17.6. E‑matching🔗

E-matching is procedure for efficiently instantiating quantified theorem statements with ground terms that is widely employed in SMT solvers, used by grind to instantiate theorems efficiently. It is especially effective when combined with congruence closure, enabling grind to discover non-obvious consequences of equalities and annotated theorems automatically.

E-matching adds new facts to the metaphorical whiteboard, based on an index of theorems. When the whiteboard contains terms that match the index, the E-matching engine instantiates the corresponding theorems, and the resulting terms can feed further rounds of congruence closure, constraint propagation, and theory-specific solvers. Each fact added to the whiteboard by E-matching is referred to as an instance. Annotating theorems for E-matching, thus adding them to the index, is essential for enabling grind to make effective use of a library.

In addition to user-specified theorems, grind uses automatically generated equations for Lean.Parser.Term.match : termPattern matching. `match e, ... with | p, ... => f | ...` matches each given term `e` against each pattern `p` of a match alternative. When all patterns of an alternative match, the `match` term evaluates to the value of the corresponding right-hand side `f` with the pattern variables bound to the respective matched values. If used as `match h : e, ... with | p, ... => f | ...`, `h : e = p` is available within `f`. When not constructing a proof, `match` does not automatically substitute variables matched on in dependent variables' types. Use `match (generalizing := true) ...` to enforce this. Syntax quotations can also be used in a pattern match. This matches a `Syntax` value against quotations, pattern variables, or `_`. Quoted identifiers only match identical identifiers - custom matching such as by the preresolved names only should be done explicitly. `Syntax.atom`s are ignored during matching by default except when part of a built-in literal. For users introducing new atoms, we recommend wrapping them in dedicated syntax kinds if they should participate in matching. For example, in ```lean syntax "c" ("foo" <|> "bar") ... ``` `foo` and `bar` are indistinguishable during matching, but in ```lean syntax foo := "foo" syntax "c" (foo <|> "bar") ... ``` they are not.match-expressions as E-matching theorems. Behind the scenes, the elaborator generates auxiliary functions that implement pattern matches, along with equational theorems that specify their behavior. Using these equations with E-matching enables grind to reduce these instances of pattern matching.

17.6.1. Patterns🔗

The E-matching index is a table of patterns. When a term matches one of the patterns in the table, grind attempts to instantiate and apply the corresponding theorem, giving rise to further facts and equalities. Selecting appropriate patterns is an important part of using grind effectively: if the patterns are too restrictive, then useful theorems may not be applied; if they are too general, performance may suffer.

E-matching Patterns

Consider the following functions and theorems:

def f (a : Nat) : Nat :=
  a + 1

def g (a : Nat) : Nat :=
  a - 1

@[grind =]
theorem gf (x : Nat) : g (f x) = x := byx:Nat⊢ g (f x) = x
  simp [f, g]All goals completed! 🐙

The theorem gf asserts that g (f x) = x for all natural numbers x. The attribute grind = instructs grind to use the left-hand side of the equation, g (f x), as a pattern for heuristic instantiation via E-matching.

This proof goal does not include an instance of g (f x), but grind is nonetheless able to solve it:

example {a b} (h : f b = a) : g a = b := byx:Nata✝:Natb✝:Nata:Natb:Nath:f b = a⊢ g a = b
  grindAll goals completed! 🐙

Although g a is not an instance of the pattern g (f x), it becomes one modulo the equation f b = a. By substituting a with f b in g a, we obtain the term g (f b), which matches the pattern g (f x) with the assignment x := b. Thus, the theorem gf is instantiated with x := b, and the new equality g (f b) = b is asserted. grind then uses congruence closure to derive the implied equality g a = g (f b) and completes the proof.

Live ↪

The Lean.Parser.Command.grind_patterngrind_pattern command can be used to manually select an E-matching pattern for a theorem. Enabling the option trace.grind.ematch.instance causes grind print a trace message for each theorem instance it generates, which can be helpful when determining E-matching patterns.

syntaxE-matching Pattern Selection

command ::= ...
    | The `grind_pattern` command can be used to manually select a pattern for theorem instantiation.
Enabling the option `trace.grind.ematch.instance` causes `grind` to print a trace message for each
theorem instance it generates, which can be helpful when determining patterns.

When multiple patterns are specified together, all of them must match in the current context before
`grind` attempts to instantiate the theorem. This is referred to as a *multi-pattern*.
This is useful for theorems such as transitivity rules, where multiple premises must be simultaneously
present for the rule to apply.

In the following example, `R` is a transitive binary relation over `Int`.
```
opaque R : Int → Int → Prop
axiom Rtrans {x y z : Int} : R x y → R y z → R x z
```
To use the fact that `R` is transitive, `grind` must already be able to satisfy both premises.
This is represented using a multi-pattern:
```
grind_pattern Rtrans => R x y, R y z

example {a b c d} : R a b → R b c → R c d → R a d := by
  grind
```
The multi-pattern `R x y`, `R y z` instructs `grind` to instantiate `Rtrans` only when both `R x y`
and `R y z` are available in the context. In the example, `grind` applies `Rtrans` to derive `R a c`
from `R a b` and `R b c`, and can then repeat the same reasoning to deduce `R a d` from `R a c` and
`R c d`.

You can add constraints to restrict theorem instantiation. For example:
```
grind_pattern extract_extract => (as.extract i j).extract k l where
  as =/= #[]
```
The constraint instructs `grind` to instantiate the theorem only if `as` is **not** definitionally equal
to `#[]`.

## Constraints

- `x =/= term`: The term bound to `x` (one of the theorem parameters) is **not** definitionally equal to `term`.
  The term may contain holes (i.e., `_`).

- `x =?= term`: The term bound to `x` is definitionally equal to `term`.
  The term may contain holes (i.e., `_`).

- `size x < n`: The term bound to `x` has size less than `n`. Implicit arguments
and binder types are ignored when computing the size.

- `depth x < n`: The term bound to `x` has depth less than `n`.

- `is_ground x`: The term bound to `x` does not contain local variables or meta-variables.

- `is_value x`: The term bound to `x` is a value. That is, it is a constructor fully applied to value arguments,
a literal (`Nat`, `Int`, `String`, etc.), or a lambda `fun x => t`.

- `is_strict_value x`: Similar to `is_value`, but without lambdas.

- `not_value x`: The term bound to `x` is a **not** value (see `is_value`).

- `not_strict_value x`: Similar to `not_value`, but without lambdas.

- `gen < n`: The theorem instance has generation less than `n`. Recall that each term is assigned a
generation, and terms produced by theorem instantiation have a generation that is one greater than
the maximal generation of all the terms used to instantiate the theorem. This constraint complements
the `gen` option available in `grind`.

- `max_insts < n`: A new instance is generated only if less than `n` instances have been generated so far.

- `guard e`: The instantiation is delayed until `grind` learns that `e` is `true` in this state.

- `check e`: Similar to `guard e`, but `grind` checks whether `e` is implied by its current state by
assuming `¬ e` and trying to deduce an inconsistency.

## Example

Consider the following example where `f` is a monotonic function
```
opaque f : Nat → Nat
axiom fMono : x ≤ y → f x ≤ f y
```
and you want to instruct `grind` to instantiate `fMono` for every pair of terms `f x` and `f y` when
`x ≤ y` and `x` is **not** definitionally equal to `y`. You can use
```
grind_pattern fMono => f x, f y where
  guard x ≤ y
  x =/= y
```
Then, in the following example, only three instances are generated.
```
/--
trace: [grind.ematch.instance] fMono: a ≤ f a → f a ≤ f (f a)
[grind.ematch.instance] fMono: f a ≤ f (f a) → f (f a) ≤ f (f (f a))
[grind.ematch.instance] fMono: a ≤ f (f a) → f a ≤ f (f (f a))
-/
#guard_msgs in
example : f b = f c → a ≤ f a → f (f a) ≤ f (f (f a)) := by
  set_option trace.grind.ematch.instance true in
  grind
```
`attrKind` matches `("scoped" <|> "local")?`, used before an attribute like `@[local simp]`. grind_pattern ident => term,*

Associates a theorem with one or more patterns. When multiple patterns are provided in a single Lean.Parser.Command.grind_patterngrind_pattern command, all of them must match a term before grind will attempt to instantiate the theorem.

Selecting Patterns

The grind = attribute uses the left side of the equality as the E-matching pattern for gf:

def f (a : Nat) : Nat :=
  a + 1

def g (a : Nat) : Nat :=
  a - 1

@[grind =]
theorem gf (x : Nat) : g (f x) = x := byx:Nat⊢ g (f x) = x
  simp [f, g]All goals completed! 🐙

For example, the pattern g (f x) is too restrictive in the following case: the theorem gf will not be instantiated because the goal does not even contain the function symbol g.

In this example, grind fails because the pattern is too restrictive: the goal does not contain the function symbol g.

example (h₁ : f b = a) (h₂ : f c = a) : b = c := byb:Nata:Natc:Nath₁:f b = ah₂:f c = a⊢ b = c
  `grind` failed
grindb a c:Nath₁:f b = ah₂:f c = ah:¬b = c⊢ False
[grind] Goal diagnostics
[facts] Asserted facts
[prop] f b = a
[prop] f c = a
[prop] ¬b = c
[eqc] False propositions
[prop] b = c
[eqc] Equivalence classes
[eqc] {a, f b, f c}grindAll goals completed! 🐙

`grind` failed
grindb a c:Nath₁:f b = ah₂:f c = ah:¬b = c⊢ False
[grind] Goal diagnostics
[facts] Asserted facts
[prop] f b = a
[prop] f c = a
[prop] ¬b = c
[eqc] False propositions
[prop] b = c
[eqc] Equivalence classes
[eqc] {a, f b, f c}

Using just f x as the pattern allows grind to solve the goal automatically:

grind_pattern gf => f x

example {a b c} (h₁ : f b = a) (h₂ : f c = a) : b = c := bya:Natb:Natc:Nath₁:f b = ah₂:f c = a⊢ b = c
  grindAll goals completed! 🐙

Enabling trace.grind.ematch.instance makes it possible to see the equalities found by E-matching:

example (h₁ : f b = a) (h₂ : f c = a) : b = c := byb:Nata:Natc:Nath₁:f b = ah₂:f c = a⊢ b = c
  set_option trace.grind.ematch.instance true in
  [grind.ematch.instance] gf: g (f c) = c[grind.ematch.instance] gf: g (f b) = bgrindAll goals completed! 🐙

[grind.ematch.instance] gf: g (f c) = c[grind.ematch.instance] gf: g (f b) = b

After E-matching, the proof succeeds because congruence closure equates g (f c) with g (f b), because both f b and f c are equal to a. Thus, b and c must be in the same equivalence class.

