Proof by case analysis in Coq

Question

I am trying to prove a Proposition about the following function:

Program Fixpoint division (m : nat) (n : nat) {measure m} : nat :=
  match 0 <? n with
  | false => 0
  | true => match n <=? m with
            | false => 0
            | true => S (division (menos m n) n)
            end
  end.

menos is natural subtraction.

I am trying to prove some fact involving division. I wrote down an informal proof were I first consider a case analysis in lt_nat 0 n and then in the case when lt_nat is true a further case analysis in leq_nat n m. This is in order to reduce the definition of division.

However I can not find how to express this case analysis in Coq. I tried with destruct (leq_nat n m) but it does nothing. I am expecting Coq to generate two subgoals: one where I need to prove my proposition assuming leq_nat n m = false and one assuming leq_nat n m = true.

Furthermore, I can not unfold the definition of division in my proof! When I try unfold division I get: division_func (existT (fun _ : nat => nat) m n).

How can I perfom case analysis in leq_nat n m? Why is it that I can not unfold the definition of division as I usually do with other functions?

Answer

Everything is more complicated than usual because of Program Fixpoint, which does not define your function as you would expect with a classic Fixpoint, since it needs to find a structurally recursive way of defining it. What division really is, is hidden in division_func.

Therefore, to manipulate your function, you need to prove basic lemmas, including the one stating that your function can be replaced by its body.


forall m n : nat, division m n = (if 0 <? n then if n <=? m then S (division (menos m n) n) else 0 else 0)

Now, the question is how to prove this result. Here is the only solution I know, which I consider really unsatisfying.

I use the tactic fix_sub_eq located in Program.Wf, or fix_sub_eq_ext in Program.Wf.WfExtensionality.

This gives something like:


forall m n : nat, division m n = (if 0 <? n then if n <=? m then S (division (menos m n) n) else 0 else 0)
m, n: nat

division m n = (if 0 <? n then if n <=? m then S (division (menos m n) n) else 0 else 0)
m, n: nat

division_func (existT (fun _ : nat => nat) m n) = (if 0 <? n then if n <=? m then S (division_func (existT (fun _ : nat => nat) (menos m n) n)) else 0 else 0)
m, n: nat

Fix_sub {_ : nat & nat} (MR lt (fun recarg : {_ : nat & nat} => projT1 recarg)) division_func_obligation_2 (fun _ : {_ : nat & nat} => nat) (fun (recarg : {_ : nat & nat}) (division' : {recarg' : {_ : nat & nat} | projT1 recarg' < projT1 recarg} -> nat) => (if 0 <? projT2 recarg as anonymous' return (anonymous' = (0 <? projT2 recarg) -> nat) then fun Heq_anonymous : true = (0 <? projT2 recarg) => (if projT2 recarg <=? projT1 recarg as anonymous' return (anonymous' = (projT2 recarg <=? projT1 recarg) -> nat) then fun Heq_anonymous0 : true = (projT2 recarg <=? projT1 recarg) => S (division' (exist (fun recarg' : {_ : nat & nat} => projT1 recarg' < projT1 recarg) (existT (fun _ : nat => nat) (menos (projT1 recarg) (projT2 recarg)) (projT2 recarg)) (division_func_obligation_1 (projT1 recarg) (projT2 recarg) (fun (m n : nat) (recproof : m < projT1 recarg) => division' (exist (...) (...) recproof)) Heq_anonymous Heq_anonymous0))) else fun _ : false = (projT2 recarg <=? projT1 recarg) => 0) eq_refl else fun _ : false = (0 <? projT2 recarg) => 0) eq_refl) (existT (fun _ : nat => nat) m n) = (if 0 <? n then if n <=? m then S (division_func (existT (fun _ : nat => nat) (menos m n) n)) else 0 else 0)
m, n: nat

