0

I am teaching myself to use the Coq proof assistant through the Logical Foundations course.

I am stuck trying to prove the MApp case of the pumping lemma.

Lemma pumping : forall T (re : reg_exp T) s,
  s =~ re ->
  pumping_constant re <= length s ->
  exists s1 s2 s3,
    s = s1 ++ s2 ++ s3 /\
    s2 <> [] /\
    length s1 + length s2 <= pumping_constant re /\
    forall m, s1 ++ napp m s2 ++ s3 =~ re.

My approach so far has been to apply add_le_cases on the assumption that pumping_constant re1 + pumping_constant re2 <= length s1 + length s2 in order to deduce that pumping_constant re1 <= length s1 \/ pumping_constant re2 <= length s2.

Proof.
  intros T re s Hmatch.
  induction Hmatch
    as [ | x | s1 re1 s2 re2 Hmatch1 IH1 Hmatch2 IH2
       | s1 re1 re2 Hmatch IH | re1 s2 re2 Hmatch IH
       | re | s1 s2 re Hmatch1 IH1 Hmatch2 IH2 ].
  - (* MEmpty -- omitted *)
  - (* MChar -- omitted *)
  - (* MApp *)
    intro Hlength. simpl in Hlength. 
    rewrite app_length in Hlength. 
    pose proof (add_le_cases (pumping_constant re1) 
                             (pumping_constant re2) 
                             (length s1) 
                             (length s2) 
                             Hlength) as [Hre1ineq | Hre2ineq].

The case pumping_constant re1 <= length s1 led to an easy goal. The case pumping_constant re2 <= length s2, however, is a tougher nut to crack.

    -- (* pumping_constant re1 <= length s1 -- omitted *)
    -- (* pumping_constant re2 <= length s2. *)
      pose proof (IH2 Hre2ineq) as [s1' [s3' [s4' [
      Hs2eq [Hs3'len [Hlens1's3' Hnapp]]]]]].
      exists (s1++s1'), s3', s4'. repeat split.
      --- rewrite Hs2eq. repeat rewrite <- app_assoc.
          reflexivity.
      --- assumption.
      --- (* stuck *)

I have to prove length (s1 ++ s1') + length s3' <= pumping_constant (App re1 re2) (or length s1 + length s1' + length s3' <= pumping_constant re1 + pumping_constant re2 after simplification) but it doesn't seem like any of the assumptions are helpful. Excluding the inductive hypotheses, which are not reachable until I prove my current goal, I am left with:

Hre2ineq: pumping_constant re2 <= length s2
Hlength: pumping_constant re1 + pumping_constant re2 <= length s1 + length s2
Hlens1's3': length s1' + length s3' <= pumping_constant re2
Hs2eq: s2 = s1' ++ s3' ++ s4'
Hs3'len: s3' <> [ ]

Am I on the correct track by picking exists (s1++s1'), s3', s4' or is it a dead end? If it's not a dead end, how can I get closer to proving my current goal?

user566206
  • 47
  • 4
  • 1
    You are on the right track. One thing to consider is that there is a simple sufficient condition that is missing, and if you had it you could conclude easily. Then note that the case where it does not hold has already been handled in a previous branch, so you can strengthen a lemma somewhere to remember that condition in the current branch. – Li-yao Xia Jul 02 '22 at 21:52
  • Thank you for your reply. With `lt_ge_cases` I can deduce that `length s1 < pumping_constant re1 \/ length s1 >= pumping_constant re1`. The first case, `length s1 < pumping_constant re1`, leads to an easily solvable goal, just as you said. However, I am unsure as to what I should do to 'remember' that I have already handled the other case. – user566206 Jul 03 '22 at 09:54
  • 1
    Hint: contemplate this Venn diagram https://imgur.com/a/hzHXV5T – Li-yao Xia Jul 03 '22 at 10:37
  • Thank you for your guidance. At first I was trying to figure out how your advice could help me prove my immediate goal and so I was frustrated. But then I understood it was meant to solve a larger goal and then it became easy. Thanks again. :) – user566206 Jul 04 '22 at 19:12

0 Answers0