Live ↪

When multiple patterns are specified together, all of them must match in the current context before grind attempts to instantiate the theorem. This is referred to as a multi-pattern. This is useful for lemmas such as transitivity rules, where multiple premises must be simultaneously present for the rule to apply. A single theorem may be associated with multiple separate patterns by using multiple invocations of Lean.Parser.Command.grind_patterngrind_pattern or the @[grind _=_] attribute. If any of these separate patterns match, the theorem will be instantiated.

Multi-Patterns

R is a transitive binary relation over Int:

opaque R : Int → Int → Prop
axiom Rtrans {x y z : Int} : R x y → R y z → R x z

To use the fact that R is transitive, grind must already be able to satisfy both premises. This is represented using a multi-pattern:

grind_pattern Rtrans => R x y, R y z

example {a b c d} : R a b → R b c → R c d → R a d := bya:Intb:Intc:Intd:Int⊢ R a b → R b c → R c d → R a d
  grindAll goals completed! 🐙

The multi-pattern R x y, R y z instructs grind to instantiate Rtrans only when both R x y and R y z are available in the context. In the example, grind applies Rtrans to derive R a c from R a b and R b c, and can then repeat the same reasoning to deduce R a d from R a c and R c d.

Live ↪

The grind attribute automatically generates an E-matching pattern or multi-pattern using a heuristic, instead of using Lean.Parser.Command.grindPattern : commandThe `grind_pattern` command can be used to manually select a pattern for theorem instantiation. Enabling the option `trace.grind.ematch.instance` causes `grind` to print a trace message for each theorem instance it generates, which can be helpful when determining patterns. When multiple patterns are specified together, all of them must match in the current context before `grind` attempts to instantiate the theorem. This is referred to as a *multi-pattern*. This is useful for theorems such as transitivity rules, where multiple premises must be simultaneously present for the rule to apply. In the following example, `R` is a transitive binary relation over `Int`. ``` opaque R : Int → Int → Prop axiom Rtrans {x y z : Int} : R x y → R y z → R x z ``` To use the fact that `R` is transitive, `grind` must already be able to satisfy both premises. This is represented using a multi-pattern: ``` grind_pattern Rtrans => R x y, R y z example {a b c d} : R a b → R b c → R c d → R a d := by grind ``` The multi-pattern `R x y`, `R y z` instructs `grind` to instantiate `Rtrans` only when both `R x y` and `R y z` are available in the context. In the example, `grind` applies `Rtrans` to derive `R a c` from `R a b` and `R b c`, and can then repeat the same reasoning to deduce `R a d` from `R a c` and `R c d`. You can add constraints to restrict theorem instantiation. For example: ``` grind_pattern extract_extract => (as.extract i j).extract k l where as =/= #[] ``` The constraint instructs `grind` to instantiate the theorem only if `as` is **not** definitionally equal to `#[]`. ## Constraints - `x =/= term`: The term bound to `x` (one of the theorem parameters) is **not** definitionally equal to `term`. The term may contain holes (i.e., `_`). - `x =?= term`: The term bound to `x` is definitionally equal to `term`. The term may contain holes (i.e., `_`). - `size x < n`: The term bound to `x` has size less than `n`. Implicit arguments and binder types are ignored when computing the size. - `depth x < n`: The term bound to `x` has depth less than `n`. - `is_ground x`: The term bound to `x` does not contain local variables or meta-variables. - `is_value x`: The term bound to `x` is a value. That is, it is a constructor fully applied to value arguments, a literal (`Nat`, `Int`, `String`, etc.), or a lambda `fun x => t`. - `is_strict_value x`: Similar to `is_value`, but without lambdas. - `not_value x`: The term bound to `x` is a **not** value (see `is_value`). - `not_strict_value x`: Similar to `not_value`, but without lambdas. - `gen < n`: The theorem instance has generation less than `n`. Recall that each term is assigned a generation, and terms produced by theorem instantiation have a generation that is one greater than the maximal generation of all the terms used to instantiate the theorem. This constraint complements the `gen` option available in `grind`. - `max_insts < n`: A new instance is generated only if less than `n` instances have been generated so far. - `guard e`: The instantiation is delayed until `grind` learns that `e` is `true` in this state. - `check e`: Similar to `guard e`, but `grind` checks whether `e` is implied by its current state by assuming `¬ e` and trying to deduce an inconsistency. ## Example Consider the following example where `f` is a monotonic function ``` opaque f : Nat → Nat axiom fMono : x ≤ y → f x ≤ f y ``` and you want to instruct `grind` to instantiate `fMono` for every pair of terms `f x` and `f y` when `x ≤ y` and `x` is **not** definitionally equal to `y`. You can use ``` grind_pattern fMono => f x, f y where guard x ≤ y x =/= y ``` Then, in the following example, only three instances are generated. ``` /-- trace: [grind.ematch.instance] fMono: a ≤ f a → f a ≤ f (f a) [grind.ematch.instance] fMono: f a ≤ f (f a) → f (f a) ≤ f (f (f a)) [grind.ematch.instance] fMono: a ≤ f (f a) → f a ≤ f (f (f a)) -/ #guard_msgs in example : f b = f c → a ≤ f a → f (f a) ≤ f (f (f a)) := by set_option trace.grind.ematch.instance true in grind ```grind_pattern to explicitly specify a pattern. It includes a number of variants that select different heuristics. The grind? attribute displays an info message showing the pattern which was selected—this is very helpful for debugging!

Patterns are subexpressions of theorem statements. A subexpression is indexable if it has an indexable constant as its head, and it is said to cover one of the theorem's arguments if it fixes the argument's value. Indexable constants are all constants other than Eq, HEq, Iff, And, Or, and Not. The set of arguments that are covered by a pattern or multi-pattern is referred to as its coverage. Some constants are lower priority than others; in particular, the arithmetic operators HAdd.hAdd, HSub.hSub, HMul.hMul, Dvd.dvd, HDiv.hDiv, and HMod.hMod have low priority. An indexable subexpression is minimal if there is no smaller indexable subexpression whose head constant has at least as high priority.

attributeGrind Patterns

When the grind attribute is added to a definition, it causes grind to unfold that definition to its body whenever it is encountered. When using the module system, if the body of the definition is not visible (e.g. via @[expose]), then the grind attribute is ignored.

attr ::= ...
    | Marks a theorem or definition for use by the `grind` tactic.

An optional modifier (e.g. `=`, `→`, `←`, `cases`, `intro`, `ext`, `inj`, etc.)
controls how `grind` uses the declaration:
* whether it is applied forwards, backwards, or both,
* whether equalities are used on the left, right, or both sides,
* whether case-splits, constructors, extensionality, or injectivity are applied,
* or whether custom instantiation patterns are used.

See the individual modifier docstrings for details.
grind grindMod?

The grind attribute automatically generates an E-matching pattern for a theorem, using a strategy determined by the provided modifier. If no modifier is provided, then grind suggests suitable modifiers, displaying the resulting patterns.

attr ::= ...
    | Like `@[grind]`, but enforces the **minimal indexable subexpression condition**:
when several subterms cover the same free variables, `grind!` chooses the smallest one.

This influences E-matching pattern selection.