(let f_sub := fun (recarg : {_ : nat & nat}) (division' : {recarg' : {_ : nat & nat} | projT1 recarg' < projT1 recarg} -> nat) => (if 0 <? projT2 recarg as anonymous' return (anonymous' = (0 <? projT2 recarg) -> nat) then fun Heq_anonymous : true = (0 <? projT2 recarg) => (if projT2 recarg <=? projT1 recarg as anonymous' return (anonymous' = (projT2 recarg <=? projT1 recarg) -> nat) then fun Heq_anonymous0 : true = (projT2 recarg <=? projT1 recarg) => S (division' (exist (fun recarg' : {_ : nat & nat} => projT1 recarg' < projT1 recarg) (existT (fun _ : nat => nat) (menos (projT1 recarg) (projT2 recarg)) (projT2 recarg)) (division_func_obligation_1 (projT1 recarg) (projT2 recarg) (fun (m n : nat) (recproof : m < ...) => division' (exist ... ... recproof)) Heq_anonymous Heq_anonymous0))) else fun _ : false = (projT2 recarg <=? projT1 recarg) => 0) eq_refl else fun _ : false = (0 <? projT2 recarg) => 0) eq_refl in f_sub (existT (fun _ : nat => nat) m n) (fun y : {y : {_ : nat & nat} | MR lt (fun recarg : {_ : nat & nat} => projT1 recarg) y (existT (fun _ : nat => nat) m n)} => Fix_sub {_ : nat & nat} (MR lt (fun recarg : {_ : nat & nat} => projT1 recarg)) division_func_obligation_2 (fun _ : {_ : nat & nat} => nat) (fun (recarg : {_ : nat & nat}) (division' : {recarg' : {_ : nat & nat} | projT1 recarg' < projT1 recarg} -> nat) => (if 0 <? projT2 recarg as anonymous' return (anonymous' = (0 <? projT2 recarg) -> nat) then fun Heq_anonymous : true = (0 <? projT2 recarg) => (if projT2 recarg <=? projT1 recarg as anonymous' return (anonymous' = (projT2 recarg <=? projT1 recarg) -> nat) then fun Heq_anonymous0 : true = (projT2 recarg <=? projT1 recarg) => S (division' (exist (fun ... => ... < ...) (existT (...) (...) (...)) (division_func_obligation_1 (...) (...) (...) Heq_anonymous Heq_anonymous0))) else fun _ : false = (projT2 recarg <=? projT1 recarg) => 0) eq_refl else fun _ : false = (0 <? projT2 recarg) => 0) eq_refl) (proj1_sig y))) = (if 0 <? n then if n <=? m then S (division_func (existT (fun _ : nat => nat) (menos m n) n)) else 0 else 0)
m, n: nat
forall (x : {_ : nat & nat}) (f g : {y : {_ : nat & nat} | MR lt (fun recarg : {_ : nat & nat} => projT1 recarg) y x} -> nat), (forall y : {y : {_ : nat & nat} | MR lt (fun recarg : {_ : nat & nat} => projT1 recarg) y x}, f y = g y) -> (if 0 <? projT2 x as anonymous' return (anonymous' = (0 <? projT2 x) -> nat) then fun Heq_anonymous : true = (0 <? projT2 x) => (if projT2 x <=? projT1 x as anonymous' return (anonymous' = (projT2 x <=? projT1 x) -> nat) then fun Heq_anonymous0 : true = (projT2 x <=? projT1 x) => S (f (exist (fun recarg' : {_ : nat & nat} => projT1 recarg' < projT1 x) (existT (fun _ : nat => nat) (menos (projT1 x) (projT2 x)) (projT2 x)) (division_func_obligation_1 (projT1 x) (projT2 x) (fun (m n : nat) (recproof : m < projT1 x) => f (exist (... => ...) (existT ... m n) recproof)) Heq_anonymous Heq_anonymous0))) else fun _ : false = (projT2 x <=? projT1 x) => 0) eq_refl else fun _ : false = (0 <? projT2 x) => 0) eq_refl = (if 0 <? projT2 x as anonymous' return (anonymous' = (0 <? projT2 x) -> nat) then fun Heq_anonymous : true = (0 <? projT2 x) => (if projT2 x <=? projT1 x as anonymous' return (anonymous' = (projT2 x <=? projT1 x) -> nat) then fun Heq_anonymous0 : true = (projT2 x <=? projT1 x) => S (g (exist (fun recarg' : {_ : nat & nat} => projT1 recarg' < projT1 x) (existT (fun _ : nat => nat) (menos (projT1 x) (projT2 x)) (projT2 x)) (division_func_obligation_1 (projT1 x) (projT2 x) (fun (m n : nat) (recproof : m < projT1 x) => g (exist (... => ...) (existT ... m n) recproof)) Heq_anonymous Heq_anonymous0))) else fun _ : false = (projT2 x <=? projT1 x) => 0) eq_refl else fun _ : false = (0 <? projT2 x) => 0) eq_refl
m, n: nat

