Skip to Content.
Sympa Menu

coq-club - [Coq-Club] Proving complex properties of Fixpoint's for all Ns greater than a value

coq-club AT inria.fr

Subject: The Coq mailing list

List archive

[Coq-Club] Proving complex properties of Fixpoint's for all Ns greater than a value


Chronological Thread 
  • From: Igor Jirkov <igorjirkov AT gmail.com>
  • To: coq-club AT inria.fr
  • Subject: [Coq-Club] Proving complex properties of Fixpoint's for all Ns greater than a value
  • Date: Mon, 27 Mar 2017 20:11:58 +0200
  • Authentication-results: mail3-smtp-sop.national.inria.fr; spf=None smtp.pra=igorjirkov AT gmail.com; spf=Pass smtp.mailfrom=igorjirkov AT gmail.com; spf=None smtp.helo=postmaster AT mail-wr0-f178.google.com
  • Ironport-phdr: 9a23:2bKdwRFTFKCfUXHbLXX9J51GYnF86YWxBRYc798ds5kLTJ78osqwAkXT6L1XgUPTWs2DsrQf2raQ6/iocFdDyK7JiGoFfp1IWk1NouQttCtkPvS4D1bmJuXhdS0wEZcKflZk+3amLRodQ56mNBXdrXKo8DEdBAj0OxZrKeTpAI7SiNm82/yv95HJbQhFgDWwbaluIBmqsA7cqtQYjYx+J6gr1xDHuGFIe+NYxWNpIVKcgRPx7dqu8ZBg7ipdpesv+9ZPXqvmcas4S6dYDCk9PGAu+MLrrxjDQhCR6XYaT24bjwBHAwnB7BH9Q5fxri73vfdz1SWGIcH7S60/VDK/5KlpVRDokj8KOSA5/m/KicJ+gqxUrx29qBFk2YHYfJuYOeBicq7Tf94XQ3dKUMZLVyxGB4Oxd4gBD+UGPeZCsoLzo1oOrQG9BQmrGuPk1zhFhn753a09yeQhEwDG3BYjH9IJrnTZt9r1NKIIXuC0yKnE1ynMb/RT2Trk7oXDbx4vofaJXb1qcMrRz1EiFxvZjlWKt4PqISmZ1vgRs2Wd8uFuVvqvhnY5pw1tpjWj3MQhh4nTio4I1FzJ9j91zJs3KNC7UEJ3fNqpHZVKuyyaOIZ6WMEvTmBytCony7AKp5i2dzUQxps93R7QcfmHfpCI4h39UOaRJi91hHd/d7K+gxa+6EahyvfgWsWt3lZGsyhIn9rWunAC0BzT7ceHSv9j8Uu7xTmP0AXT5vlFIUAyi6XbN4YszqAsmpcXq0jOHS/7lF/rgKOIdUgo4PWk5ubkb7n+o5+TLY50igXwMqQ0ncy/BPw1MgkBX2ic4+S81rzj/Vf6QLVNkP07iabZsJXAKsQaoq61GRNa0oEm6xqnFTepzMwYnWUbLFJCYB+Ik4/pO0jXLP/kCfe/nk+jnSxwx/HGO73hGo/CImLCkLfnZ7Z96lRTxBA9zdBFtNpoDeQKJ+u2UUvsvvTZCAU4Okq62bXJEtJ4g6IRXnjHIK6DM6TM+QuJ6eU1IeiWZ4gLkDn4IvkhofXpiClqyhcmYaC10M5POziDFfN8LhDBbA==

Hello!

I have a problem trying to prove a property of form:

forall (n:nat) (m:T),  n > s m -> f (g n m) = f n.

Here f: T -> U , g: nat -> T -> T , s: T -> nat.

The problem is that g  is defined as a fixpoint with decreasing n, I presume that it obliges me to use the proof by induction.

However, induction over n  is giving me premises I can not satisfy:

(n > s m -> f (g n m) = f n) -> (S n > s m -> f (g n m) ).

Having (S n > s m) I can not deduce  (n > s m).

Are there some recipes to cope with that kind of proofs?



** The description below lists  a bit more code in case it might help; however, it bases on the CompCert's implementation of PTrees (Patricia Trees) so I can not shape a minimal working example **


The property I want to prove is stated as this:


Fixpoint map_last_index {T} (m:Maps.PTree.t T) route :=
  match m with
  | Node Leaf _ Leaf => route
  | Node Leaf _ r => (map_last_index r route) ~1
  | Node l  _ Leaf => (map_last_index l route) ~0                                  
  | Node l _ r => max ((map_last_index  l route)~0) ((map_last_index r route)~1)
  | Leaf => 1
  end.

Fixpoint map_remove_r {T} (idx:nat) (m:Maps.PTree.t T) ( rem_at: positive)
   : Maps.PTree.t T :=
      (match compare (of_nat idx) rem_at, get (of_nat idx) m with
      | Lt, Some e => set (of_nat idx) e
      | Gt, Some e => set ((of_nat idx)-1) e
      | _, _ => fun x => x
      end
      )
        match idx with
        | 0%nat => Leaf
        | S n => map_remove_r n m rem_at
end.

Theorem spec_r:
  forall T (m:Maps.PTree.t T) b1 b0 n,
    (b1 < b0)%positive ->
    n > to_nat (map_last_index m 1) ->
    get b1 ( map_remove_r n m b0) = get b1 m.


map_remove  removes an element from a tree by index and shifts all next elements so that they are stored on an index equal to their old position minus one, filling the
"gap".

The node in a binary tree is located using  binary numbers to encode the route from the root. They serve as indices.

map_last_index computes the last index  a tree has a node for.



BR

Igor Zhirkov



Archive powered by MHonArc 2.6.18.

Top of Page