### Example
```lean
theorem fg_eq (h : x > 0) : f (g x) = x

@[grind <-] theorem fg_eq (h : x > 0) : f (g x) = x
-- Pattern selected: `f (g x)`

-- With minimal subexpression:
@[grind! <-] theorem fg_eq (h : x > 0) : f (g x) = x
-- Pattern selected: `g x`
grind! grindMod?

The grind! attribute automatically generates an E-matching pattern for a theorem, using a strategy determined by the provided modifier. It additionally enforces the condition that the selected pattern(s) should be minimal indexable subexpressions.

attr ::= ...
    | Like `@[grind]`, but also prints the pattern(s) selected by `grind`
as info messages. Useful for debugging annotations and modifiers.
grind? grindMod?

The grind? displays the pattern that was generated.

attr ::= ...
    | Like `@[grind!]`, but also prints the pattern(s) selected by `grind`
as info messages. Combines minimal subexpression selection with debugging output.
grind!? grindMod?

The grind!? attribute is equivalent to grind!, except it displays the resulting pattern for inspection.

Without any modifier, @[grind] traverses the conclusion and then the hypotheses from left to right, adding patterns as they increase the coverage, stopping when all arguments are covered. This default strategy can be explicitly requested using the Lean.Parser.Attr.grindDefThe `.` modifier instructs `grind` to select a multi-pattern by traversing the conclusion of the theorem, and then the hypotheses from left to right. We say this is the default modifier. Each time it encounters a subexpression which covers an argument which was not previously covered, it adds that subexpression as a pattern, until all arguments have been covered. If `grind!` is used, then only minimal indexable subexpressions are considered.. modifier. In addition to using the default strategy, the attribute checks which other strategies could be applied, and displays all of the resulting patterns.

syntaxDefault Pattern

grindMod ::= ...
    | The `.` modifier instructs `grind` to select a multi-pattern by traversing the conclusion of the
theorem, and then the hypotheses from left to right. We say this is the default modifier.
Each time it encounters a subexpression which covers an argument which was not
previously covered, it adds that subexpression as a pattern, until all arguments have been covered.
If `grind!` is used, then only minimal indexable subexpressions are considered.
.

grindMod ::= ...
    | The `.` modifier instructs `grind` to select a multi-pattern by traversing the conclusion of the
theorem, and then the hypotheses from left to right. We say this is the default modifier.
Each time it encounters a subexpression which covers an argument which was not
previously covered, it adds that subexpression as a pattern, until all arguments have been covered.
If `grind!` is used, then only minimal indexable subexpressions are considered.
·

The . modifier instructs grind to select a multi-pattern by traversing the conclusion of the theorem, and then the hypotheses from left to right. We say this is the default modifier. Each time it encounters a subexpression which covers an argument which was not previously covered, it adds that subexpression as a pattern, until all arguments have been covered. If grind! is used, then only minimal indexable subexpressions are considered.

syntaxEquality Rewrites

grindMod ::= ...
    | The `=` modifier instructs `grind` to check that the conclusion of the theorem is an equality,
and then uses the left-hand side of the equality as a pattern. This may fail if not all of the arguments appear
in the left-hand side.
=

The = modifier instructs grind to check that the conclusion of the theorem is an equality, and then uses the left-hand side of the equality as a pattern. This may fail if not all of the arguments appear in the left-hand side.

syntaxBackward Equality Rewrites

grindMod ::= ...
    | The `=_` modifier instructs `grind` to check that the conclusion of the theorem is an equality,
and then uses the right-hand side of the equality as a pattern. This may fail if not all of the arguments appear
in the right-hand side.
=_

The =_ modifier instructs grind to check that the conclusion of the theorem is an equality, and then uses the right-hand side of the equality as a pattern. This may fail if not all of the arguments appear in the right-hand side.

syntaxBidirectional Equality Rewrites

grindMod ::= ...
    | The `_=_` modifier acts like a macro which expands to `=` and `=_`.  It adds two patterns,
allowing the equality theorem to trigger in either direction.
_=_

The _=_ modifier acts like a macro which expands to = and =_. It adds two patterns, allowing the equality theorem to trigger in either direction.

syntaxForward Reasoning

grindMod ::= ...
    | The `→` modifier instructs `grind` to select a multi-pattern from the hypotheses of the theorem.
In other words, `grind` will use the theorem for forwards reasoning.
To generate a pattern, it traverses the hypotheses of the theorem from left to right.
Each time it encounters a subexpression which covers an argument which was not
previously covered, it adds that subexpression as a pattern, until all arguments have been covered.
If `grind!` is used, then only minimal indexable subexpressions are considered.
→

The → modifier instructs grind to select a multi-pattern from the hypotheses of the theorem. In other words, grind will use the theorem for forwards reasoning. To generate a pattern, it traverses the hypotheses of the theorem from left to right. Each time it encounters a subexpression which covers an argument which was not previously covered, it adds that subexpression as a pattern, until all arguments have been covered. If grind! is used, then only minimal indexable subexpressions are considered.

syntaxBackward Reasoning

grindMod ::= ...
    | The `←` modifier instructs `grind` to select a multi-pattern from the conclusion of theorem.
In other words, `grind` will use the theorem for backwards reasoning.
This may fail if not all of the arguments to the theorem appear in the conclusion.
Each time it encounters a subexpression which covers an argument which was not
previously covered, it adds that subexpression as a pattern, until all arguments have been covered.
If `grind!` is used, then only minimal indexable subexpressions are considered.
←

The ← modifier instructs grind to select a multi-pattern from the conclusion of theorem. In other words, grind will use the theorem for backwards reasoning. This may fail if not all of the arguments to the theorem appear in the conclusion. Each time it encounters a subexpression which covers an argument which was not previously covered, it adds that subexpression as a pattern, until all arguments have been covered. If grind! is used, then only minimal indexable subexpressions are considered.

It is important to inspect the patterns generated by the @[grind] attribute to ensure that they match the correct parts of the lemma. If the pattern is too strict, the lemma will not be applied in situations where it would be relevant, leading to less automation. If it is too general, then performance will suffer as the lemma is tried in many situations where it is not helpful.

There are also three less commonly used modifiers for lemmas:

syntaxLeft-to-Right Traversal

grindMod ::= ...
    | The `⇒` modifier instructs `grind` to select a multi-pattern by traversing all the hypotheses from
left to right, followed by the conclusion.
Each time it encounters a subexpression which covers an argument which was not
previously covered, it adds that subexpression as a pattern, until all arguments have been covered.
If `grind!` is used, then only minimal indexable subexpressions are considered.
=>

grindMod ::= ...
    | The `⇒` modifier instructs `grind` to select a multi-pattern by traversing all the hypotheses from
left to right, followed by the conclusion.
Each time it encounters a subexpression which covers an argument which was not
previously covered, it adds that subexpression as a pattern, until all arguments have been covered.
If `grind!` is used, then only minimal indexable subexpressions are considered.
⇒

The ⇒ modifier instructs grind to select a multi-pattern by traversing all the hypotheses from left to right, followed by the conclusion. Each time it encounters a subexpression which covers an argument which was not previously covered, it adds that subexpression as a pattern, until all arguments have been covered. If grind! is used, then only minimal indexable subexpressions are considered.

syntaxRight-to-Left Traversal

grindMod ::= ...
    | The `⇐` modifier instructs `grind` to select a multi-pattern by traversing the conclusion, and then
all the hypotheses from right to left.
Each time it encounters a subexpression which covers an argument which was not
previously covered, it adds that subexpression as a pattern, until all arguments have been covered.
If `grind!` is used, then only minimal indexable subexpressions are considered.
<=

grindMod ::= ...
    | The `⇐` modifier instructs `grind` to select a multi-pattern by traversing the conclusion, and then
all the hypotheses from right to left.
Each time it encounters a subexpression which covers an argument which was not
previously covered, it adds that subexpression as a pattern, until all arguments have been covered.