(let f_sub := fun (recarg : {_ : nat & nat}) (division' : {recarg' : {_ : nat & nat} | projT1 recarg' < projT1 recarg} -> nat) => (if 0 <? projT2 recarg as anonymous' return (anonymous' = (0 <? projT2 recarg) -> nat) then fun Heq_anonymous : true = (0 <? projT2 recarg) => (if projT2 recarg <=? projT1 recarg as anonymous' return (anonymous' = (projT2 recarg <=? projT1 recarg) -> nat) then fun Heq_anonymous0 : true = (projT2 recarg <=? projT1 recarg) => S (division' (exist (fun recarg' : {_ : nat & nat} => projT1 recarg' < projT1 recarg) (existT (fun _ : nat => nat) (menos (projT1 recarg) (projT2 recarg)) (projT2 recarg)) (division_func_obligation_1 (projT1 recarg) (projT2 recarg) (fun (m n : nat) (recproof : m < ...) => division' (exist ... ... recproof)) Heq_anonymous Heq_anonymous0))) else fun _ : false = (projT2 recarg <=? projT1 recarg) => 0) eq_refl else fun _ : false = (0 <? projT2 recarg) => 0) eq_refl in f_sub (existT (fun _ : nat => nat) m n) (fun y : {y : {_ : nat & nat} | MR lt (fun recarg : {_ : nat & nat} => projT1 recarg) y (existT (fun _ : nat => nat) m n)} => division_func (proj1_sig y))) = (if 0 <? n then if n <=? m then S (division_func (existT (fun _ : nat => nat) (menos m n) n)) else 0 else 0)
m, n: nat
forall (x : {_ : nat & nat}) (f g : {y : {_ : nat & nat} | MR lt (fun recarg : {_ : nat & nat} => projT1 recarg) y x} -> nat), (forall y : {y : {_ : nat & nat} | MR lt (fun recarg : {_ : nat & nat} => projT1 recarg) y x}, f y = g y) -> (if 0 <? projT2 x as anonymous' return (anonymous' = (0 <? projT2 x) -> nat) then fun Heq_anonymous : true = (0 <? projT2 x) => (if projT2 x <=? projT1 x as anonymous' return (anonymous' = (projT2 x <=? projT1 x) -> nat) then fun Heq_anonymous0 : true = (projT2 x <=? projT1 x) => S (f (exist (fun recarg' : {_ : nat & nat} => projT1 recarg' < projT1 x) (existT (fun _ : nat => nat) (menos (projT1 x) (projT2 x)) (projT2 x)) (division_func_obligation_1 (projT1 x) (projT2 x) (fun (m n : nat) (recproof : m < projT1 x) => f (exist (... => ...) (existT ... m n) recproof)) Heq_anonymous Heq_anonymous0))) else fun _ : false = (projT2 x <=? projT1 x) => 0) eq_refl else fun _ : false = (0 <? projT2 x) => 0) eq_refl = (if 0 <? projT2 x as anonymous' return (anonymous' = (0 <? projT2 x) -> nat) then fun Heq_anonymous : true = (0 <? projT2 x) => (if projT2 x <=? projT1 x as anonymous' return (anonymous' = (projT2 x <=? projT1 x) -> nat) then fun Heq_anonymous0 : true = (projT2 x <=? projT1 x) => S (g (exist (fun recarg' : {_ : nat & nat} => projT1 recarg' < projT1 x) (existT (fun _ : nat => nat) (menos (projT1 x) (projT2 x)) (projT2 x)) (division_func_obligation_1 (projT1 x) (projT2 x) (fun (m n : nat) (recproof : m < projT1 x) => g (exist (... => ...) (existT ... m n) recproof)) Heq_anonymous Heq_anonymous0))) else fun _ : false = (projT2 x <=? projT1 x) => 0) eq_refl else fun _ : false = (0 <? projT2 x) => 0) eq_refl
m, n: nat

