0

Here I am with another doubt on how to prove theorems in coq. This is as far as I got:

Theorem plus_lt : forall n1 n2 m,
  n1 + n2 < m ->
  n1 < m /\ n2 < m.
Proof.
  intros n1.
  induction n2 as [| n2' IHn2'].
  - intros m H. inversion H.
    + split.
      * unfold lt. rewrite add_0_r. 
        apply n_le_m__Sn_le_Sm. apply le_n.
      * unfold lt. rewrite add_0_r.
        apply n_le_m__Sn_le_Sm. apply O_le_n.
    + split.
      * rewrite add_0_r in H. rewrite H1. apply H.
      * unfold lt. apply n_le_m__Sn_le_Sm. apply O_le_n.
  - intros m H. 
    + induction m as [| m' IHm'].
      * unfold lt. apply n_le_m__Sn_le_Sm in H. apply Sn_le_Sm__n_le_m in H.
        rewrite add_comm in H. rewrite plus_n_Sm in H.
        inversion H.
      * inversion H.
        ++ rewrite H1. unfold lt in H. apply Sn_le_Sm__n_le_m in H.
           apply plus_le in H. unfold lt. destruct H. split.
           ** apply n_le_m__Sn_le_Sm. apply H.
           ** apply n_le_m__Sn_le_Sm. apply H0.
        ++ unfold lt in H. rewrite add_comm in H. rewrite plus_n_Sm in H.
           apply plus_le in H. destruct H. split.
           ** unfold lt. apply H2.
           ** unfold lt.

But the longer I stare at it, the more I realize that there has to be a much simpler way to prove this. Every avenue I tried end up with in a road block, something I can't prove. Here are my current goals:

  n1, n2' : nat
  IHn2' : forall m : nat, n1 + n2' < m -> n1 < m /\ n2' < m
  m' : nat
  H : S n2' <= S m'
  H2 : S n1 <= S m'
  IHm' : n1 + S n2' < m' -> n1 < m' /\ S n2' < m'
  m : nat
  H1 : S (n1 + S n2') <= m'
  H0 : m = m'
  ============================
  S (S n2') <= S m'

I mean, the size of this proof already tells me that I must have gone super wrong somewhere. The fact is far too clear to take these many steps. I have been at this little thing for over 8 hours already :-p

Hopefully one day I'll get the hang of it :-)

Thanks

Felipe Balbi
  • 147
  • 7

2 Answers2

1

You may also want to split the goal and then use transitivity of inequality with n_1 and n_1 + n_2. Idem for n_2.

Pierre Jouvelot
  • 901
  • 3
  • 13
0

I am not sure if you are proving this for educational purposes or because you need it elsewhere. In the latter case the solution is to use the lia (linear integer arithmetic) tactic:

Require Import Lia.

Theorem plus_lt : forall n1 n2 m,
  n1 + n2 < m ->
  n1 < m /\ n2 < m.
Proof.
  lia.
Qed.

In case you do this for educational purposes, the question is what lemmas you already have. I wouldn't try to prove it directly, but make use of simpler lemmas.

M Soegtrop
  • 1,268
  • 2
  • 8
  • Hi Soegtrop, I'm following Software Foundations Volume 1, so it's educational. – Felipe Balbi Oct 05 '21 at 12:57
  • Other lemmas/theorems: Lemma le_trans : forall m n o, m <= n -> n <= o -> m <= o. Theorem O_le_n : forall n, 0 <= n. Theorem n_le_m__Sn_le_Sm : forall n m, n <= m -> S n <= S m. Theorem Sn_le_Sm__n_le_m : forall n m, S n <= S m -> n <= m. Theorem lt_ge_cases : forall n m, n < m \/ n >= m. Theorem le_plus_l : forall a b, a <= a + b. Theorem plus_le : forall n1 n2 m, n1 + n2 <= m -> n1 <= m /\ n2 <= m. Theorem add_le_cases : forall n m p q, n + m <= p + q -> n <= p \/ m <= q. – Felipe Balbi Oct 05 '21 at 12:59
  • More lemmas/theorems: ``` Theorem plus_le_compat_l : forall n m p, n <= m -> p + n <= p + m. Theorem plus_le_compat_r : forall n m p, n <= m -> n + p <= m + p. Theorem le_plus_trans : forall n m p, n <= m -> n <= m + p. Theorem n_lt_m__n_le_m : forall n m, n < m -> n <= m. ``` – Felipe Balbi Oct 05 '21 at 12:59
  • 1
    In that case try to do it without induction, but by applying some of the lemmas you already have (along the lines suggested in the answer by Pierre Jouvelot). In general if your proofs get too long, try to make some auxiliary lemma(s). Otherwise you turn in circles and keep proving the same sub proof over and over again while doing experiments. Doing an auxilliary lemma clears you view. But I think in this case you should have everything already. – M Soegtrop Oct 05 '21 at 13:15