If `grind!` is used, then only minimal indexable subexpressions are considered.
⇐

The ⇐ modifier instructs grind to select a multi-pattern by traversing the conclusion, and then all the hypotheses from right to left. Each time it encounters a subexpression which covers an argument which was not previously covered, it adds that subexpression as a pattern, until all arguments have been covered. If grind! is used, then only minimal indexable subexpressions are considered.

syntaxBackward Reasoning on Equality

grindMod ::= ...
    | The `←=` modifier is unlike the other `grind` modifiers, and it used specifically for
backwards reasoning on equality. When a theorem's conclusion is an equality proposition and it
is annotated with `@[grind ←=]`, grind `will` instantiate it whenever the corresponding disequality
is assumed—this is a consequence of the fact that grind performs all proofs by contradiction.
Ordinarily, the grind attribute does not consider the `=` symbol when generating patterns.
←=

The ←= modifier is unlike the other grind modifiers, and it used specifically for backwards reasoning on equality. When a theorem's conclusion is an equality proposition and it is annotated with @[grind ←=], grind will instantiate it whenever the corresponding disequality is assumed—this is a consequence of the fact that grind performs all proofs by contradiction. Ordinarily, the grind attribute does not consider the = symbol when generating patterns.

The @[grind ←=] Attribute

When attempting to prove that a⁻¹ = b, grind uses inv_eq due to the @[grind ←=] annotation.

@[grind ←=]
theorem declaration uses 'sorry'inv_eq [One α] [Mul α] [Inv α] {a b : α}
    (w : a * b = 1) : a⁻¹ = b :=
  sorry

Live ↪

syntaxFunction-Valued Congruence Closure

grindMod ::= ...
    | The `funCC` modifier marks global functions that support **function-valued congruence closure**.
Given an application `f a₁ a₂ … aₙ`, when `funCC := true`,
`grind` generates and tracks equalities for all partial applications:
- `f a₁`
- `f a₁ a₂`
- `…`
- `f a₁ a₂ … aₙ`
funCC

The funCC modifier marks global functions that support function-valued congruence closure. Given an application f a₁ a₂ … aₙ, when funCC := true, grind generates and tracks equalities for all partial applications:

f a₁
f a₁ a₂
…
f a₁ a₂ … aₙ

Some additional modifiers can be used to add other kinds of lemmas to the index. This includes extensionality theorems, injectivity theorems for functions, and a shortcut to add all constructors of an inductively defined predicate to the index.

syntaxExtensionality

grindMod ::= ...
    | The `ext` modifier marks extensionality theorems for use by `grind`.
For example, the standard library marks `funext` with this attribute.

Whenever `grind` encounters a disequality `a ≠ b`, it attempts to apply any
available extensionality theorems whose matches the type of `a` and `b`.
ext

The ext modifier marks extensionality theorems for use by grind. For example, the standard library marks funext with this attribute.

Whenever grind encounters a disequality a ≠ b, it attempts to apply any available extensionality theorems whose matches the type of a and b.

In addition, adding @[grind ext] to a structure registers a its extensionality theorem.

The @[grind ext] Attribute

Point is a structure with two fields:

structure Point where
  x : Int
  y : Int

By default, grind can solve goals like this one, because definitional equality includes η-equivalence for product types:

example (p : Point) : p = ⟨p.x, p.y⟩ := byp:Point⊢ p = { x := p.x, y := p.y } grindAll goals completed! 🐙

However, it can't solve goals like this one that require an appeal to propositional equalities:

example (p : Point) (a : Int) : a = p.x → p = ⟨a, p.y⟩ := byp:Pointa:Int⊢ a = p.x → p = { x := a, y := p.y } `grind` failed
grindp:Pointa:Inth:a = p.xh_1:¬p = { x := a, y := p.y }⊢ False
[grind] Goal diagnostics
[facts] Asserted facts
[prop] a = p.x
[prop] ¬p = { x := a, y := p.y }
[eqc] False propositions
[prop] p = { x := a, y := p.y }
[eqc] Equivalence classes
[eqc] {a, p.x}grindAll goals completed! 🐙

`grind` failed
grindp:Pointa:Inth:a = p.xh_1:¬p = { x := a, y := p.y }⊢ False
[grind] Goal diagnostics
[facts] Asserted facts
[prop] a = p.x
[prop] ¬p = { x := a, y := p.y }
[eqc] False propositions
[prop] p = { x := a, y := p.y }
[eqc] Equivalence classes
[eqc] {a, p.x}

This kind of goal may come up when proving theorems like the fact that swapping the fields of a point twice is the identity:

def Point.swap (p : Point) : Point := ⟨p.y, p.x⟩

theorem swap_swap_eq_id : Point.swap ∘ Point.swap = id := by⊢ Point.swap ∘ Point.swap = id
  unfold Point.swap⊢ ((fun p => { x := p.y, y := p.x }) ∘ fun p => { x := p.y, y := p.x }) = id
  `grind` failed
grindh:¬((fun p => { x := p.y, y := p.x }) ∘ fun p => { x := p.y, y := p.x }) = idw:Pointh_1:¬{ x := w.x, y := w.y } = id w⊢ False
[grind] Goal diagnostics
[facts] Asserted facts
[prop] ¬((fun p => { x := p.y, y := p.x }) ∘ fun p => { x := p.y, y := p.x }) = id
[prop] ∃ x, ¬{ x := x.x, y := x.y } = id x
[prop] ¬{ x := w.x, y := w.y } = id w
[prop] id w = w
[eqc] True propositions
[prop] ∃ x, ¬{ x := x.x, y := x.y } = id x
[eqc] False propositions
[prop] ((fun p => { x := p.y, y := p.x }) ∘ fun p => { x := p.y, y := p.x }) = id
[prop] { x := w.x, y := w.y } = id w
[eqc] Equivalence classes
[eqc] {w, id w}
[cases] Case analyses
[cases] [1/1]: ∃ x, ¬{ x := x.x, y := x.y } = id x
[cases] source: Extensionality `funext`
[ematch] E-matching patterns
[thm] id.eq_1: [@id #1 #0]

[grind] Diagnostics
[thm] E-Matching instances
[thm] id.eq_1 ↦ 1grindAll goals completed! 🐙

`grind` failed
grindh:¬((fun p => { x := p.y, y := p.x }) ∘ fun p => { x := p.y, y := p.x }) = idw:Pointh_1:¬{ x := w.x, y := w.y } = id w⊢ False
[grind] Goal diagnostics
[facts] Asserted facts
[prop] ¬((fun p => { x := p.y, y := p.x }) ∘ fun p => { x := p.y, y := p.x }) = id
[prop] ∃ x, ¬{ x := x.x, y := x.y } = id x
[prop] ¬{ x := w.x, y := w.y } = id w
[prop] id w = w
[eqc] True propositions
[prop] ∃ x, ¬{ x := x.x, y := x.y } = id x
[eqc] False propositions
[prop] ((fun p => { x := p.y, y := p.x }) ∘ fun p => { x := p.y, y := p.x }) = id
[prop] { x := w.x, y := w.y } = id w
[eqc] Equivalence classes
[eqc] {w, id w}
[cases] Case analyses
[cases] [1/1]: ∃ x, ¬{ x := x.x, y := x.y } = id x
[cases] source: Extensionality `funext`
[ematch] E-matching patterns
[thm] id.eq_1: [@id #1 #0]

[grind] Diagnostics
[thm] E-Matching instances
[thm] id.eq_1 ↦ 1

Adding the @[grind ext] attribute to Point enables grind to solve both the original example and prove this theorem:

attribute [grind ext] Point

example (p : Point) (a : Int) : a = p.x → p = ⟨a, p.y⟩ := byp:Pointa:Int⊢ a = p.x → p = { x := a, y := p.y }
  grindAll goals completed! 🐙

theorem swap_swap_eq_id' : Point.swap ∘ Point.swap = id := by⊢ Point.swap ∘ Point.swap = id
  unfold Point.swap⊢ ((fun p => { x := p.y, y := p.x }) ∘ fun p => { x := p.y, y := p.x }) = id
  grindAll goals completed! 🐙

Live ↪

syntaxInjectivity

grindMod ::= ...
    | The `inj` modifier marks injectivity theorems for use by `grind`.
The conclusion of the theorem must be of the form `Function.Injective f`
where the term `f` contains at least one constant symbol.
inj

The inj modifier marks injectivity theorems for use by grind. The conclusion of the theorem must be of the form Function.Injective f where the term f contains at least one constant symbol.

Injectivity Patterns

This function double doubles its argument:

def double (x : Nat) : Nat := x + x

By default, grind cannot prove the following theorem:

theorem A {n k : Nat} :
    double (n + 5) = double (k - 3) →
    n + 8 = k := byn:Natk:Nat⊢ double (n + 5) = double (k - 3) → n + 8 = k
  `grind` failed
grind.1n k:Nath:double (n + 5) = double (k - 3)h_1:¬n + 8 = kh_2:-1 * ↑k + 3 ≤ 0⊢ False
[grind] Goal diagnostics
[facts] Asserted facts
[prop] double (n + 5) = double (k - 3)
[prop] ↑(k - 3) = if -1 * ↑k + 3 ≤ 0 then ↑k + -3 else 0
[prop] ¬n + 8 = k
[prop] -1 * ↑k + 3 ≤ 0
[eqc] True propositions
[prop] -1 * ↑k + 3 ≤ 0
[eqc] False propositions
[prop] n + 8 = k
[eqc] Equivalence classes
[eqc] {double (n + 5), double (k - 3)}
[eqc] others
[eqc] {↑(k - 3), if -1 * ↑k + 3 ≤ 0 then ↑k + -3 else 0, ↑k + -3}
[cases] Case analyses
[cases] [1/2]: if -1 * ↑k + 3 ≤ 0 then ↑k + -3 else 0
[cases] source: Initial goal
[cutsat] Assignment satisfying linear constraints
[assign] n := 0
[assign] k := 3
[assign] double (n + 5) := 1
[assign] double (k - 3) := 1grindAll goals completed! 🐙

However, double is injective, and this fact can be registered for grind using the grind inj attribute:

@[grind inj]
theorem double_inj : Function.Injective double := by⊢ Function.Injective double
  simp only [double, Function.Injective]⊢ ∀ ⦃a₁ a₂ : Nat⦄, a₁ + a₁ = a₂ + a₂ → a₁ = a₂
  grindAll goals completed! 🐙

This injectivity lemma suffices to prove the theorem:

theorem B {n k : Nat} :
    double (n + 5) = double (k - 3) →
    n + 8 = k := byn:Natk:Nat⊢ double (n + 5) = double (k - 3) → n + 8 = k
  grindAll goals completed! 🐙

Live ↪

syntaxConstructor Patterns

grindMod ::= ...
    | The `intro` modifier instructs `grind` to use the constructors (introduction rules)
of an inductive predicate as E-matching theorems.Example:
```
inductive Even : Nat → Prop where
| zero : Even 0
| add2 : Even x → Even (x + 2)

