 rewrite Nat.le_0_r in H.
n: nat
H: n = 0
n * n <= 0 * 0
    rewrite H.
n: nat
H: n = 0
0 * 0 <= 0 * 0
    constructor.
  -
n, m: nat
IHm: n <= m -> n * n <= m * m
H: n <= S m
n * n <= S m * S m rewrite Nat.le_succ_r in H.
n, m: nat
IHm: n <= m -> n * n <= m * m
H: n <= m \/ n = S m
n * n <= S m * S m
    destruct H.
n, m: nat
IHm: n <= m -> n * n <= m * m
H: n <= m
n * n <= S m * S m
n, m: nat
IHm: n <= m -> n * n <= m * m
H: n = S m
n * n <= S m * S m
    +
n, m: nat
IHm: n <= m -> n * n <= m * m
H: n <= m
n * n <= S m * S m lia.
    +
n, m: nat
IHm: n <= m -> n * n <= m * m
H: n = S m
n * n <= S m * S m rewrite H.
n, m: nat
IHm: n <= m -> n * n <= m * m
H: n = S m
S m * S m <= S m * S m
      constructor.
Qed.

…is not easy to read (what's that H hypothesis all about?). Instead, giving names to each hypothesis helps a lot:

Goal forall n m : nat, n <= m -> n * n <= m * m.
forall n m : nat, n <= m -> n * n <= m * m
Proof.
forall n m : nat, n <= m -> n * n <= m * m
  intros n m Hn_le_m.
n, m: nat
Hn_le_m: n <= m
n * n <= m * m
  induction m.
n: nat
Hn_le_m: n <= 0
n * n <= 0 * 0
n, m: nat
Hn_le_m: n <= S m
IHm: n <= m -> n * n <= m * m
n * n <= S m * S m
  -
n: nat
Hn_le_m: n <= 0
n * n <= 0 * 0 rewrite Nat.le_0_r in Hn_le_m.
n: nat
Hn_le_m: n = 0
n * n <= 0 * 0
    rewrite Hn_le_m.
n: nat
Hn_le_m: n = 0
0 * 0 <= 0 * 0
    constructor.
  -
n, m: nat
Hn_le_m: n <= S m
IHm: n <= m -> n * n <= m * m
n * n <= S m * S m rewrite Nat.le_succ_r in Hn_le_m.
n, m: nat
Hn_le_m: n <= m \/ n = S m
IHm: n <= m -> n * n <= m * m
n * n <= S m * S m
    destruct Hn_le_m as [Hn_lt_m | Hn_equals_m].
n, m: nat
Hn_lt_m: n <= m
IHm: n <= m -> n * n <= m * m
n * n <= S m * S m
n, m: nat
Hn_equals_m: n = S m
IHm: n <= m -> n * n <= m * m
n * n <= S m * S m
    +
n, m: nat
Hn_lt_m: n <= m
IHm: n <= m -> n * n <= m * m
n * n <= S m * S m lia.
    +
n, m: nat
Hn_equals_m: n = S m
IHm: n <= m -> n * n <= m * m
n * n <= S m * S m rewrite Hn_equals_m.
n, m: nat
Hn_equals_m: n = S m
IHm: n <= m -> n * n <= m * m
S m * S m <= S m * S m
      constructor.
Qed.

Some common tactics, such as destruct, induction or intros, have variants for introducing your own names. A few useful examples:

• destruct H as [HcaseA | HcaseB] (disjunction case)

• destruct H as [HA HB] (conjunction case)

• induction n as [ | IHn]

• intros (HA & HB & HC)

For more examples, have a look at the reference manual.