%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% proof.twelf %% %% This file contains the complete Twelf code for the consistency %% and correctness proofs for the AML semantics described in %% "A Consistent Semantics of Self-Adjusting Computation" %% by U. A. Acar, M. Blume, J. Donham. %% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% false.elf %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% The uninhabited type, indicating a contradiction. false : type. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% nat.elf %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% Natural numbers. nat : type. %name nat _N. z : nat. s : nat -> nat. nat-eq : nat -> nat -> type. nat-eq_ : nat-eq N N. leq : nat -> nat -> type. leq-z : leq z _. leq-s : leq (s N1) (s N2) <- leq N1 N2. sum : nat -> nat -> nat -> type. %mode sum +X +Y -Z. sum-z : sum z N N. sum-s : sum (s N1) N2 (s N3) <- sum N1 N2 N3. %worlds () (sum _ _ _). %total X (sum X _ _). %reduces Y <= Z (sum _ Y Z). %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% syntax.elf %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% Locations are just indices into a store. loc : type. %name loc _L. loc-z : loc. loc-s : loc -> loc. loc-neq : loc -> loc -> type. loc-neq-nil1 : loc-neq loc-z (loc-s L). loc-neq-nil2 : loc-neq (loc-s L) loc-z. loc-neq-cons : loc-neq (loc-s L1) (loc-s L2) <- loc-neq L1 L2. %% Syntax of AML. val : type. %name val _V. es : type. %name es _Es. ec : type. %name ec _Ec. val-emp : val. val-nat : nat -> val. val-loc : loc -> val. val-pr : val -> val -> val. val-inl : val -> val. val-inr : val -> val. val-fns : (val -> val -> es) -> val. val-fnc : (val -> val -> ec) -> val. es-val : val -> es. es-plus : val -> val -> es. es-mod : ec -> es. es-memo : es -> es. es-app : val -> val -> es. es-let : es -> (val -> es) -> es. es-letp : val -> (val -> val -> es) -> es. es-case : val -> (val -> es) -> (val -> es) -> es. ec-wr : val -> ec. ec-read : val -> (val -> ec) -> ec. ec-memo : ec -> ec. ec-app : val -> val -> ec. ec-let : es -> (val -> ec) -> ec. ec-letp : val -> (val -> val -> ec) -> ec. ec-case : val -> (val -> ec) -> (val -> ec) -> ec. val-eq : val -> val -> type. val-eq_ : val-eq V V. val-neq : val -> val -> type. es-eq : es -> es -> type. es-eq_ : es-eq Es Es. ec-eq : ec -> ec -> type. ec-eq_ : ec-eq Ec Ec. var : val -> type. %block val-block : block {v : val}. %block var-block : block {v : val} {d : var v}. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% locset.elf %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% Sets of locations. We represent them as lists of bits; lists which %% differ only by trailing false bits are equivalent. loc-state : type. loc-present : loc-state. loc-absent : loc-state. loc-or : loc-state -> loc-state -> loc-state -> type. loc-or-aa : loc-or loc-absent loc-absent loc-absent. loc-or-px : loc-or loc-present _ loc-present. loc-or-xp : loc-or _ loc-present loc-present. ls : type. %name ls _X. ls-nil : ls. ls-cons : loc-state -> ls -> ls. %% check for empty set ls-empty : ls -> type. ls-empty-n : ls-empty ls-nil. ls-empty-a : ls-empty (ls-cons loc-absent X) <- ls-empty X. %% set equality ls-eq : ls -> ls -> type. ls-eq-nx : ls-eq ls-nil X <- ls-empty X. ls-eq-xn : ls-eq X ls-nil <- ls-empty X. ls-eq-cc : ls-eq (ls-cons P X1) (ls-cons P X2) <- ls-eq X1 X2. %% representation identity ls-id : ls -> ls -> type. ls-id_ : ls-id X X. %% X_1 \subseteq X_2 ls-subeq : ls -> ls -> type. ls-subeq-nx : ls-subeq ls-nil _. ls-subeq-xn : ls-subeq X ls-nil <- ls-empty X. ls-subeq-ax : ls-subeq (ls-cons loc-absent X1) (ls-cons _ X2) <- ls-subeq X1 X2. ls-subeq-pp : ls-subeq (ls-cons loc-present X1) (ls-cons loc-present X2) <- ls-subeq X1 X2. %% X_1 \cup X_2 ls-union : ls -> ls -> ls -> type. ls-un-nx : ls-union ls-nil X X. ls-un-xn : ls-union X ls-nil X. ls-un-cc : ls-union (ls-cons P1 X1) (ls-cons P2 X2) (ls-cons P X) <- loc-or P1 P2 P <- ls-union X1 X2 X. %% X_1 \cap X_2 = 0 ls-disjoint : ls -> ls -> type. ls-dj-nx : ls-disjoint ls-nil _. ls-dj-xn : ls-disjoint _ ls-nil. ls-dj-ac : ls-disjoint (ls-cons loc-absent X) (ls-cons _ X') <- ls-disjoint X X'. ls-dj-ca : ls-disjoint (ls-cons _ X) (ls-cons loc-absent X') <- ls-disjoint X X'. %% Set of a single location ls-sing : loc -> ls -> type. ls-sing-z : ls-sing loc-z (ls-cons loc-present ls-nil). ls-sing-s : ls-sing (loc-s L) (ls-cons loc-absent S) <- ls-sing L S. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% store.elf %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% Stores mapping locations to values. We represent them as lists of %% value options, where the i'th element of the list is the value of %% location i in the store (or sv-free if the location is %% undefined). As with location sets, stores differing only by trailing %% sv-free's are equivalent. %% We choose the bitwise representations because it makes the lemmas %% of interest easier to prove; they are generally just an induction %% over the bits. st : type. %name st _S. sv : type. %name sv _SV. %% store value: either free or a value sv-free : sv. sv-val : val -> sv. sv-eq : sv -> sv -> type. sv-eq_ : sv-eq SV SV. st-nil : st. st-cons: sv -> st -> st. %% Are all locations empty? st-empty : st -> type. st-empty-n : st-empty st-nil. st-empty-e : st-empty (st-cons sv-free S) <- st-empty S. %% Store equality. (Could we get away with syntactic equality? Probably.) st-eq : st -> st -> type. st-eq-nx : st-eq st-nil S <- st-empty S. st-eq-xn : st-eq S st-nil <- st-empty S. st-eq-cc : st-eq (st-cons SV1 S1) (st-cons SV2 S2) <- sv-eq SV1 SV2 <- st-eq S1 S2. %% \sigma [l \leftarrow v] st-update : st -> loc -> val -> st -> type. st-up-nz : st-update st-nil loc-z V (st-cons (sv-val