attribute [grind intro] Even
example (h : Even x) : Even (x + 6) := by grind
example : Even 0 := by grind
```
Here `attribute [grind intro] Even` acts like a macro that expands to
`attribute [grind] Even.zero` and `attribute [grind] Even.add2`.
This is especially convenient for inductive predicates with many constructors.
intro

The intro modifier instructs grind to use the constructors (introduction rules) of an inductive predicate as E-matching theorems.Example:

inductive Even : Nat → Prop where
| zero : Even 0
| add2 : Even x → Even (x + 2)

attribute [grind intro] Even
example (h : Even x) : Even (x + 6) := byx:Nath:Even x⊢ Even (x + 6) grindAll goals completed! 🐙
example : Even 0 := by⊢ Even 0 grindAll goals completed! 🐙

Here attribute [grind intro] Even acts like a macro that expands to attribute [grind] Even.zero and attribute [grind] Even.add2. This is especially convenient for inductive predicates with many constructors.

Patterns for Constructors

The predicate Decreasing states that each of the values in a list of integers is less than the one before, and the function decreasing checks this property, returning a Bool.

inductive Decreasing : List Int → Prop
  | nil : Decreasing []
  | singleton : Decreasing [x]
  | cons : Decreasing (x :: xs) → y > x → Decreasing (y :: x :: xs)

def decreasing : List Int → Bool
  | [] | [_] => true
  | y :: x :: xs => y > x && decreasing (x :: xs)

The function is correct if it returns true exactly when Decreasing holds for its argument. Attempting to prove this fact using a combination of fun_induction and grind fails immediately, with none of the three cases proven:

def decreasingCorrect : decreasing xs = Decreasing xs := byxs:List Int⊢ (decreasing xs = true) = Decreasing xs
  fun_induction decreasingcase1⊢ (true = true) = Decreasing []case2head✝:Int⊢ (true = true) = Decreasing [head✝]case3y✝:Intx✝:Intxs✝:List Intih1✝:(decreasing (x✝ :: xs✝) = true) = Decreasing (x✝ :: xs✝)⊢ ((decide (y✝ > x✝) && decreasing (x✝ :: xs✝)) = true) = Decreasing (y✝ :: x✝ :: xs✝) <;>case1⊢ (true = true) = Decreasing []case2head✝:Int⊢ (true = true) = Decreasing [head✝]case3y✝:Intx✝:Intxs✝:List Intih1✝:(decreasing (x✝ :: xs✝) = true) = Decreasing (x✝ :: xs✝)⊢ ((decide (y✝ > x✝) && decreasing (x✝ :: xs✝)) = true) = Decreasing (y✝ :: x✝ :: xs✝) `grind` failed
grind.1y x:Intxs:List Intih1:(decreasing (x :: xs) = true) = Decreasing (x :: xs)h:(-1 * y + x + 1 ≤ 0 ∧ decreasing (x :: xs) = true) = ¬Decreasing (y :: x :: xs)left:-1 * y + x + 1 ≤ 0left_1:decreasing (x :: xs) = trueright_1:¬Decreasing (y :: x :: xs)⊢ False
[grind] Goal diagnostics
[facts] Asserted facts
[prop] (decreasing (x :: xs) = true) = Decreasing (x :: xs)
[prop] (-1 * y + x + 1 ≤ 0 ∧ decreasing (x :: xs) = true) = ¬Decreasing (y :: x :: xs)
[prop] -1 * y + x + 1 ≤ 0
[prop] decreasing (x :: xs) = true
[prop] ¬Decreasing (y :: x :: xs)
[eqc] True propositions
[prop] Decreasing (x :: xs)
[prop] ¬Decreasing (y :: x :: xs)
[prop] -1 * y + x + 1 ≤ 0 ∧ decreasing (x :: xs) = true
[prop] (-1 * y + x + 1 ≤ 0 ∧ decreasing (x :: xs) = true) = ¬Decreasing (y :: x :: xs)
[prop] (decreasing (x :: xs) = true) = Decreasing (x :: xs)
[prop] decreasing (x :: xs) = true
[prop] -1 * y + x + 1 ≤ 0
[eqc] False propositions
[prop] Decreasing (y :: x :: xs)
[eqc] Equivalence classes
[eqc] {true, decreasing (x :: xs)}
[cases] Case analyses
[cases] [1/2]: (-1 * y + x + 1 ≤ 0 ∧ decreasing (x :: xs) = true) = ¬Decreasing (y :: x :: xs)
[cases] source: Initial goal
[cutsat] Assignment satisfying linear constraints
[assign] y := 1
[assign] x := 0`grind` failed
grindh:True = ¬Decreasing []⊢ False
[grind] Goal diagnostics
[facts] Asserted facts
[prop] True = ¬Decreasing []
[eqc] True propositions
[prop] ¬Decreasing []
[prop] True = ¬Decreasing []
[eqc] False propositions
[prop] Decreasing []`grind` failed
grindhead:Inth:True = ¬Decreasing [head]⊢ False
[grind] Goal diagnostics
[facts] Asserted facts
[prop] True = ¬Decreasing [head]
[eqc] True propositions
[prop] ¬Decreasing [head]
[prop] True = ¬Decreasing [head]
[eqc] False propositions
[prop] Decreasing [head]grindAll goals completed! 🐙

`grind` failed
grindh:True = ¬Decreasing []⊢ False
[grind] Goal diagnostics
[facts] Asserted facts
[prop] True = ¬Decreasing []
[eqc] True propositions
[prop] ¬Decreasing []
[prop] True = ¬Decreasing []
[eqc] False propositions
[prop] Decreasing []

`grind` failed
grindhead:Inth:True = ¬Decreasing [head]⊢ False
[grind] Goal diagnostics
[facts] Asserted facts
[prop] True = ¬Decreasing [head]
[eqc] True propositions
[prop] ¬Decreasing [head]
[prop] True = ¬Decreasing [head]
[eqc] False propositions
[prop] Decreasing [head]

`grind` failed
grind.1y x:Intxs:List Intih1:(decreasing (x :: xs) = true) = Decreasing (x :: xs)h:(-1 * y + x + 1 ≤ 0 ∧ decreasing (x :: xs) = true) = ¬Decreasing (y :: x :: xs)left:-1 * y + x + 1 ≤ 0left_1:decreasing (x :: xs) = trueright_1:¬Decreasing (y :: x :: xs)⊢ False
[grind] Goal diagnostics
[facts] Asserted facts
[prop] (decreasing (x :: xs) = true) = Decreasing (x :: xs)
[prop] (-1 * y + x + 1 ≤ 0 ∧ decreasing (x :: xs) = true) = ¬Decreasing (y :: x :: xs)
[prop] -1 * y + x + 1 ≤ 0
[prop] decreasing (x :: xs) = true
[prop] ¬Decreasing (y :: x :: xs)
[eqc] True propositions
[prop] Decreasing (x :: xs)
[prop] ¬Decreasing (y :: x :: xs)
[prop] -1 * y + x + 1 ≤ 0 ∧ decreasing (x :: xs) = true
[prop] (-1 * y + x + 1 ≤ 0 ∧ decreasing (x :: xs) = true) = ¬Decreasing (y :: x :: xs)
[prop] (decreasing (x :: xs) = true) = Decreasing (x :: xs)
[prop] decreasing (x :: xs) = true
[prop] -1 * y + x + 1 ≤ 0
[eqc] False propositions
[prop] Decreasing (y :: x :: xs)
[eqc] Equivalence classes
[eqc] {true, decreasing (x :: xs)}
[cases] Case analyses
[cases] [1/2]: (-1 * y + x + 1 ≤ 0 ∧ decreasing (x :: xs) = true) = ¬Decreasing (y :: x :: xs)
[cases] source: Initial goal
[cutsat] Assignment satisfying linear constraints
[assign] y := 1
[assign] x := 0

Adding the grind intro attribute to Decreasing results in E-matching patterns being added for each of the three constructors, after which grind can prove the first two goals, and requires only a case analysis of a hypothesis to prove the final goal:

attribute [grind intro] Decreasing

def decreasingCorrect' : decreasing xs = Decreasing xs := byxs:List Int⊢ (decreasing xs = true) = Decreasing xs
  fun_induction decreasingcase1⊢ (true = true) = Decreasing []case2head✝:Int⊢ (true = true) = Decreasing [head✝]case3y✝:Intx✝:Intxs✝:List Intih1✝:(decreasing (x✝ :: xs✝) = true) = Decreasing (x✝ :: xs✝)⊢ ((decide (y✝ > x✝) && decreasing (x✝ :: xs✝)) = true) = Decreasing (y✝ :: x✝ :: xs✝) <;>case1⊢ (true = true) = Decreasing []case2head✝:Int⊢ (true = true) = Decreasing [head✝]case3y✝:Intx✝:Intxs✝:List Intih1✝:(decreasing (x✝ :: xs✝) = true) = Decreasing (x✝ :: xs✝)⊢ ((decide (y✝ > x✝) && decreasing (x✝ :: xs✝)) = true) = Decreasing (y✝ :: x✝ :: xs✝) try grindAll goals completed! 🐙
  case case3 y x xs ih =>y:Intx:Intxs:List Intih:(decreasing (x✝ :: xs✝) = true) = Decreasing (x✝ :: xs✝)⊢ ((decide (y✝ > x✝) && decreasing (x✝ :: xs✝)) = true) = Decreasing (y✝ :: x✝ :: xs✝)
    apply propextay:Intx:Intxs:List Intih:(decreasing (x✝ :: xs✝) = true) = Decreasing (x✝ :: xs✝)⊢ (decide (y > x) && decreasing (x :: xs)) = true ↔ Decreasing (y :: x :: xs)
    constructora.mpy:Intx:Intxs:List Intih:(decreasing (x✝ :: xs✝) = true) = Decreasing (x✝ :: xs✝)⊢ (decide (y > x) && decreasing (x :: xs)) = true → Decreasing (y :: x :: xs)a.mpry:Intx:Intxs:List Intih:(decreasing (x✝ :: xs✝) = true) = Decreasing (x✝ :: xs✝)⊢ Decreasing (y :: x :: xs) → (decide (y > x) && decreasing (x :: xs)) = true
    .a.mpy:Intx:Intxs:List Intih:(decreasing (x✝ :: xs✝) = true) = Decreasing (x✝ :: xs✝)⊢ (decide (y > x) && decreasing (x :: xs)) = true → Decreasing (y :: x :: xs) grindAll goals completed! 🐙
    .a.mpry:Intx:Intxs:List Intih:(decreasing (x✝ :: xs✝) = true) = Decreasing (x✝ :: xs✝)⊢ Decreasing (y :: x :: xs) → (decide (y > x) && decreasing (x :: xs)) = true intro
      | .cons hDec hLt =>y:Intx:Intxs:List Intih:(decreasing (x✝ :: xs✝) = true) = Decreasing (x✝ :: xs✝)x✝:Decreasing (y :: x :: xs)hDec:Decreasing (x :: xs)hLt:y > x⊢ (decide (y > x) && decreasing (x :: xs)) = true
        grindAll goals completed! 🐙

Adding grind cases to Decreasing enables this case analysis automatically, resulting in a fully automatic proof:

attribute [grind cases] Decreasing

def decreasingCorrect'' : decreasing xs = Decreasing xs := byxs:List Int⊢ (decreasing xs = true) = Decreasing xs