(let f_sub := fun (recarg : {_ : nat & nat}) (division' : {recarg' : {_ : nat & nat} | projT1 recarg' < projT1 recarg} -> nat) => (if 0 <? projT2 recarg as anonymous' return (anonymous' = (0 <? projT2 recarg) -> nat) then fun Heq_anonymous : true = (0 <? projT2 recarg) => (if projT2 recarg <=? projT1 recarg as anonymous' return (anonymous' = (projT2 recarg <=? projT1 recarg) -> nat) then fun Heq_anonymous0 : true = (projT2 recarg <=? projT1 recarg) => S (division' (exist (fun recarg' : {_ : nat & nat} => projT1 recarg' < projT1 recarg) (existT (fun _ : nat => nat) (menos (projT1 recarg) (projT2 recarg)) (projT2 recarg)) (division_func_obligation_1 (projT1 recarg) (projT2 recarg) (fun (m n : nat) (recproof : m < ...) => division' (exist ... ... recproof)) Heq_anonymous Heq_anonymous0))) else fun _ : false = (projT2 recarg <=? projT1 recarg) => 0) eq_refl else fun _ : false = (0 <? projT2 recarg) => 0) eq_refl in f_sub (existT (fun _ : nat => nat) m n) (fun y : {y : {_ : nat & nat} | MR lt (fun recarg : {_ : nat & nat} => projT1 recarg) y (existT (fun _ : nat => nat) m n)} => division_func (proj1_sig y))) = (if 0 <? n then if n <=? m then S (division_func (existT (fun _ : nat => nat) (menos m n) n)) else 0 else 0)
m, n: nat

(if 0 <? n as anonymous' return (anonymous' = (0 <? n) -> nat) then fun _ : true = (0 <? n) => (if n <=? m as anonymous' return (anonymous' = (n <=? m) -> nat) then fun _ : true = (n <=? m) => S (division_func (existT (fun _ : nat => nat) (menos m n) n)) else fun _ : false = (n <=? m) => 0) eq_refl else fun _ : false = (0 <? n) => 0) eq_refl = (if 0 <? n then if n <=? m then S (division_func (existT (fun _ : nat => nat) (menos m n) n)) else 0 else 0)
m, n: nat
H: (0 <? n) = true

(if n <=? m as anonymous' return (anonymous' = (n <=? m) -> nat) then fun _ : true = (n <=? m) => S (division_func (existT (fun _ : nat => nat) (menos m n) n)) else fun _ : false = (n <=? m) => 0) eq_refl = (if n <=? m then S (division_func (existT (fun _ : nat => nat) (menos m n) n)) else 0)
m, n: nat
H: (0 <? n) = false
0 = 0
m, n: nat
H: (0 <? n) = true
H0: (n <=? m) = true

