mathcoqprooftotality

Well founded recursion in Coq


I am trying to write a function for computing natural division in Coq and I am having some trouble defining it since it is not structural recursion.

My code is:

Inductive N : Set :=
  | O : N
  | S : N -> N.

Inductive Bool : Set :=
  | True : Bool
  | False : Bool.

Fixpoint sum (m :N) (n : N) : N :=
match m with
  | O => n
  | S x => S ( sum x n)
end.

Notation "m + n" := (sum m n) (at level 50, left associativity).

Fixpoint mult (m :N) (n : N) : N :=
match m with
  | O => O
  | S x => n + (mult x n)
end.

Notation "m * n" := (mult m n) (at level 40, left associativity).

Fixpoint pred (m : N) : N :=
match m with
  | O => S O
  | S x => x
end.

Fixpoint resta (m:N) (n:N) : N :=
match n with
  | O => m
  | S x => pred (resta m x)
end.
Notation "m - x" := (resta m x) (at level 50, left associativity).

Fixpoint leq_nat (m : N) (n : N) : Bool :=
match m with
  | O => True
  | S x => match n with 
    | O => False
    | S y => leq_nat x y
  end
end.

Notation "m <= n" := (leq_nat m n) (at level 70).

Fixpoint div (m : N) (n : N) : N :=
match n with
  | O => O
  | S x => match m <= n with
    | False => O
    | True => pred (div (m-n) n)
  end
end.

As you can see, Coq does not like my function div, it says

Error: Cannot guess decreasing argument of fix.

How can I supply in Coq a termination proof for this function? I can prove that if n>O ^ n<=m -> (m-n) < m.


Solution

  • The simplest strategy in this case is probably to use the Program extension together with a measure. You will then have to provide a proof that the arguments used in the recursive call are smaller than the top level ones according to the measure.

    Require Coq.Program.Tactics.
    Require Coq.Program.Wf.
    
    Fixpoint toNat (m : N) : nat :=
    match m with O => 0 | S n => 1 + (toNat n) end.
    
    Program Fixpoint div (m : N) (n : N) {measure (toNat m)}: N :=
    match n with
      | O => O
      | S x => match m <= n with
        | False => O
        | True => pred (div (m-n) n)
      end
    end.
    Next Obligation.
    (* your proof here *)