  fun_induction decreasingcase1⊢ (true = true) = Decreasing []case2head✝:Int⊢ (true = true) = Decreasing [head✝]case3y✝:Intx✝:Intxs✝:List Intih1✝:(decreasing (x✝ :: xs✝) = true) = Decreasing (x✝ :: xs✝)⊢ ((decide (y✝ > x✝) && decreasing (x✝ :: xs✝)) = true) = Decreasing (y✝ :: x✝ :: xs✝) <;>case1⊢ (true = true) = Decreasing []case2head✝:Int⊢ (true = true) = Decreasing [head✝]case3y✝:Intx✝:Intxs✝:List Intih1✝:(decreasing (x✝ :: xs✝) = true) = Decreasing (x✝ :: xs✝)⊢ ((decide (y✝ > x✝) && decreasing (x✝ :: xs✝)) = true) = Decreasing (y✝ :: x✝ :: xs✝) grindAll goals completed! 🐙

Live ↪

17.6.2. Inspecting Patterns

The grind? attribute is a version of the grind attribute that additionally displays the generated pattern or multi-pattern. Patterns and multi-patterns are displayed as lists of subexpressions, each of which is a pattern; ordinary patters are displayed as singleton lists. In these displayed patterns, the names of defined constants are printed as-is. When the theorem's parameters occur in the pattern, they are displayed using numbers rather than names. In particular, they are numbered from right to left, starting at 0; this representation is referred as de Bruijn indices.

Inspecting Patterns

In order to use this proof that divisibility is transitive with grind, it requires E-matching patterns:

theorem div_trans {n k j : Nat} : n ∣ k → k ∣ j → n ∣ j := byn:Natk:Natj:Nat⊢ n ∣ k → k ∣ j → n ∣ j
  intro ⟨d₁, p₁⟩ ⟨d₂, p₂⟩n:Natk:Natj:Natd₁:Natp₁:k = n * d₁d₂:Natp₂:j = k * d₂⊢ n ∣ j
  exact ⟨d₁ * d₂, byn:Natk:Natj:Natd₁:Natp₁:k = n * d₁d₂:Natp₂:j = k * d₂⊢ j = n * (d₁ * d₂) rw [p₂, p₁, Nat.mul_assoc]All goals completed! 🐙⟩

The right attribute to use is @[grind →], because there should be a pattern for each premise. Using @[grind? →], it is possible to see which patterns are generated:

attribute [div_trans: [@Dvd.dvd `[Nat] `[Nat.instDvd] #4 #3, @Dvd.dvd `[Nat] `[Nat.instDvd] #3 #2]grind? →] div_trans

There are two:

div_trans: [@Dvd.dvd `[Nat] `[Nat.instDvd] #4 #3, @Dvd.dvd `[Nat] `[Nat.instDvd] #3 #2]

Arguments are numbered from right to left, so #0 is the assumption that k ∣ j, while #4 is n. Thus, these two patterns correspond to the terms n ∣ k and k ∣ j.

Live ↪

The rules for selecting patterns from subexpressions of the hypotheses and conclusion are subtle.

Forward Pattern Generation

axiom p : Nat → Nat
axiom q : Nat → Nat

@[h₁: [q #1]grind!? →] theorem declaration uses 'sorry'h₁ (w : 7 = p (q x)) : p (x + 1) = q x := sorry

h₁: [q #1]

The pattern is q x. Counting from the right, parameter #0 is the premise w and parameter #1 is the implicit parameter x.

Why did @[grind →]? select q #1? The attribute @[grind →] finds patterns by traversing the hypotheses (that is, parameters whose types are propositions) from left to right. In this case, there's only a single hypothesis: 7 = p (q x). The heuristic described above says that grind will search for a minimal indexable subexpression which covers a previously uncovered parameter. There's just one uncovered parameter, namely x. The whole hypothesis p (q x) = 7 can't be used because grind will not index on equality. The right-hand side 7 is not helpful, because it doesn't determine the value of x. p (q x) is not suitable because it is not minimal: it has q x inside of it, which is indexable (its head is the constant q), and it determines the value of x. The expression q x itself is minimal, because x is not indexable. Thus, q x is selected as the pattern.

Live ↪

Backward Pattern Generation

In this example, the Lean.Parser.Attr.grindMod← modifier indicates that the pattern should be found in the conclusion:

set_option trace.grind.debug.ematch.pattern true in
@[[grind.debug.ematch.pattern] place: p (x + 1) = q x[grind.debug.ematch.pattern] collect: p (x + 1) = q x[grind.debug.ematch.pattern] arg: Nat, support: true[grind.debug.ematch.pattern] arg: p (x + 1), support: false[grind.debug.ematch.pattern] collect: p (x + 1)[grind.debug.ematch.pattern] candidate: p (x + 1)[grind.debug.ematch.pattern] found pattern: p (#1 + 1)[grind.debug.ematch.pattern] found full coverage[grind.debug.ematch.pattern] arg: q x, support: falseh₂: [p (#1 + 1)]grind? ←] theorem declaration uses 'sorry'h₂ (w : 7 = p (q x)) : p (x + 1) = q x := sorry

The left side of the equality is used because Eq is not indexable and HAdd.hAdd has lower priority than p.

h₂: [p (#1 + 1)]

Live ↪

Bidirectional Equality Pattern Generation

In this example, two separate E-matching patterns are generated from the equality conclusion. One matches the left-hand side, and the other matches the right-hand side.

@[h₃: [q #1]h₃: [p (#1 + 1)]grind? _=_] theorem declaration uses 'sorry'h₃ (w : 7 = p (q x)) : p (x + 1) = q x := sorry

h₃: [q #1]

The entire left side of the equality is used instead of just x + 1 because HAdd.hAdd has lower priority than p.

h₃: [p (#1 + 1)]

Live ↪

Patterns from Conclusion and Hypotheses

Without any modifiers, @[grind] produces a multipattern by first checking the conclusion and then the premises:

@[h₄: [p (#2 + 2), q #1]grind? .] theorem declaration uses 'sorry'h₄ (w : p x = q y) : p (x + 2) = 7 := sorry

Here, argument x is #2, y is #1, and w is #0. The resulting multipattern contains the left-hand side of the equality, which is the only minimal indexable subexpression of the conclusion that covers an argument (namely x). It also contains q y, which is the only minimal indexable subexpression of the hypothesis w that covers an additional argument (namely y).

h₄: [p (#2 + 2), q #1]

Live ↪

Failing Backward Pattern Generation

In this example, pattern generation fails because the theorem's conclusion doesn't mention the the argument y.

@[`@[grind ←] theorem h₅` failed to find patterns in the theorem's conclusion, consider using different options or the `grind_pattern` commandgrind? ←] theorem declaration uses 'sorry'h₅ (w : p x = q y) : p (x + 2) = 7 := sorry

`@[grind ←] theorem h₅` failed to find patterns in the theorem's conclusion, consider using different options or the `grind_pattern` command

Live ↪

Left-to-Right Generation

In this example, the pattern is generated by traversing the premises from left to right, followed by the conclusion:

@[h₆: [q (#3 + 2), p (#2 + 2)]grind? =>] theorem declaration uses 'sorry'h₆
    (_ : q (y + 2) = q y)
    (_ : q (y + 1) = q y) :
    p (x + 2) = 7 :=
  sorry

In the patterns, y is argument #3 and x is argument #2, because automatic implicit parameters are inserted from left to right and y occurs before x in the theorem statement. The premises are arguments #1 and #0. In the resulting multipattern, y is covered by a subexpression of the first premise, and z is covered by a subexpression of the conclusion:

h₆: [q (#3 + 2), p (#2 + 2)]

Live ↪

17.6.3. Resource Limits🔗

E-matching can generate an unbounded number of theorem instances. For the sake of both efficiency and termination, grind limits the number of times that E-matching can run using two mechanisms:

Generations: Each term is assigned a generation, and terms produced by E-matching have a generation that is one greater than the maximal generation of all the terms used to instantiate the theorem. E-matching only considers terms whose generation is beneath a configurable threshold. The gen option to grind controls the generation threshold.
Round Limits: Each invocation of the E-matching engine is referred to as a round. Only a limited number of rounds of E-matching are performed. The ematch option to grind controls the round limit.

Too Many Instances

E-matching can generate too many theorem instances. Some patterns may even generate an unbounded number of instances.

In this example, s_eq is added to the index with the pattern s x:

def s (x : Nat) := 0

@[s_eq: [s #0]grind? =] theorem s_eq (x : Nat) : s x = s (x + 1) :=
  rfl

s_eq: [s #0]

Attempting to use this theorem results in many facts about s applied to concrete values being generated. In particular, s_eq is instantiated with a new Nat in each of the five rounds. First, grind instantiates s_eq with x := 0, which generates the term s 1. This matches the pattern s x, and is thus used to instantiate s_eq with x := 1, which generates the term s 2, and so on until the round limit is reached.

example : s 0 > 0 := by⊢ s 0 > 0
  `grind` failed
grindh:s 0 = 0⊢ False
[grind] Goal diagnostics
[facts] Asserted facts
[prop] s 0 = 0
[prop] s 0 = s 1
[prop] s 1 = s 2
[prop] s 2 = s 3
[prop] s 3 = s 4