S (division_func (existT (fun _ : nat => nat) (menos m n) n)) = S (division_func (existT (fun _ : nat => nat) (menos m n) n))
m, n: nat
H: (0 <? n) = true
H0: (n <=? m) = false
0 = 0
m, n: nat
H: (0 <? n) = false
0 = 0
m, n: nat
H: (0 <? n) = true
H0: (n <=? m) = true

S (division_func (existT (fun _ : nat => nat) (menos m n) n)) = S (division_func (existT (fun _ : nat => nat) (menos m n) n))
reflexivity.
m, n: nat
H: (0 <? n) = true
H0: (n <=? m) = false

0 = 0
reflexivity.
m, n: nat
H: (0 <? n) = false

0 = 0
reflexivity.

But the second goal is quite complicated. The easy and general way of solving it is to use the axioms proof_irrelevance and functional_extensionality. It should be possible to prove this particular subgoal without any axioms, but I have not found the right way to do it. Instead of manually applying the axioms, you can use the second tactic fix_sub_eq_ext which calls them directly, leaving you a single goal.


forall m n : nat, division m n = (if 0 <? n then if n <=? m then S (division (menos m n) n) else 0 else 0)
m, n: nat

division m n = (if 0 <? n then if n <=? m then S (division (menos m n) n) else 0 else 0)
m, n: nat

division_func (existT (fun _ : nat => nat) m n) = (if 0 <? n then if n <=? m then S (division_func (existT (fun _ : nat => nat) (menos m n) n)) else 0 else 0)
m, n: nat

Fix_sub {_ : nat & nat} (MR lt (fun recarg : {_ : nat & nat} => projT1 recarg)) division_func_obligation_2 (fun _ : {_ : nat & nat} => nat) (fun (recarg : {_ : nat & nat}) (division' : {recarg' : {_ : nat & nat} | projT1 recarg' < projT1 recarg} -> nat) => (if 0 <? projT2 recarg as anonymous' return (anonymous' = (0 <? projT2 recarg) -> nat) then fun Heq_anonymous : true = (0 <? projT2 recarg) => (if projT2 recarg <=? projT1 recarg as anonymous' return (anonymous' = (projT2 recarg <=? projT1 recarg) -> nat) then fun Heq_anonymous0 : true = (projT2 recarg <=? projT1 recarg) => S (division' (exist (fun recarg' : {_ : nat & nat} => projT1 recarg' < projT1 recarg) (existT (fun _ : nat => nat) (menos (projT1 recarg) (projT2 recarg)) (projT2 recarg)) (division_func_obligation_1 (projT1 recarg) (projT2 recarg) (fun (m n : nat) (recproof : m < projT1 recarg) => division' (exist (...) (...) recproof)) Heq_anonymous Heq_anonymous0))) else fun _ : false = (projT2 recarg <=? projT1 recarg) => 0) eq_refl else fun _ : false = (0 <? projT2 recarg) => 0) eq_refl) (existT (fun _ : nat => nat) m n) = (if 0 <? n then if n <=? m then S (division_func (existT (fun _ : nat => nat) (menos m n) n)) else 0 else 0)
m, n: nat

