如何在 Coq 中完成这个证明
how to finish this proof in Coq
现在证明 window 看起来像这样:
1 subgoals
Case := "WHILE" : String.string
b : bexp
c : com
IHc : forall st' st : state,
optimize_0plus_com c / st || st' -> c / st || st'
st : state
st' : state
st'' : state
H0 : optimize_0plus_com c / st || st'
IHceval1 : optimize_0plus_com c = optimize_0plus_com (WHILE b DO c END) ->
(WHILE b DO c END) / st || st'
H : beval st (optimize_0plus_bexp b) = true
Heqloopdef : (WHILE optimize_0plus_bexp b DO optimize_0plus_com c END) =
optimize_0plus_com (WHILE b DO c END)
H1 : (WHILE optimize_0plus_bexp b DO optimize_0plus_com c END) / st' || st''
IHceval2 : (WHILE optimize_0plus_bexp b DO optimize_0plus_com c END) =
optimize_0plus_com (WHILE b DO c END) ->
(WHILE b DO c END) / st' || st''
______________________________________(1/1)
(WHILE b DO c END) / st || st''
我觉得这应该很容易证明,但我不知道该怎么做。上下文中的 IHceval 假设接近我需要的,但它们并不完全匹配。有人可以帮我吗?
我是这样解决的:
apply E_WhileLoop with st'.
rewrite <- optimize_0plus_bexp_sound in H.
assumption.
apply IHc.
assumption.
apply IHceval2.
(*Look at the definition below*) reflexivity.
rewrite <- optimize_0plus_bexp_sound in H.
将 H 转换为 beval st b = true
对于自反性起作用的原因,这里是 optimize_0plus_com 的定义:
* match c with
| SKIP => SKIP
| i ::= a => i ::= optimize_0plus_aexp a
| c1;; c2 => optimize_0plus_com c1;; optimize_0plus_com c2
| IFB b THEN c1 ELSE c2 FI =>
IFB optimize_0plus_bexp b THEN optimize_0plus_com c1
ELSE optimize_0plus_com c2 FI
| ********WHILE b DO c0 END =>
WHILE optimize_0plus_bexp b DO optimize_0plus_com c0 END
现在证明 window 看起来像这样:
1 subgoals
Case := "WHILE" : String.string
b : bexp
c : com
IHc : forall st' st : state,
optimize_0plus_com c / st || st' -> c / st || st'
st : state
st' : state
st'' : state
H0 : optimize_0plus_com c / st || st'
IHceval1 : optimize_0plus_com c = optimize_0plus_com (WHILE b DO c END) ->
(WHILE b DO c END) / st || st'
H : beval st (optimize_0plus_bexp b) = true
Heqloopdef : (WHILE optimize_0plus_bexp b DO optimize_0plus_com c END) =
optimize_0plus_com (WHILE b DO c END)
H1 : (WHILE optimize_0plus_bexp b DO optimize_0plus_com c END) / st' || st''
IHceval2 : (WHILE optimize_0plus_bexp b DO optimize_0plus_com c END) =
optimize_0plus_com (WHILE b DO c END) ->
(WHILE b DO c END) / st' || st''
______________________________________(1/1)
(WHILE b DO c END) / st || st''
我觉得这应该很容易证明,但我不知道该怎么做。上下文中的 IHceval 假设接近我需要的,但它们并不完全匹配。有人可以帮我吗?
我是这样解决的:
apply E_WhileLoop with st'.
rewrite <- optimize_0plus_bexp_sound in H.
assumption.
apply IHc.
assumption.
apply IHceval2.
(*Look at the definition below*) reflexivity.
rewrite <- optimize_0plus_bexp_sound in H.
将 H 转换为 beval st b = true
对于自反性起作用的原因,这里是 optimize_0plus_com 的定义:
* match c with
| SKIP => SKIP
| i ::= a => i ::= optimize_0plus_aexp a
| c1;; c2 => optimize_0plus_com c1;; optimize_0plus_com c2
| IFB b THEN c1 ELSE c2 FI =>
IFB optimize_0plus_bexp b THEN optimize_0plus_com c1
ELSE optimize_0plus_com c2 FI
| ********WHILE b DO c0 END =>
WHILE optimize_0plus_bexp b DO optimize_0plus_com c0 END