V) st-nil). st-up-cz : st-update (st-cons _ S) loc-z V (st-cons (sv-val V) S). st-up-ns : st-update st-nil (loc-s L) V (st-cons sv-free S) <- st-update st-nil L V S. st-up-cs : st-update (st-cons SV S) (loc-s L) V (st-cons SV S') <- st-update S L V S'. %% \sigma(l) st-lookup : st -> loc -> val -> type. st-lo-z : st-lookup (st-cons (sv-val V) _) loc-z V. st-lo-s : st-lookup (st-cons _ S) (loc-s L) V <- st-lookup S L V. %% st-sqsubeq-ex S1 X S2 holds if for any location L allocated in S1 with %% value V, either L is in X or S2 has value V at location L. %% %% This is rather painful because of the treatment of ls-nil and st-nil %% in the 2nd and 3rd arguments, respectively. st-sqsubeq-ex : st -> ls -> st -> type. st-ssee-nxx : st-sqsubeq-ex st-nil _ _. st-ssee-fnn : st-sqsubeq-ex (st-cons sv-free S1') ls-nil st-nil <- st-sqsubeq-ex S1' ls-nil st-nil. st-ssee-fcn : st-sqsubeq-ex (st-cons sv-free S1') (ls-cons _ X') st-nil <- st-sqsubeq-ex S1' X' st-nil. st-ssee-fnc : st-sqsubeq-ex (st-cons sv-free S1') ls-nil (st-cons _ S2') <- st-sqsubeq-ex S1' ls-nil S2'. st-ssee-fcc : st-sqsubeq-ex (st-cons sv-free S1') (ls-cons _ X') (st-cons _ S2') <- st-sqsubeq-ex S1' X' S2'. st-ssee-vnv : st-sqsubeq-ex (st-cons (sv-val V1) S1') ls-nil (st-cons (sv-val V2) S2') <- val-eq V1 V2 <- st-sqsubeq-ex S1' ls-nil S2'. st-ssee-vav : st-sqsubeq-ex (st-cons (sv-val V1) S1') (ls-cons loc-absent X') (st-cons (sv-val V2) S2') <- val-eq V1 V2 <- st-sqsubeq-ex S1' X' S2'. st-ssee-cpn : st-sqsubeq-ex (st-cons _ S1') (ls-cons loc-present X') st-nil <- st-sqsubeq-ex S1' X' st-nil. st-ssee-cpc : st-sqsubeq-ex (st-cons _ S1') (ls-cons loc-present X') (st-cons _ S2') <- st-sqsubeq-ex S1' X' S2'. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% trace.elf %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% Evaluation traces, and their allocated locations. trs : type. %name trs _Ts. trc : type. %name trc _Tc. trs-nil : trs. trs-mod : loc -> trc -> trs. trs-let : trs -> trs -> trs. trc-wr : val -> trc. trc-let : trs -> trc -> trc. trc-rd : loc -> val -> (val -> ec) -> trc -> trc. trs-gen : trs -> ls -> type. trc-gen : trc -> ls -> type. trs-gen-nil : trs-gen trs-nil ls-nil. trs-gen-mod : trs-gen (trs-mod L Tc) X1+X2 <- trc-gen Tc X1 <- ls-sing L X2 <- ls-union X1 X2 X1+X2. trs-gen-let : trs-gen (trs-let Ts1 Ts2) X <- trs-gen Ts1 X1 <- trs-gen Ts2 X2 <- ls-union X1 X2 X. trc-gen-wr : trc-gen (trc-wr V) ls-nil. trc-gen-let : trc-gen (trc-let Ts1 Tc2) X <- trs-gen Ts1 X1 <- trc-gen Tc2 X2 <- ls-union X1 X2 X. trc-gen-rd : trc-gen (trc-rd L V Ec Tc) X <- trc-gen Tc X. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% wf-ex.elf %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% Well-formed expressions (with lifts and reachable locations) wf-val : val -> st -> val -> ls -> type. wf-es : es -> st -> es -> ls -> type. wf-ec : ec -> st -> ec -> ls -> type. wf-val-var : wf-val V S V ls-nil <- var V. wf-val-emp : wf-val val-emp S val-emp ls-nil. wf-val-nat : wf-val (val-nat N) S (val-nat N) ls-nil. wf-val-loc : wf-val (val-loc L) S V' X1+X2 <- st-lookup S L V <- wf-val V S V' X1 <- ls-sing L X2 <- ls-union X1 X2 X1+X2. wf-val-pr : wf-val (val-pr V1 V2) S (val-pr V1' V2') X1+X2 <- wf-val V1 S V1' X1 <- wf-val V2 S V2' X2 <- ls-union X1 X2 X1+X2. wf-val-inl : wf-val (val-inl V) S (val-inl V') X <- wf-val V S V' X. wf-val-inr : wf-val (val-inr V) S (val-inr V') X <- wf-val V S V' X. wf-val-fns : wf-val (val-fns Es) S (val-fns Es') X <- ({v1}{d1 : var v1} {v2}{d2 : var v2} wf-es (Es v1 v2) S (Es' v1 v2) X). wf-val-fnc : wf-val (val-fnc Ec) S (val-fnc Ec') X <- ({v1}{d1 : var v1} {v2}{d2 : var v2} wf-ec (Ec v1 v2) S (Ec' v1 v2) X). wf-es-val : wf-es (es-val V) S (es-val V') X <- wf-val V S V' X. wf-es-plus : wf-es (es-plus V1 V2) S (es-plus V1' V2') X <- wf-val V1 S V1' X1 <- wf-val V2 S V2' X2 <- ls-union X1 X2 X. wf-es-mod : wf-es (es-mod Ec) S (es-mod Ec') X <- wf-ec Ec S Ec' X. wf-es-app : wf-es (es-app V1 V2) S (es-app V1' V2') X <- wf-val V1 S V1' X1 <- wf-val V2 S V2' X2 <- ls-union X1 X2 X. wf-es-let : wf-es (es-let Es1 Es2) S (es-let Es1' Es2') X <- wf-es Es1 S Es1' X1 <- ({v}{d : var v} wf-es (Es2 v) S (Es2' v) X2) <- ls-union X1 X2 X. wf-es-letp : wf-es (es-letp V Es) S (es-letp V' Es') X <- wf-val V S V' X1 <- ({v1}{d1 : var v1} {v2}{d2 : var v2} wf-es (Es v1 v2) S (Es' v1 v2) X2) <- ls-union X1 X2 X. wf-es-case : wf-es (es-case V Es1 Es2) S (es-case V' Es1' Es2') X <- wf-val V S V' X0 <- ({v}{d : var v} wf-es (Es1 v) S (Es1' v) X1) <- ({v}{d : var v} wf-es (Es2 v) S (Es2' v) X2) <- ls-union X1 X2 X12 <- ls-union X12 X0 X. wf-es-memo : wf-es (es-memo Es) S (es-memo Es') X <- wf-es Es S Es' X. wf-ec-wr : wf-ec (ec-wr V) S (ec-wr V') X <- wf-val V S V' X. wf-ec-read : wf-ec (ec-read V Ec) S (ec-read V' Ec') X <- wf-val V S V' X1 <- ({v}{d : var v} wf-ec (Ec v) S (Ec' v) X2) <- ls-union X1 X2 X. wf-ec-app : wf-ec (ec-app V1 V2) S (ec-app V1' V2') X <- wf-val V1 S V1' X1 <- wf-val V2 S V2' X2 <- ls-union X1 X2 X. wf-ec-let : wf-ec (ec-let Es1 Ec2) S (ec-let Es1' Ec2') X <- wf-es Es1 S Es1' X1 <- ({v}{d : var v} wf-ec (Ec2 v) S (Ec2' v) X2) <- ls-union X1 X2 X. wf-ec-letp : wf-ec (ec-letp V Ec) S (ec-letp V' Ec') X <- wf-val V S V' X1 <- ({v1}{d1 : var v1} {v2}{d2 : var v2} wf-ec (Ec v1 v2) S (Ec' v1 v2) X2) <- ls-union X1 X2 X. wf-ec-case : wf-ec (ec-case V Ec1 Ec2) S (ec-case V' Ec1' Ec2') X <- wf-val V S V' X0 <- ({v}{d : var v} wf-ec (Ec1 v) S (Ec1' v) X1) <- ({v}{d : var v} wf-ec (Ec2 v) S (Ec2' v) X2) <- ls-union X1 X2 X12 <- ls-union X12 X0 X. wf-ec-memo : wf-ec (ec-memo Ec) S (ec-memo Ec') X <- wf-ec Ec S Ec' X. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% eval.elf %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% General, well-formed, and clean evaluations. evals : st -> es -> val -> st -> trs -> type. evalc : st -> loc -> ec -> st -> trc -> type. wf-evals : es -> ls -> ls -> evals _ _ _ _ _ -> type. wf-evalc : ec -> ls -> ls -> ls -> evalc _ _ _ _ _ -> type. wf-evals_ : wf-evals Es' R G (Devals : evals S Es V S' Ts) <- wf-es Es S Es' R <- trs-gen Ts G <- ls-disjoint R G. wf-evalc_ : wf-evalc Ec' R G X (Devalc : evalc S L Ec S' Tc) <- wf-ec Ec S Ec' R <- trc-gen Tc G <- ls-disjoint R G <- ls-sing L X <- ls-disjoint X R <- ls-disjoint X G. cps : st -> trs -> st -> trs -> type. cpc : st -> loc -> trc -> st -> trc -> type. evals-val : evals S (es-val V) V S trs-nil. evals-plus : evals S (es-plus (val-nat N1) (val-nat N2)) (val-nat N3) S trs-nil <- sum N1 N2 N3. evals-mod : evals S (es-mod Ec) (val-loc L) S' (trs-mod L Tc) <- evalc S L Ec S' Tc <- trc-gen Tc G <- ls-sing L X <- ls-disjoint X G. evals-memo-miss : evals S (es-memo Es) V S' Ts <- evals S Es V S' Ts. %% can we mix backward arrows with Pi's? evals-memo-hit : cps S Ts1 S' Ts -> {Devals : evals S1 Es V S1' Ts1} wf-evals Es' R G Devals -> evals S (es-memo Es) V S' Ts. evals-app : evals S (es-app (val-fns Es) V2) V S' Ts <- evals S (Es (val-fns Es) V2) V S' Ts. evals-let : evals S (es-let Es1 Es2) V2 S2 (trs-let Ts1 Ts2) <- evals S Es1 V1 S1 Ts1 <- evals S1 (Es2 V1) V2 S2 Ts2 <- trs-gen Ts1 G1 <- trs-gen Ts2 G2 <- ls-disjoint G1 G2. evals-letp : evals S (es-letp (val-pr V1 V2) Es) V S' Ts <- evals S (Es V1 V2) V S' Ts. evals-case-inl : evals S (es-case (val-inl V) Es1 Es2) V' S' Ts <- evals S (Es1 V) V' S' Ts. evals-case-inr : evals S (es-case (val-inr V) Es1 Es2) V' S' Ts <- evals S (Es2 V) V' S' Ts. evalc-write : evalc S L (ec-wr V) S' (trc-wr V) <- st-update S L V S'. evalc-read : evalc S L' (ec-read (val-loc L) Ec) S' (trc-rd L V Ec Tc) <- st-lookup S L V <- evalc S L' (Ec V) S' Tc. evalc-memo-miss : evalc S L (ec-memo Ec) S' Tc <- evalc S L Ec S' Tc. %% can we mix backward arrows with Pi's? evalc-memo-hit : cpc S L Tc1 S' Tc -> {Devalc : evalc S1 L Ec S1' Tc1} wf-evalc Ec' R G X Devalc -> evalc S L (ec-memo Ec) S' Tc. evalc-app : evalc S L (ec-app (val-fnc Ec) V2) S' Tc <- evalc S L (Ec (val-fnc Ec) V2) S' Tc. evalc-let : evalc S L (ec-let Es1 Ec2) S2 (trc-let Ts1 Tc2) <- evals S Es1 V S1 Ts1 <- evalc S1 L (Ec2 V) S2 Tc2 <- trs-gen Ts1 G1 <- trc-gen Tc2 G2 <- ls-disjoint G1 G2. evalc-letp : evalc S L (ec-letp (val-pr V1 V2) Ec) S' Tc <- evalc S L (Ec V1 V2) S' Tc. evalc-case-inl : evalc S L (ec-case (val-inl V) Ec1 Ec2) S' Tc <- evalc S L (Ec1 V) S' Tc. evalc-case-inr : evalc S L (ec-case (val-inr V) Ec1 Ec2) S' Tc <- evalc S L (Ec2 V) S' Tc. cps-nil : cps S trs-nil S trs-nil. cps-mod : cps S (trs-mod L Tc) S' (trs-mod L Tc') <- cpc S L Tc S' Tc' <- trc-gen Tc' G <- ls-sing L X <- ls-disjoint X G. cps-let : cps S (trs-let Ts1 Ts2) S'' (trs-let Ts1' Ts2') <- cps S Ts1 