[prop] s 4 = s 5
[eqc] Equivalence classes
[eqc] {s 0, 0, s 1, s 2, s 3, s 4, s 5}
[ematch] E-matching patterns
[thm] s_eq: [s #0]
[cutsat] Assignment satisfying linear constraints
[assign] s 0 := 0
[assign] s 1 := 0
[assign] s 2 := 0
[assign] s 3 := 0
[assign] s 4 := 0
[assign] s 5 := 0
[limits] Thresholds reached
[limit] maximum number of E-matching rounds has been reached, threshold: `(ematch := 5)`

[grind] Diagnostics
[thm] E-Matching instances
[thm] s_eq ↦ 5grindAll goals completed! 🐙

`grind` failed
grindh:s 0 = 0⊢ False
[grind] Goal diagnostics
[facts] Asserted facts
[prop] s 0 = 0
[prop] s 0 = s 1
[prop] s 1 = s 2
[prop] s 2 = s 3
[prop] s 3 = s 4
[prop] s 4 = s 5
[eqc] Equivalence classes
[eqc] {s 0, 0, s 1, s 2, s 3, s 4, s 5}
[ematch] E-matching patterns
[thm] s_eq: [s #0]
[cutsat] Assignment satisfying linear constraints
[assign] s 0 := 0
[assign] s 1 := 0
[assign] s 2 := 0
[assign] s 3 := 0
[assign] s 4 := 0
[assign] s 5 := 0
[limits] Thresholds reached
[limit] maximum number of E-matching rounds has been reached, threshold: `(ematch := 5)`

[grind] Diagnostics
[thm] E-Matching instances
[thm] s_eq ↦ 5

Increasing the round limit to 20 causes E-matching to terminate due to the default generation limit of 8:

example : s 0 > 0 := by⊢ s 0 > 0
  `grind` failed
grindh:s 0 = 0⊢ False
[grind] Goal diagnostics
[facts] Asserted facts
[prop] s 0 = 0
[prop] s 0 = s 1
[prop] s 1 = s 2
[prop] s 2 = s 3
[prop] s 3 = s 4
[prop] s 4 = s 5
[prop] s 5 = s 6
[prop] s 6 = s 7
[prop] s 7 = s 8
[eqc] Equivalence classes
[eqc] {s 0, 0, s 1, s 2, s 3, s 4, s 5, s 6, s 7, s 8}
[ematch] E-matching patterns
[thm] s_eq: [s #0]
[cutsat] Assignment satisfying linear constraints
[assign] s 0 := 0
[assign] s 1 := 0
[assign] s 2 := 0
[assign] s 3 := 0
[assign] s 4 := 0
[assign] s 5 := 0
[assign] s 6 := 0
[assign] s 7 := 0
[assign] s 8 := 0
[limits] Thresholds reached
[limit] maximum term generation has been reached, threshold: `(gen := 8)`

[grind] Diagnostics
[thm] E-Matching instances
[thm] s_eq ↦ 8grind (ematch := 20)All goals completed! 🐙

`grind` failed
grindh:s 0 = 0⊢ False
[grind] Goal diagnostics
[facts] Asserted facts
[prop] s 0 = 0
[prop] s 0 = s 1
[prop] s 1 = s 2
[prop] s 2 = s 3
[prop] s 3 = s 4
[prop] s 4 = s 5
[prop] s 5 = s 6
[prop] s 6 = s 7
[prop] s 7 = s 8
[eqc] Equivalence classes
[eqc] {s 0, 0, s 1, s 2, s 3, s 4, s 5, s 6, s 7, s 8}
[ematch] E-matching patterns
[thm] s_eq: [s #0]
[cutsat] Assignment satisfying linear constraints
[assign] s 0 := 0
[assign] s 1 := 0
[assign] s 2 := 0
[assign] s 3 := 0
[assign] s 4 := 0
[assign] s 5 := 0
[assign] s 6 := 0
[assign] s 7 := 0
[assign] s 8 := 0
[limits] Thresholds reached
[limit] maximum term generation has been reached, threshold: `(gen := 8)`

[grind] Diagnostics
[thm] E-Matching instances
[thm] s_eq ↦ 8

Live ↪

Increasing E-matching Limits

iota returns the list of all numbers strictly less than its argument, and the theorem iota_succ describes its behavior on Nat.succ:

def iota : Nat → List Nat
  | 0 => []
  | n + 1 => n :: iota n

@[grind =] theorem iota_succ : iota (n + 1) = n :: iota n :=
  rfl

The fact that (iota 20).length > 10 can be proven by repeatedly instantiating iota_succ and List.length_cons. However, grind does not succeed:

example : (iota 20).length > 10 := by⊢ (iota 20).length > 10
  `grind` failed
grindh:(iota 20).length ≤ 10⊢ False
[grind] Goal diagnostics
[facts] Asserted facts
[prop] (iota 20).length ≤ 10
[prop] iota 20 = 19 :: iota 19
[prop] iota 19 = 18 :: iota 18
[prop] (19 :: iota 19).length = (iota 19).length + 1
[prop] iota 18 = 17 :: iota 17
[prop] (18 :: iota 18).length = (iota 18).length + 1
[prop] iota 17 = 16 :: iota 16
[prop] (17 :: iota 17).length = (iota 17).length + 1
[prop] iota 16 = 15 :: iota 15
[prop] (16 :: iota 16).length = (iota 16).length + 1
[eqc] True propositions
[prop] (iota 20).length ≤ 10
[eqc] Equivalence classes
[eqc] {iota 20, 19 :: iota 19}
[eqc] {(iota 20).length, (19 :: iota 19).length, (iota 19).length + 1}
[eqc] {iota 19, 18 :: iota 18}
[eqc] {iota 18, 17 :: iota 17}
[eqc] {(iota 19).length, (18 :: iota 18).length, (iota 18).length + 1}
[eqc] {iota 17, 16 :: iota 16}
[eqc] {(iota 18).length, (17 :: iota 17).length, (iota 17).length + 1}
[eqc] {iota 16, 15 :: iota 15}
[eqc] {(iota 17).length, (16 :: iota 16).length, (iota 16).length + 1}
[eqc] others
[eqc] {↑(iota 17).length, ↑((iota 16).length + 1)}
[eqc] {↑(iota 18).length, ↑((iota 17).length + 1)}
[eqc] {↑(iota 19).length, ↑((iota 18).length + 1)}
[eqc] {↑(iota 20).length, ↑((iota 19).length + 1)}
[ematch] E-matching patterns
[thm] iota_succ: [iota (#0 + 1)]
[thm] List.length_cons: [@List.length #2 (@List.cons _ #1 #0)]
[cutsat] Assignment satisfying linear constraints
[assign] (iota 20).length := 4
[assign] (iota 19).length := 3
[assign] (19 :: iota 19).length := 4
[assign] (iota 18).length := 2
[assign] (18 :: iota 18).length := 3
[assign] (iota 17).length := 1
[assign] (17 :: iota 17).length := 2
[assign] (iota 16).length := 0
[assign] (16 :: iota 16).length := 1
[ring] Ring `Lean.Grind.Ring.OfSemiring.Q Nat`
[basis] Basis
[_] ↑(iota 19).length + -1 * ↑(iota 18).length + -1 = 0
[_] ↑(iota 18).length + -1 * ↑(iota 17).length + -1 = 0
[_] ↑(iota 17).length + -1 * ↑(iota 16).length + -1 = 0
[limits] Thresholds reached
[limit] maximum number of E-matching rounds has been reached, threshold: `(ematch := 5)`

[grind] Diagnostics
[thm] E-Matching instances
[thm] iota_succ ↦ 5
[thm] List.length_cons ↦ 4grindAll goals completed! 🐙

`grind` failed
grindh:(iota 20).length ≤ 10⊢ False
[grind] Goal diagnostics
[facts] Asserted facts
[prop] (iota 20).length ≤ 10
[prop] iota 20 = 19 :: iota 19
[prop] iota 19 = 18 :: iota 18
[prop] (19 :: iota 19).length = (iota 19).length + 1
[prop] iota 18 = 17 :: iota 17
[prop] (18 :: iota 18).length = (iota 18).length + 1
[prop] iota 17 = 16 :: iota 16
[prop] (17 :: iota 17).length = (iota 17).length + 1
[prop] iota 16 = 15 :: iota 15
[prop] (16 :: iota 16).length = (iota 16).length + 1
[eqc] True propositions
[prop] (iota 20).length ≤ 10
[eqc] Equivalence classes
[eqc] {iota 20, 19 :: iota 19}
[eqc] {(iota 20).length, (19 :: iota 19).length, (iota 19).length + 1}
[eqc] {iota 19, 18 :: iota 18}
[eqc] {iota 18, 17 :: iota 17}
[eqc] {(iota 19).length, (18 :: iota 18).length, (iota 18).length + 1}
[eqc] {iota 17, 16 :: iota 16}
[eqc] {(iota 18).length, (17 :: iota 17).length, (iota 17).length + 1}
[eqc] {iota 16, 15 :: iota 15}
[eqc] {(iota 17).length, (16 :: iota 16).length, (iota 16).length + 1}
[eqc] others
[eqc] {↑(iota 17).length, ↑((iota 16).length + 1)}
[eqc] {↑(iota 18).length, ↑((iota 17).length + 1)}
[eqc] {↑(iota 19).length, ↑((iota 18).length + 1)}
[eqc] {↑(iota 20).length, ↑((iota 19).length + 1)}
[ematch] E-matching patterns
[thm] iota_succ: [iota (#0 + 1)]
[thm] List.length_cons: [@List.length #2 (@List.cons _ #1 #0)]
[cutsat] Assignment satisfying linear constraints
[assign] (iota 20).length := 4
[assign] (iota 19).length := 3
[assign] (19 :: iota 19).length := 4
[assign] (iota 18).length := 2
[assign] (18 :: iota 18).length := 3
[assign] (iota 17).length := 1
[assign] (17 :: iota 17).length := 2
[assign] (iota 16).length := 0
[assign] (16 :: iota 16).length := 1
[ring] Ring `Lean.Grind.Ring.OfSemiring.Q Nat`
[basis] Basis
[_] ↑(iota 19).length + -1 * ↑(iota 18).length + -1 = 0
[_] ↑(iota 18).length + -1 * ↑(iota 17).length + -1 = 0
[_] ↑(iota 17).length + -1 * ↑(iota 16).length + -1 = 0
[limits] Thresholds reached
[limit] maximum number of E-matching rounds has been reached, threshold: `(ematch := 5)`

[grind] Diagnostics
[thm] E-Matching instances
[thm] iota_succ ↦ 5
[thm] List.length_cons ↦ 4

Due to the limited number of E-matching rounds, the chain of instantiations is not completed. Increasing these limits allows grind to succeed:

example : (iota 20).length > 10 := by⊢ (iota 20).length > 10
  grind (gen := 20) (ematch := 20)All goals completed! 🐙

When the option diagnostics is set to true, grind displays the number of instances that it generates for each theorem. This is useful to detect theorems that contain patterns that are triggering too many instances. In this case, the diagnostics show that iota_succ is instantiated 14 times:

set_option diagnostics true in
[diag] Diagnostics
[reduction] unfolded instances (max: 39, num: 3):
[reduction] Lean.Grind.CommSemiring.toSemiring ↦ 39
[reduction] Std.LinearPreorderPackage.toPreorderPackage ↦ 30
[reduction] Lean.Grind.Ring.toSemiring ↦ 22