(if 0 <? projT2 (existT (fun _ : nat => nat) m n) as anonymous' return (anonymous' = (0 <? projT2 (existT (fun _ : nat => nat) m n)) -> nat) then fun Heq_anonymous : true = (0 <? projT2 (existT (fun _ : nat => nat) m n)) => (if projT2 (existT (fun _ : nat => nat) m n) <=? projT1 (existT (fun _ : nat => nat) m n) as anonymous' return (anonymous' = (projT2 (existT (fun _ : nat => nat) m n) <=? projT1 (existT (fun _ : nat => nat) m n)) -> nat) then fun Heq_anonymous0 : true = (projT2 (existT (fun _ : nat => nat) m n) <=? projT1 (existT (fun _ : nat => nat) m n)) => S (Fix_sub {_ : nat & nat} (MR lt (fun recarg : {_ : nat & nat} => projT1 recarg)) division_func_obligation_2 (fun _ : {_ : nat & nat} => nat) (fun (recarg : {_ : nat & nat}) (division' : {recarg' : {_ : nat & nat} | projT1 recarg' < projT1 recarg} -> nat) => (if 0 <? projT2 recarg as anonymous' return (anonymous' = (0 <? projT2 recarg) -> nat) then fun Heq_anonymous1 : true = (0 <? projT2 recarg) => (if projT2 recarg <=? projT1 recarg as anonymous' return (...) then fun ... => S ... else fun ... => 0) eq_refl else fun _ : false = (0 <? projT2 recarg) => 0) eq_refl) (proj1_sig (exist (fun recarg' : {_ : nat & nat} => projT1 recarg' < projT1 (existT (fun ... => nat) m n)) (existT (fun _ : nat => nat) (menos (projT1 (existT (...) m n)) (projT2 (existT (...) m n))) (projT2 (existT (fun ... => nat) m n))) (division_func_obligation_1 (projT1 (existT (fun ... => nat) m n)) (projT2 (existT (fun ... => nat) m n)) (fun (m0 n0 : nat) (recproof : m0 < projT1 (...)) => Fix_sub {_ : nat & nat} (MR lt (... => ...)) division_func_obligation_2 (fun _ : ... => nat) (fun (recarg : ...) (division' : ...) => (...) eq_refl) (proj1_sig (exist ... ... recproof))) Heq_anonymous Heq_anonymous0)))) else fun _ : false = (projT2 (existT (fun _ : nat => nat) m n) <=? projT1 (existT (fun _ : nat => nat) m n)) => 0) eq_refl else fun _ : false = (0 <? projT2 (existT (fun _ : nat => nat) m n)) => 0) eq_refl = (if 0 <? n then if n <=? m then S (division_func (existT (fun _ : nat => nat) (menos m n) n)) else 0 else 0)
m, n: nat

(if 0 <? projT2 (existT (fun _ : nat => nat) m n) as anonymous' return (anonymous' = (0 <? projT2 (existT (fun _ : nat => nat) m n)) -> nat) then fun Heq_anonymous : true = (0 <? projT2 (existT (fun _ : nat => nat) m n)) => (if projT2 (existT (fun _ : nat => nat) m n) <=? projT1 (existT (fun _ : nat => nat) m n) as anonymous' return (anonymous' = (projT2 (existT (fun _ : nat => nat) m n) <=? projT1 (existT (fun _ : nat => nat) m n)) -> nat) then fun Heq_anonymous0 : true = (projT2 (existT (fun _ : nat => nat) m n) <=? projT1 (existT (fun _ : nat => nat) m n)) => S (division_func (proj1_sig (exist (fun recarg' : {_ : nat & nat} => projT1 recarg' < projT1 (existT (fun ... => nat) m n)) (existT (fun _ : nat => nat) (menos (projT1 (existT (...) m n)) (projT2 (existT (...) m n))) (projT2 (existT (fun ... => nat) m n))) (division_func_obligation_1 (projT1 (existT (fun ... => nat) m n)) (projT2 (existT (fun ... => nat) m n)) (fun (m0 n0 : nat) (recproof : m0 < projT1 (...)) => division_func (proj1_sig (exist ... ... recproof))) Heq_anonymous Heq_anonymous0)))) else fun _ : false = (projT2 (existT (fun _ : nat => nat) m n) <=? projT1 (existT (fun _ : nat => nat) m n)) => 0) eq_refl else fun _ : false = (0 <? projT2 (existT (fun _ : nat => nat) m n)) => 0) eq_refl = (if 0 <? n then if n <=? m then S (division_func (existT (fun _ : nat => nat) (menos m n) n)) else 0 else 0)
m, n: nat

