Reputation: 53
The induction principle generated by Coq does not behave like I want it to
EDITED for understandability
I am trying to prove properties on a special type of tree. This tree is like the following. The problem is that the induction principle generated by Coq is insufficient for me to proof properties of the tree. For a simpler example, say the following type describes all of my 'trees':
Inductive prv_tree(E:BES) : statement -> Prop :=
| REFL (G:propVar_relation)(a:Prop) :
prv_tree E (G |- a ---> a)
| TRA (G:propVar_relation) (a b c:Prop) :
prv_tree E (G |- a ---> b) -> prv_tree E (G |- b ---> c) ->
prv_tree E (G |- a ---> c).
Then, to prove soundness of all trees (for, say, implication), I need to prove the following lemma:
Lemma soundness: forall E:BES, forall f g:Prop, forall R G:propVar_relation,
(prv_tree E (G |- f ---> g)) -> (E,G,R |= f --> g).
For which I need to apply induction on the structure of the tree. However, if I do intros;induction H. then the first subgoal is (E,G,R |= f --> g) i.e. the information on the required structure of f and g is lost (I would want (E,G,R |= a --> a)). (Also, for the inductive case, the induction hypothesis states (E,G,R |= f --> g), which seems odd to me).
Another approach I have tried is to remember (G |- f ---> g), to keep the structure of f and g available. The proof then proceeds as intros;remember (G |- f --> g) as stmt in H.induction H. Then, I obtain goals and environment like I would expect for my base cases. However, for proving case TRA, I obtain the following proof context:
H : prv_tree E (G0 |- a --> b)
H0 : prv_tree E (G0 |- b --> c)
IHprv_tree1 : G0 |- a --> b = G |- f --> g -> (E,G,R |= f --> g)
IHprv_tree2 : G0 |- b --> c = G |- f --> g -> (E,G,R |= f --> g)
While I would expect the induction hypothesis to be
IHprv_tree1 : prv_tree E (G0 |- a --> b) -> (E,G,R |= a --> b)
IHprv_tree2 : prv_tree E (G0 |- b --> c) -> (E,G,R |= b --> c)
OLD TEXT
I am trying to prove properties on a special type of tree. This tree can be constructed using 21 different rules (which I will not all repeat here). The problem is that the induction principle generated by Coq is insufficient for me to proof properties of the tree.
The tree is constructed as follows
Inductive prv_tree (E:BES): (*BES ->*) statement -> Prop := .... (*constructors go here*).One of these constructors is
CTX: forall a b c:propForm, forall x:propVar, forall G:propVar_relation, (prv_tree E (makeStatement G a b) -> (prv_tree E (makeStatement G (replace c x a) (replace c x b))))My goal is proving
Lemma soundness: forall E:BES, forall f g:propForm, forall G:propVar_relation, forall tree:prv_tree E (makeStatement G f g), rel_cc_on_propForm E (cc_max E) G f g.To do this, I remember
makeStatement G f gsince otherwise I lose the info on the structure of f and g. I then apply induction on the tree. I have proven all cases as seperate lemmas, which I can succesfully use for the base cases. However, for the inductive cases, the induction hypothesis presented to me by Coq is unusable.For example, for the CTX constructor mentioned before, I obtain the following induction hypothesis:
IHP {| context := G; stm_l := a; stm_r := b |} = {| context := empty_relation; stm_l := replace c x a; stm_r := replace c x b |} -> E, cc_max E |- replace c x a <,_ empty_relation replace c x bwhich I cannot use. In stead, I want something like
IHP prv_tree E {| context := G; stm_l := a; stm_r := b |} -> E, cc_max E |- replace c x a <,_ empty_relation replace c x bCan somebody explain to me how to fix this? So far, I have tried defining my own induction principle on prv_tree, however this results in the same problems, so maybe I did this wrong?
The statement for CTX in my own induction principle is the following:
(forall a b c:propForm, forall x:propVar, forall G:propVar_relation, (prv_tree E {| context := G; stm_l := a; stm_r := b |} ) -> P {| context := G; stm_l := replace c x a; stm_r := replace c x b |})
Upvotes: 0
Views: 307
Answers (2)
Reputation: 53
Thank you for your help. In the end, I found the solution myself. The trick was in defining a helper function h:statement -> Prop, as expected by the induction principle, and use this function in stead of (E,G,R |= f --> g).
Upvotes: 0
Reputation: 3122
I think I understood your problem, but I had to fill in the wholes of your question. It would have been easier if you had come up with a self-contained example, as @ejgallego suggested.
Here is how I modelled your problem:
Axiom BES : Type.
Axiom propVar_relation : Type.
Inductive statement :=
| Stmt : propVar_relation -> Prop -> Prop -> statement.
Notation "G |- a ---> b" := (Stmt G a b) (at level 50).
Inductive prv_tree(E:BES) : statement -> Prop :=
| REFL (G:propVar_relation)(a:Prop) :
prv_tree E (G |- a ---> a)
| TRA (G:propVar_relation) (a b c:Prop) :
prv_tree E (G |- a ---> b) -> prv_tree E (G |- b ---> c) ->
prv_tree E (G |- a ---> c).
Lemma soundness: forall (E: BES) (f g:Prop) (R G:propVar_relation),
(prv_tree E (G |- f ---> g)) -> R = R.
Indeed we encounter the same problems as those you described in your question. The solution is to revert after the remember and before doing the induction.
intros.
remember (G |- f ---> g) as stmt. revert f g R G Heqstmt.
induction H; intros.
Now the induction hypotheses are still strange, but they should work.
Upvotes: 0
Related Questions
- How to explicitly use an induction principle in coq?
- proving strong induction in coq from scratch
- (A -> B) /\ (B -> C) -> (A -> C) in Coq?
- Abstracting patterns in induction rule for inductive predicates for Coq
- Induction principle for `le`
- How to prove the inductive step in coq?
- Induction hypothesis for free variables of closed term in the simply typed lambda calculus
- Induction principle for nested inductive types
- Getting a stronger induction principle in Coq
- Apply native induction principle in coq with several arguments