[reduction] unfolded reducible declarations (max: 49, num: 1):
[reduction] outParam ↦ 49
[type_class] used instances (max: 37, num: 1):
[type_class] instOfNat ↦ 37
[kernel] unfolded declarations (max: 387, num: 45):
[kernel] Int.Linear.Poly.rec ↦ 387
[kernel] Bool.rec ↦ 324
[kernel] Int.Linear.Expr.rec ↦ 197
[kernel] Int.rec ↦ 192
[kernel] Nat.rec ↦ 128
[kernel] Lean.RArray.rec ↦ 118
[kernel] Int.casesOn ↦ 116
[kernel] OfNat.ofNat ↦ 110
[kernel] Int.Linear.Expr.casesOn ↦ 104
[kernel] Bool.and' ↦ 94
[kernel] List.rec ↦ 85
[kernel] Int.Linear.Poly.casesOn ↦ 85
[kernel] Int.Linear.Poly.denote.match_1 ↦ 81
[kernel] NatCast.natCast ↦ 77
[kernel] Add.add ↦ 73
[kernel] HAdd.hAdd ↦ 73
[kernel] Bool.casesOn ↦ 68
[kernel] Nat.casesOn ↦ 64
[kernel] Int.Linear.Expr.toPoly'.go.match_1 ↦ 58
[kernel] Int.Linear.Poly.brecOn ↦ 51
[kernel] List.casesOn ↦ 50
[kernel] cond ↦ 49
[kernel] cond.match_1 ↦ 49
[kernel] Int.add.match_1 ↦ 48
[kernel] Int.Linear.Expr.denote.match_1 ↦ 46
[kernel] Int.beq' ↦ 44
[kernel] Int.Linear.Poly.brecOn.go ↦ 41
[kernel] Int.negOfNat.match_1 ↦ 40
[kernel] Int.Linear.Var ↦ 37
[kernel] Int.Linear.Expr.brecOn ↦ 36
[kernel] Int.Linear.Expr.brecOn.go ↦ 35
[kernel] Int.negOfNat ↦ 33
[kernel] Lean.RArray.get ↦ 27
[kernel] Int.mul ↦ 26
[kernel] Int.Linear.Poly.beq' ↦ 26
[kernel] instOfNatNat ↦ 25
[kernel] HMul.hMul ↦ 25
[kernel] Mul.mul ↦ 25
[kernel] Int.Linear.Var.denote ↦ 25
[kernel] Function.comp ↦ 24
[kernel] Int.Linear.Expr.denote ↦ 24
[kernel] Int.Linear.Poly.insert ↦ 23
[kernel] Nat.Linear.Expr.rec ↦ 23
[kernel] instDecidableEqList.match_1 ↦ 22
[kernel] iota.match_1 ↦ 21
use `set_option diagnostics.threshold <num>` to control threshold for reporting countersexample : (iota 20).length > 10 := by⊢ (iota 20).length > 10
  [grind] Diagnostics
[thm] E-Matching instances
[thm] iota_succ ↦ 12
[thm] List.length_cons ↦ 11
[app] Applications
[app] NatCast.natCast ↦ 36
[app] List.length ↦ 23
[app] iota ↦ 13
[app] List.cons ↦ 12
[app] HAdd.hAdd ↦ 11
[app] Lean.Grind.Ring.OfSemiring.toQ ↦ 11
[app] instHAdd ↦ 1
[app] LE.le ↦ 1
[app] Lean.Grind.CommSemiring.toSemiring ↦ 1
[grind] Simplifier
[simp] tried theorems (max: 35, num: 1):
[simp] eq_self ↦ 35 ❌️
use `set_option diagnostics.threshold <num>` to control threshold for reporting countersgrind (gen := 20) (ematch := 20)All goals completed! 🐙

[grind] Diagnostics
[thm] E-Matching instances
[thm] iota_succ ↦ 12
[thm] List.length_cons ↦ 11
[app] Applications
[app] NatCast.natCast ↦ 36
[app] List.length ↦ 23
[app] iota ↦ 13
[app] List.cons ↦ 12
[app] HAdd.hAdd ↦ 11
[app] Lean.Grind.Ring.OfSemiring.toQ ↦ 11
[app] instHAdd ↦ 1
[app] LE.le ↦ 1
[app] Lean.Grind.CommSemiring.toSemiring ↦ 1
[grind] Simplifier
[simp] tried theorems (max: 35, num: 1):
[simp] eq_self ↦ 35 ❌️
use `set_option diagnostics.threshold <num>` to control threshold for reporting counters

Live ↪

By default, grind uses automatically generated equations for Lean.Parser.Term.match : termPattern matching. `match e, ... with | p, ... => f | ...` matches each given term `e` against each pattern `p` of a match alternative. When all patterns of an alternative match, the `match` term evaluates to the value of the corresponding right-hand side `f` with the pattern variables bound to the respective matched values. If used as `match h : e, ... with | p, ... => f | ...`, `h : e = p` is available within `f`. When not constructing a proof, `match` does not automatically substitute variables matched on in dependent variables' types. Use `match (generalizing := true) ...` to enforce this. Syntax quotations can also be used in a pattern match. This matches a `Syntax` value against quotations, pattern variables, or `_`. Quoted identifiers only match identical identifiers - custom matching such as by the preresolved names only should be done explicitly. `Syntax.atom`s are ignored during matching by default except when part of a built-in literal. For users introducing new atoms, we recommend wrapping them in dedicated syntax kinds if they should participate in matching. For example, in ```lean syntax "c" ("foo" <|> "bar") ... ``` `foo` and `bar` are indistinguishable during matching, but in ```lean syntax foo := "foo" syntax "c" (foo <|> "bar") ... ``` they are not.match-expressions as E-matching theorems. This can be disabled by setting the matchEqs flag to false.

E-matching and Pattern Matching

Enabling diagnostics shows that grind uses one of the equations of the auxiliary matching function during E-matching:

theorem gt1 (x y : Nat) :
    x = y + 1 →
    0 < match x with
        | 0 => 0
        | _ + 1 => 1 := byx:Naty:Nat⊢ x = y + 1 →
  0 <
    match x with
    | 0 => 0
    | n.succ => 1
  [diag] Diagnostics
[reduction] unfolded instances (max: 30, num: 2):
[reduction] Std.LinearPreorderPackage.toPreorderPackage ↦ 30
[reduction] Lean.Grind.CommSemiring.toSemiring ↦ 21
[reduction] unfolded reducible declarations (max: 34, num: 1):
[reduction] Nat.casesOn ↦ 34
[kernel] unfolded declarations (max: 40, num: 6):
[kernel] List.rec ↦ 40
[kernel] Bool.rec ↦ 28
[kernel] OfNat.ofNat ↦ 26
[kernel] List.casesOn ↦ 25
[kernel] Nat.Linear.Expr.rec ↦ 23
[kernel] Bool.casesOn ↦ 22
use `set_option diagnostics.threshold <num>` to control threshold for reporting countersset_option diagnostics true in
  [grind] Diagnostics
[thm] E-Matching instances
[thm] gt1.match_1.congr_eq_2 ↦ 1
[app] Applications
[app] NatCast.natCast ↦ 4
[app] instHAdd ↦ 1
[app] HAdd.hAdd ↦ 1
[app] gt1.match_1 ↦ 1grindAll goals completed! 🐙

[grind] Diagnostics
[thm] E-Matching instances
[thm] gt1.match_1.congr_eq_2 ↦ 1
[app] Applications
[app] NatCast.natCast ↦ 4
[app] instHAdd ↦ 1
[app] HAdd.hAdd ↦ 1
[app] gt1.match_1 ↦ 1

The theorem has this type:

gt1.match_1.congr_eq_2.{u_1} (motive : Nat → Sort u_1) (x✝ : Nat) (h_1 : Unit → motive 0)
  (h_2 : (n : Nat) → motive n.succ) (n✝ : Nat) (heq_1 : x✝ = n✝.succ) :
  (match x✝ with
    | 0 => h_1 ()
    | n.succ => h_2 n) ≍
    h_2 n✝#check gt1.match_1.congr_eq_2

gt1.match_1.congr_eq_2.{u_1} (motive : Nat → Sort u_1) (x✝ : Nat) (h_1 : Unit → motive 0)
  (h_2 : (n : Nat) → motive n.succ) (n✝ : Nat) (heq_1 : x✝ = n✝.succ) :
  (match x✝ with
    | 0 => h_1 ()
    | n.succ => h_2 n) ≍
    h_2 n✝

Disabling the use of matcher function equations causes the proof to fail:

example (x y : Nat)
    : x = y + 1 →
      0 < match x with
          | 0 => 0
          | _+1 => 1 := byx:Naty:Nat⊢ x = y + 1 →
  0 <
    match x with
    | 0 => 0
    | n.succ => 1
  `grind` failed
grind.2x y:Nath:x = y + 1h_1:(match x with
  | 0 => 0
  | n.succ => 1) =
  0n:Nath_2:x = n + 1⊢ False
[grind] Goal diagnostics
[facts] Asserted facts
[prop] x = y + 1
[prop] (match x with
      | 0 => 0
      | n.succ => 1) =
      0
[prop] x = n + 1
[eqc] Equivalence classes
[eqc] {x, y + 1, n + 1}
[eqc] {y, n}
[eqc] others
[eqc] {↑y, ↑n}
[eqc] {↑y, ↑n}
[eqc] {↑(y + 1), ↑(n + 1)}
[eqc] {0,
    match x with
    | 0 => 0
    | n.succ => 1}
[cases] Case analyses
[cases] [2/2]: match x with
    | 0 => 0
    | n.succ => 1
[cases] source: Initial goal
[cutsat] Assignment satisfying linear constraints
[assign] x := 1
[assign] y := 0
[assign] match x with
    | 0 => 0
    | n.succ => 1 := 0
[assign] n := 0
[ring] Rings
[ring] Ring `Lean.Grind.Ring.OfSemiring.Q Nat`
[basis] Basis
[_] ↑n + -1 * ↑y = 0
[ring] Ring `Int`
[basis] Basis
[_] ↑y + -1 * ↑n = 0

[grind] Diagnostics
[cases] Cases instances
[cases] PUnit ↦ 1grind -matchEqsAll goals completed! 🐙

`grind` failed
grind.2x y:Nath:x = y + 1h_1:(match x with
  | 0 => 0
  | n.succ => 1) =
  0n:Nath_2:x = n + 1⊢ False
[grind] Goal diagnostics
[facts] Asserted facts
[prop] x = y + 1
[prop] (match x with
      | 0 => 0
      | n.succ => 1) =
      0
[prop] x = n + 1
[eqc] Equivalence classes
[eqc] {x, y + 1, n + 1}
[eqc] {y, n}
[eqc] others
[eqc] {↑y, ↑n}
[eqc] {↑y, ↑n}
[eqc] {↑(y + 1), ↑(n + 1)}
[eqc] {0,
    match x with
    | 0 => 0
    | n.succ => 1}
[cases] Case analyses
[cases] [2/2]: match x with
    | 0 => 0
    | n.succ => 1
[cases] source: Initial goal
[cutsat] Assignment satisfying linear constraints
[assign] x := 1
[assign] y := 0
[assign] match x with
    | 0 => 0
    | n.succ => 1 := 0
[assign] n := 0
[ring] Rings
[ring] Ring `Lean.Grind.Ring.OfSemiring.Q Nat`
[basis] Basis
[_] ↑n + -1 * ↑y = 0
[ring] Ring `Int`
[basis] Basis
[_] ↑y + -1 * ↑n = 0

[grind] Diagnostics
[cases] Cases instances
[cases] PUnit ↦ 1

Live ↪

option

trace.grind.ematch.instance

Default value: false

enable/disable tracing for the given module and submodules