(if 0 <? n as anonymous' return (anonymous' = (0 <? n) -> nat) then fun _ : true = (0 <? n) => (if n <=? m as anonymous' return (anonymous' = (n <=? m) -> nat) then fun _ : true = (n <=? m) => S (division_func (existT (fun _ : nat => nat) (menos m n) n)) else fun _ : false = (n <=? m) => 0) eq_refl else fun _ : false = (0 <? n) => 0) eq_refl = (if 0 <? n then if n <=? m then S (division_func (existT (fun _ : nat => nat) (menos m n) n)) else 0 else 0)
m, n: nat
H: (0 <? n) = true

(if n <=? m as anonymous' return (anonymous' = (n <=? m) -> nat) then fun _ : true = (n <=? m) => S (division_func (existT (fun _ : nat => nat) (menos m n) n)) else fun _ : false = (n <=? m) => 0) eq_refl = (if n <=? m then S (division_func (existT (fun _ : nat => nat) (menos m n) n)) else 0)
m, n: nat
H: (0 <? n) = false
0 = 0
m, n: nat
H: (0 <? n) = true
H0: (n <=? m) = true

S (division_func (existT (fun _ : nat => nat) (menos m n) n)) = S (division_func (existT (fun _ : nat => nat) (menos m n) n))
m, n: nat
H: (0 <? n) = true
H0: (n <=? m) = false
0 = 0
m, n: nat
H: (0 <? n) = false
0 = 0
m, n: nat
H: (0 <? n) = true
H0: (n <=? m) = true

S (division_func (existT (fun _ : nat => nat) (menos m n) n)) = S (division_func (existT (fun _ : nat => nat) (menos m n) n))
reflexivity.
m, n: nat
H: (0 <? n) = true
H0: (n <=? m) = false

0 = 0
reflexivity.
m, n: nat
H: (0 <? n) = false

0 = 0
reflexivity. Qed.

I have not found a better way to use Program Fixpoint, that's why I prefer using Function, which has other defaults, but generates directly the equation lemma.

Require Recdef.

forall m n : nat, (0 <? n) = true -> (n <=? m) = true -> menos m n < m

forall m n : nat, (0 <? n) = true -> (n <=? m) = true -> menos m n < m
m, n: nat

(0 <? n) = true -> (n <=? m) = true -> menos m n < m
n: nat

forall m : nat, (0 <? n) = true -> (n <=? m) = true -> menos m n < m
m: nat
teq: (0 <? 0) = true
teq0: (0 <=? m) = true

menos m 0 < m
n: nat
IHn: forall m : nat, (0 <? n) = true -> (n <=? m) = true -> menos m n < m
m: nat
teq: (0 <? S n) = true
teq0: (S n <=? m) = true
menos m (S n) < m
m: nat
teq: (0 <? 0) = true
teq0: (0 <=? m) = true

menos m 0 < m
discriminate teq.
n: nat
IHn: forall m : nat, (0 <? n) = true -> (n <=? m) = true -> menos m n < m
m: nat
teq: (0 <? S n) = true
teq0: (S n <=? m) = true

menos m (S n) < m
n: nat
IHn: forall m : nat, (0 <? n) = true -> (n <=? m) = true -> menos m n < m
teq: (0 <? S n) = true
teq0: (S n <=? 0) = true

menos 0 (S n) < 0
n: nat
IHn: forall m : nat, (0 <? n) = true -> (n <=? m) = true -> menos m n < m
m: nat
teq: (0 <? S n) = true
teq0: (S n <=? S m) = true
menos (S m) (S n) < S m
n: nat
IHn: forall m : nat, (0 <? n) = true -> (n <=? m) = true -> menos m n < m
teq: (0 <? S n) = true
teq0: (S n <=? 0) = true

menos 0 (S n) < 0
discriminate teq0.
n: nat
IHn: forall m : nat, (0 <? n) = true -> (n <=? m) = true -> menos m n < m
m: nat
teq: (0 <? S n) = true
teq0: (S n <=? S m) = true

