From 47a2da7326ed975039f9e94780aeb9b1079f4854 Mon Sep 17 00:00:00 2001
From: Maxime Dénès
Date: Mon, 5 Sep 2016 17:50:27 +0200
Subject: Fix #5065: Anomaly: Not a proof by induction

Using abstract can create beta-redexes or let-ins in the head of the
proof terms. The code projecting out mutual lemmas was not robust
enough.
---
 stm/lemmas.ml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'stm')

diff --git a/stm/lemmas.ml b/stm/lemmas.ml
index 40dbe2190b..ef304af3fe 100644
--- a/stm/lemmas.ml
+++ b/stm/lemmas.ml
@@ -249,10 +249,14 @@ let save_remaining_recthms (locality,p,kind) norm ctx body opaq i ((id,pl),(t_i,
   | Some body ->
       let body = norm body in
       let k = Kindops.logical_kind_of_goal_kind kind in
-      let body_i = match kind_of_term body with
+      let rec body_i t = match kind_of_term t with
         | Fix ((nv,0),decls) -> mkFix ((nv,i),decls)
         | CoFix (0,decls) -> mkCoFix (i,decls)
+        | LetIn(na,t1,ty,t2) -> mkLetIn (na,t1,ty, body_i t2)
+        | Lambda(na,ty,t) -> mkLambda(na,ty,body_i t)
+        | App (t, args) -> mkApp (body_i t, args)
         | _ -> anomaly Pp.(str "Not a proof by induction: " ++ Printer.pr_constr body) in
+      let body_i = body_i body in
       match locality with
       | Discharge ->
           let const = definition_entry ~types:t_i ~opaque:opaq ~poly:p 
-- 
cgit v1.2.3