The induction principle generated by Coq does not behave like I want it to

0
votes

EDITED for understandability

I am trying to prove properties on a special type of tree. This tree is like the following. The problem is that the induction principle generated by Coq is insufficient for me to proof properties of the tree. For a simpler example, say the following type describes all of my 'trees':

Inductive prv_tree(E:BES) : statement -> Prop :=
| REFL (G:propVar_relation)(a:Prop) : 
  prv_tree E (G |- a ---> a)
| TRA (G:propVar_relation) (a b c:Prop) :
  prv_tree E (G |- a ---> b) -> prv_tree E (G |- b ---> c) ->
    prv_tree E (G |- a ---> c).

Then, to prove soundness of all trees (for, say, implication), I need to prove the following lemma:

Lemma soundness: forall E:BES, forall f g:Prop, forall R G:propVar_relation, 
  (prv_tree E (G |- f ---> g)) -> (E,G,R |= f --> g).

For which I need to apply induction on the structure of the tree. However, if I do intros;induction H. then the first subgoal is (E,G,R |= f --> g) i.e. the information on the required structure of f and g is lost (I would want (E,G,R |= a --> a)). (Also, for the inductive case, the induction hypothesis states (E,G,R |= f --> g), which seems odd to me).

Another approach I have tried is to remember (G |- f ---> g), to keep the structure of f and g available. The proof then proceeds as intros;remember (G |- f --> g) as stmt in H.induction H. Then, I obtain goals and environment like I would expect for my base cases. However, for proving case TRA, I obtain the following proof context: 

H : prv_tree E (G0 |- a --> b)
H0 : prv_tree E (G0 |- b --> c)
IHprv_tree1 : G0 |- a --> b = G |- f --> g -> (E,G,R |= f --> g)
IHprv_tree2 : G0 |- b --> c = G |- f --> g -> (E,G,R |= f --> g)

While I would expect the induction hypothesis to be 

IHprv_tree1 : prv_tree E (G0 |- a --> b) -> (E,G,R |= a --> b)
IHprv_tree2 : prv_tree E (G0 |- b --> c) -> (E,G,R |= b --> c)

OLD TEXT

I am trying to prove properties on a special type of tree. This tree can be constructed using 21 different rules (which I will not all repeat here). The problem is that the induction principle generated by Coq is insufficient for me to proof properties of the tree.

The tree is constructed as follows

Inductive prv_tree (E:BES): (*BES ->*) statement -> Prop := 
.... (*constructors go here*).

One of these constructors is 

CTX: forall a b c:propForm, forall x:propVar, forall G:propVar_relation,
  (prv_tree E (makeStatement G a b) -> 
    (prv_tree E (makeStatement G (replace c x a) (replace c x b))))

My goal is proving 

Lemma soundness: forall E:BES, forall f g:propForm, forall G:propVar_relation, 
  forall tree:prv_tree E (makeStatement G f g), rel_cc_on_propForm E (cc_max E) G f g.

To do this, I remember makeStatement G f g since otherwise I lose the info on the structure of f and g. I then apply induction on the tree. I have proven all cases as seperate lemmas, which I can succesfully use for the base cases. However, for the inductive cases, the induction hypothesis presented to me by Coq is unusable.

For example, for the CTX constructor mentioned before, I obtain the following induction hypothesis:

IHP {| context := G; stm_l := a; stm_r := b |} =
  {| context := empty_relation; stm_l := replace c x a;
  stm_r := replace c x b |} ->
    E, cc_max E |- replace c x a <,_ empty_relation replace c x b

which I cannot use. In stead, I want something like

IHP prv_tree E {| context := G; stm_l := a; stm_r := b |} ->
  E, cc_max E |- replace c x a <,_ empty_relation replace c x b

Can somebody explain to me how to fix this? So far, I have tried defining my own induction principle on prv_tree, however this results in the same problems, so maybe I did this wrong?

The statement for CTX in my own induction principle is the following:

  (forall a b c:propForm, forall x:propVar, forall G:propVar_relation, 
    (prv_tree E {| context := G; stm_l := a; stm_r := b |} ) ->
      P {| context := G; stm_l := replace c x a; stm_r := replace c x b |})
2
coqinduction
Hi Myrthe, unfortunately it is a bit difficult to see the problem here without access to a full, self-contained example. I could all well that your induction hypothesis in not general enough, see generalize, but again, it is difficult to say without knowing more details.ejgallego
You can try to revert as many hypotheses as possible before applying your induction and see what you get.eponier
I updated the description. revert and generalize do not help me :(Myrthe van Delft
I'm interested to know how you define such notation E,G,R |= a --> b. I cannot make Coq parse such an expression, whatever notation I use.eponier
The notation is obtained from the following line of Coq code: Notation "E , R |- f <,_ G g" := (rel_cc_on_propForm E R G f g)(at level 200). I will admit, I do not truly know what level I should define the notation at, but it does increase readability to not use my very long function names. (Note, this notation is slightly different from the notation in my question.)Myrthe van Delft

2 Answers

0
votes

I think I understood your problem, but I had to fill in the wholes of your question. It would have been easier if you had come up with a self-contained example, as @ejgallego suggested.

Here is how I modelled your problem:

Axiom BES : Type.
Axiom propVar_relation : Type.

Inductive statement :=
| Stmt : propVar_relation -> Prop -> Prop -> statement.

Notation "G |- a ---> b" := (Stmt G a b) (at level 50).

Inductive prv_tree(E:BES) : statement -> Prop :=
| REFL (G:propVar_relation)(a:Prop) : 
  prv_tree E (G |- a ---> a)
| TRA (G:propVar_relation) (a b c:Prop) :
  prv_tree E (G |- a ---> b) -> prv_tree E (G |- b ---> c) ->
    prv_tree E (G |- a ---> c).

Lemma soundness: forall (E: BES) (f g:Prop) (R G:propVar_relation),
  (prv_tree E (G |- f ---> g)) -> R = R.

Indeed we encounter the same problems as those you described in your question. The solution is to revert after the remember and before doing the induction.

intros.
remember (G |- f ---> g) as stmt. revert f g R G Heqstmt.
induction H; intros.

Now the induction hypotheses are still strange, but they should work.

0
votes

Thank you for your help. In the end, I found the solution myself. The trick was in defining a helper function h:statement -> Prop, as expected by the induction principle, and use this function in stead of (E,G,R |= f --> g).