S' Ts1' <- cps S' Ts2 S'' Ts2' <- trs-gen Ts1' G1 <- trs-gen Ts2' G2 <- ls-disjoint G1 G2. cpc-write : cpc S L (trc-wr V) S' (trc-wr V) <- st-update S L V S'. cpc-let : cpc S L' (trc-let Ts1 Tc2) S'' (trc-let Ts1' Tc2') <- cps S Ts1 S' Ts1' <- cpc S' L' Tc2 S'' Tc2' <- trs-gen Ts1' G1 <- trc-gen Tc2' G2 <- ls-disjoint G1 G2. cpc-read/noch : cpc S L (trc-rd L' V Ec Tc) S' (trc-rd L' V Ec Tc') <- st-lookup S L' V <- cpc S L Tc S' Tc'. cpc-read/ch : cpc S L (trc-rd L' V Ec Tc) S' (trc-rd L' V' Ec Tc') <- st-lookup S L' V' <- val-neq V V' <- evalc S L (Ec V') S' Tc'. %% cln-evals : evals _ _ _ _ _ -> type. cln-evalc : evalc _ _ _ _ _ -> type. cln-evals-val : cln-evals evals-val. cln-evals-plus : cln-evals (evals-plus _). cln-evals-mod : cln-evals (evals-mod _ _ _ D) <- cln-evalc D. cln-evals-miss : cln-evals (evals-memo-miss D) <- cln-evals D. cln-evals-app : cln-evals (evals-app D) <- cln-evals D. cln-evals-let : cln-evals (evals-let _ _ _ D2 D1) <- cln-evals D1 <- cln-evals D2. cln-evals-letp : cln-evals (evals-letp D) <- cln-evals D. cln-evals-inl : cln-evals (evals-case-inl D) <- cln-evals D. cln-evals-inr : cln-evals (evals-case-inr D) <- cln-evals D. cln-evalc-write : cln-evalc (evalc-write _). cln-evalc-read : cln-evalc (evalc-read D _) <- cln-evalc D. cln-evalc-miss : cln-evalc (evalc-memo-miss D) <- cln-evalc D. cln-evalc-app : cln-evalc (evalc-app D) <- cln-evalc D. cln-evalc-let : cln-evalc (evalc-let _ _ _ D2 D1) <- cln-evals D1 <- cln-evalc D2. cln-evalc-letp : cln-evalc (evalc-letp D) <- cln-evalc D. cln-evalc-inl : cln-evalc (evalc-case-inl D) <- cln-evalc D. cln-evalc-inr : cln-evalc (evalc-case-inr D) <- cln-evalc D. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% pure.elf %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% %% pure.elf %% The "pure" semantics %% %% pure evaluation for stable and changeable expressions evals-pure : es -> val -> type. evalc-pure : ec -> val -> type. %% stable expressions. evals-pure-val : evals-pure (es-val V) V. evals-pure-plus : evals-pure (es-plus (val-nat N1) (val-nat N2)) (val-nat N3) <- sum N1 N2 N3. evals-pure-mod : evals-pure (es-mod E) V <- evalc-pure E V. evals-pure-memo : evals-pure (es-memo E) V <- evals-pure E V. evals-pure-app : evals-pure (es-app (val-fns Es) V1) V2 <- evals-pure (Es (val-fns Es) V1) V2. evals-pure-let : evals-pure (es-let Es1 Es2) V2 <- evals-pure Es1 V1 <- evals-pure (Es2 V1) V2. evals-pure-letp : evals-pure (es-letp (val-pr V1 V2) Es) V <- evals-pure (Es V1 V2) V. evals-pure-case-inl : evals-pure (es-case (val-inl V1) Es1 Es2) V2 <- evals-pure (Es1 V1) V2. evals-pure-case-inr : evals-pure (es-case (val-inr V1) Es1 Es2) V2 <- evals-pure (Es2 V1) V2. %% changeable expressions. evalc-pure-write : evalc-pure (ec-wr V) V. evalc-pure-read : evalc-pure (ec-read V1 Ec) V2 <- evalc-pure (Ec V1) V2. evalc-pure-memo : evalc-pure (ec-memo Ec) V <- evalc-pure Ec V. evalc-pure-app : evalc-pure (ec-app (val-fnc Ec) V1) V2 <- evalc-pure (Ec (val-fnc Ec) V1) V2. evalc-pure-let : evalc-pure (ec-let Es Ec) V2 <- evals-pure Es V1 <- evalc-pure (Ec V1) V2. evalc-pure-letp : evalc-pure (ec-letp (val-pr V1 V2) Ec) V <- evalc-pure (Ec V1 V2) V. evalc-pure-case-inl : evalc-pure (ec-case (val-inl V1) Ec1 Ec2) V2 <- evalc-pure (Ec1 V1) V2. evalc-pure-case-inr : evalc-pure (ec-case (val-inr V1) Ec1 Ec2) V2 <- evalc-pure (Ec2 V1) V2. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% nat-lemmas.thm %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% leq-refl : {N} leq N N -> type. %mode leq-refl +X1 -X2. - : leq-refl z leq-z. - : leq-refl (s N) (leq-s Dleq) <- leq-refl N Dleq. %worlds () (leq-refl _ _). %total D (leq-refl D _). leq-refl-s : {N} leq N (s N) -> type. %mode leq-refl-s +X1 -X2. - : leq-refl-s z leq-z. - : leq-refl-s (s N) (leq-s Dleq) <- leq-refl-s N Dleq. %worlds () (leq-refl-s _ _). %total D (leq-refl-s D _). %% sum-id : {N} sum N z N -> type. %mode sum-id +N -S. - : sum-id z sum-z. - : sum-id (s N) (sum-s S) <- sum-id N S. %worlds () (sum-id _ _). %total N (sum-id N _). %% sum-inc : sum X Y Z -> sum X (s Y) (s Z) -> type. %mode sum-inc +S1 -S2. - : sum-inc sum-z sum-z. - : sum-inc (sum-s S1) (sum-s S2) <- sum-inc S1 S2. %worlds () (sum-inc _ _). %total S (sum-inc S _). %% sum-commutes : sum X Y Z -> sum Y X Z -> type. %mode sum-commutes +S1 -S2. sum-commutes-z : sum-commutes sum-z S' <- sum-id _ S'. sum-commutes-s : sum-commutes (sum-s S) S'' <- sum-commutes S S' <- sum-inc S' S''. %worlds () (sum-commutes _ _). %total S (sum-commutes S _). %% sum-reduces : {X} {Y} {Z} sum X Y Z -> type. %mode sum-reduces +X +Y +Z +S. sum-reduces-z : sum-reduces z Y Y sum-z. sum-reduces-s : sum-reduces (s X) Y (s Z) (sum-s S) <- sum-reduces X Y Z S. %worlds () (sum-reduces _ _ _ _). %total S (sum-reduces _ _ _ S). %reduces Y <= Z (sum-reduces _ Y Z _). %% leq-trans : leq N1 N2 -> leq N2 N3 -> leq N1 N3 -> type. %mode leq-trans +X1 +X2 -X3. - : leq-trans leq-z _ leq-z. - : leq-trans (leq-s Dleq1) (leq-s Dleq2) (leq-s Dleq3) <- leq-trans Dleq1 Dleq2 Dleq3. %worlds () (leq-trans _ _ _). %total D (leq-trans D _ _). %% leq-imp-sum : sum N1 N2 N3 -> leq N1 N3 -> type. %mode leq-imp-sum -X1 +X2. leq-imp-sum-z : leq-imp-sum sum-z leq-z. leq-imp-sum-s : leq-imp-sum (sum-s D) (leq-s D') <- leq-imp-sum D D'. %worlds () (leq-imp-sum _ _). %total D (leq-imp-sum _ D). %% leq-reduces : {X} {Y} leq X Y -> type. %mode leq-reduces +X +Y +L. - : leq-reduces X Y LE <- leq-imp-sum S LE <- sum-commutes S S' <- sum-reduces _ _ _ S'. %worlds () (leq-reduces _ _ _). %total {} (leq-reduces _ _ _). %reduces X <= Y (leq-reduces X Y _). %% can-sum : {N1} {N2} sum N1 N2 N3 -> type. %mode can-sum +X1 +X2 -X3. - : can-sum z N sum-z. - : can-sum (s N1) N2 (sum-s Dsum) <- can-sum