如何在 Coq 中完成这个证明

how to finish this proof in Coq

现在证明 window 看起来像这样:

1 subgoals
Case := "WHILE" : String.string
b : bexp
c : com
IHc : forall st' st : state,
      optimize_0plus_com c / st || st' -> c / st || st'
st : state
st' : state
st'' : state
H0 : optimize_0plus_com c / st || st'
IHceval1 : optimize_0plus_com c = optimize_0plus_com (WHILE b DO c END) ->
           (WHILE b DO c END) / st || st'
H : beval st (optimize_0plus_bexp b) = true
Heqloopdef : (WHILE optimize_0plus_bexp b DO optimize_0plus_com c END) =
             optimize_0plus_com (WHILE b DO c END)
H1 : (WHILE optimize_0plus_bexp b DO optimize_0plus_com c END) / st' || st''
IHceval2 : (WHILE optimize_0plus_bexp b DO optimize_0plus_com c END) =
           optimize_0plus_com (WHILE b DO c END) ->
           (WHILE b DO c END) / st' || st''
______________________________________(1/1)
(WHILE b DO c END) / st || st''

我觉得这应该很容易证明,但我不知道该怎么做。上下文中的 IHceval 假设接近我需要的,但它们并不完全匹配。有人可以帮我吗?

我是这样解决的:

apply E_WhileLoop with st'.
rewrite <- optimize_0plus_bexp_sound in H.
assumption.
apply IHc.
assumption.
apply IHceval2.
(*Look at the definition below*) reflexivity.

rewrite <- optimize_0plus_bexp_sound in H. 将 H 转换为 beval st b = true 对于自反性起作用的原因,这里是 optimize_0plus_com 的定义:

* match c with
  | SKIP => SKIP
  | i ::= a => i ::= optimize_0plus_aexp a
  | c1;; c2 => optimize_0plus_com c1;; optimize_0plus_com c2
  | IFB b THEN c1 ELSE c2 FI =>
      IFB optimize_0plus_bexp b THEN optimize_0plus_com c1
      ELSE optimize_0plus_com c2 FI
  | ********WHILE b DO c0 END =>
      WHILE optimize_0plus_bexp b DO optimize_0plus_com c0 END