在Coq中證明`forall x xs ys，subseq（x :: xs）ys - > subseq xs ys`

Question

我有以下定義

Inductive subseq : list nat -> list nat -> Prop :=
| empty_subseq : subseq [] []
| add_right : forall y xs ys, subseq xs ys -> subseq xs (y::ys)
| add_both : forall x y xs ys, subseq xs ys -> subseq (x::xs) (y::ys)
.

使用這個，我希望證明以下引理

Lemma del_l_preserves_subseq : forall x xs ys, subseq (x :: xs) ys -> subseq xs ys.

所以，我嘗試通過destruct H來subseq (x :: xs) ys的證明。

Proof.
  intros. induction H.

3 subgoals (ID 209)

  x : nat
  xs : list nat
  ============================
  subseq xs [ ]

subgoal 2 (ID 216) is:
 subseq xs (y :: ys)
subgoal 3 (ID 222) is:
 subseq xs (y :: ys)

為什么第一個subseq xs []要求我證明subseq xs [] ？ 難道destruct策略不應該知道證明不能是empty_subseq的形式，因為類型包含x :: xs而不是[] ？

一般來說，我如何證明我試圖證明的引理？

Answer 1

難道destruct策略不應該知道證明不能是empty_subseq的形式，因為類型包含x :: xs而不是[]？

事實上， destruct並不是那么多。 它只是用empty_subseq中的[]和[]替換x :: xs和xs 。 特別是，這經常導致上下文中的信息丟失。 更好的選擇：

• 使用inversion而不是destruct 。

• 利用remember確保兩個類型指數subseq是之前變量destruct 。 （ remember (x :: xs) as xxs in H. ）這種更明確的目標管理也適用於induction 。

Answer 2

李瑤的回答實際上很有用。 這是引理的證明。

Lemma del_l_preserves_subseq : forall x xs ys, subseq (x :: xs) ys -> subseq xs ys.
Proof.
  intros x xs ys.
  induction ys as [|y ys'].
  - intros. inversion H. (* Inversion will detect that no constructor matches the type of H *)
  - intros. inversion H. (* Inversion will automatically discharge the first case *)
    + (* When [subseq (x :: xs) ys'] holds *)
      apply IHys' in H2. now apply add_right.
    + (* When [subseq xs ys'] holds *)
      now apply add_right.
Qed