menos (S m) (S n) < S m
n: nat
IHn: forall m : nat, (0 <? n) = true -> (n <=? m) = true -> menos m n < m
m: nat
teq: (0 <? S n) = true
teq0: (S n <=? S m) = true

menos m n < S m
IHn: forall m : nat, (0 <? 0) = true -> (0 <=? m) = true -> menos m 0 < m
m: nat
teq: (0 <? 1) = true
teq0: (1 <=? S m) = true

menos m 0 < S m
n: nat
IHn: forall m : nat, (0 <? S n) = true -> (S n <=? m) = true -> menos m (S n) < m
m: nat
teq: (0 <? S (S n)) = true
teq0: (S (S n) <=? S m) = true
menos m (S n) < S m
IHn: forall m : nat, (0 <? 0) = true -> (0 <=? m) = true -> menos m 0 < m
m: nat
teq: (0 <? 1) = true
teq0: (1 <=? S m) = true

menos m 0 < S m
destruct m; apply le_n.
n: nat
IHn: forall m : nat, (0 <? S n) = true -> (S n <=? m) = true -> menos m (S n) < m
m: nat
teq: (0 <? S (S n)) = true
teq0: (S (S n) <=? S m) = true

menos m (S n) < S m
n: nat
IHn: forall m : nat, (0 <? S n) = true -> (S n <=? m) = true -> menos m (S n) < m
m: nat
teq: (0 <? S (S n)) = true
teq0: (S (S n) <=? S m) = true

menos m (S n) < m
n: nat
IHn: forall m : nat, (0 <? S n) = true -> (S n <=? m) = true -> menos m (S n) < m
m: nat
teq: (0 <? S (S n)) = true
teq0: (S (S n) <=? S m) = true
m < S m
n: nat
IHn: forall m : nat, (0 <? S n) = true -> (S n <=? m) = true -> menos m (S n) < m
m: nat
teq: (0 <? S (S n)) = true
teq0: (S (S n) <=? S m) = true

menos m (S n) < m
n: nat
IHn: forall m : nat, (0 <? S n) = true -> (S n <=? m) = true -> menos m (S n) < m
m: nat
teq: (0 <? S (S n)) = true
teq0: (S (S n) <=? S m) = true

(0 <? S n) = true
n: nat
IHn: forall m : nat, (0 <? S n) = true -> (S n <=? m) = true -> menos m (S n) < m
m: nat
teq: (0 <? S (S n)) = true
teq0: (S (S n) <=? S m) = true
(S n <=? m) = true
n: nat
IHn: forall m : nat, (0 <? S n) = true -> (S n <=? m) = true -> menos m (S n) < m
m: nat
teq: (0 <? S (S n)) = true
teq0: (S (S n) <=? S m) = true

(0 <? S n) = true
reflexivity.
n: nat
IHn: forall m : nat, (0 <? S n) = true -> (S n <=? m) = true -> menos m (S n) < m
m: nat
teq: (0 <? S (S n)) = true
teq0: (S (S n) <=? S m) = true

(S n <=? m) = true
assumption.
n: nat
IHn: forall m : nat, (0 <? S n) = true -> (S n <=? m) = true -> menos m (S n) < m
m: nat
teq: (0 <? S (S n)) = true
teq0: (S (S n) <=? S m) = true

m < S m
apply le_n. Qed.
division_equation : forall m n : nat, division m n = (if 0 <? n then if n <=? m then S (division (menos m n) n) else 0 else 0)

Now you have the equation lemma, you can rewrite with it and reason as usual.

About your problem with destruct, destruct does not unfold the definitions. Therefore, if you have no occurrences of the term you're destructing in your goal or any of the hypotheses, destruct will not do anything interesting, unless you save the equation it produces. You can use destruct ... eqn:H for this purpose. I did not know case_eq but it seems to do the same thing.