N1 N2 Dsum. %worlds () (can-sum _ _ _). %total D (can-sum D _ _). sum-imp-leq : sum N1 N2 N3 -> leq N1 N3 -> leq N2 N3 -> type. %mode sum-imp-leq +X1 -X2 -X3. - : sum-imp-leq sum-z leq-z Dleq <- leq-refl _ Dleq. - : sum-imp-leq (sum-s Dsum) (leq-s Dleq1) Dleq2 <- sum-imp-leq Dsum Dleq1 Dleq3 <- leq-refl-s _ Dleq4 <- leq-trans Dleq3 Dleq4 Dleq2. %worlds () (sum-imp-leq _ _ _). %total D (sum-imp-leq D _ _). sum-monotone : leq N1 N1' -> leq N2 N2' -> sum N1 N2 N3 -> sum N1' N2' N3' -> leq N3 N3' -> type. %mode sum-monotone +X1 +X2 +X3 +X4 -X5. - : sum-monotone leq-z Dl2 sum-z Ds' Dl3 <- sum-imp-leq Ds' _ Dl <- leq-trans Dl2 Dl Dl3. - : sum-monotone (leq-s Dl1) Dl2 (sum-s Ds) (sum-s Ds') (leq-s Dl3) <- sum-monotone Dl1 Dl2 Ds Ds' Dl3. %worlds () (sum-monotone _ _ _ _ _). %total D (sum-monotone D _ _ _ _). sum-s-rh-r : sum A B S -> sum A (s B) (s S) -> type. %mode sum-s-rh-r +D1 -D2. - : sum-s-rh-r sum-z sum-z. - : sum-s-rh-r (sum-s D) (sum-s D') <- sum-s-rh-r D D'. %worlds () (sum-s-rh-r _ _). %total D (sum-s-rh-r D _). sum-s-rh-l : sum A B S -> sum A (s B) (s S) -> type. %mode sum-s-rh-l -D1 +D2. - : sum-s-rh-l sum-z sum-z. - : sum-s-rh-l (sum-s D) (sum-s D') <- sum-s-rh-l D D'. %worlds () (sum-s-rh-l _ _). %total D (sum-s-rh-l _ D). sum-subsums : sum N1 N2 N1+N2 -> sum N3 N4 N3+N4 -> sum N1+N2 N3+N4 N1+N2+N3+N4 -> sum N1 N3 N1+N3 -> sum N2 N4 N2+N4 %% -> sum N1+N3 N2+N4 N1+N2+N3+N4 -> type. %mode sum-subsums +X1 +X2 +X3 +X4 +X5 -X6. - : sum-subsums sum-z Ds34 sum-z sum-z sum-z Ds34. - : sum-subsums (sum-s Ds12) Ds34 (sum-s Ds12+34) (sum-s Ds13) Ds24 (sum-s Ds13+24) <- sum-subsums Ds12 Ds34 Ds12+34 Ds13 Ds24 Ds13+24. - : sum-subsums Ds12' Ds34 (sum-s Ds12+34) Ds13 (sum-s Ds24) Ds13+2'4 <- sum-s-rh-l Ds12 Ds12' <- sum-subsums Ds12 Ds34 Ds12+34 Ds13 Ds24 Ds13+24 <- sum-s-rh-r Ds13+24 Ds13+2'4. %worlds () (sum-subsums _ _ _ _ _ _). %total {D5 D1} (sum-subsums D1 _ _ _ D5 _). nat-eq-s : nat-eq N1 N2 -> nat-eq (s N1) (s N2) -> type. %mode nat-eq-s +X1 -X2. - : nat-eq-s nat-eq_ nat-eq_. %worlds () (nat-eq-s _ _). %total {} (nat-eq-s _ _). sum-fun : sum N1 N2 N3 -> sum N1 N2 N3' -> %% nat-eq N3 N3' -> type. %mode sum-fun +X1 +X2 -X3. - : sum-fun sum-z sum-z nat-eq_. - : sum-fun (sum-s Dsum) (sum-s Dsum') Deq' <- sum-fun Dsum Dsum' Deq'' <- nat-eq-s Deq'' Deq'. %worlds () (sum-fun _ _ _). %total D (sum-fun D _ _). %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% locset-lemmas.thm %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% can-loc-or : {P1} {P2} loc-or P1 P2 P -> type. %mode can-loc-or +P1 +P2 -P. - : can-loc-or _ _ loc-or-aa. - : can-loc-or _ _ loc-or-px. - : can-loc-or _ _ loc-or-xp. %worlds () (can-loc-or _ _ _). %total P (can-loc-or P _ _). %% can-ls-union : {X1} {X2} %% ls-union X1 X2 X3 -> type. %mode can-ls-union +X1 +X2 -X3. - : can-ls-union ls-nil _ ls-un-nx. - : can-ls-union _ ls-nil ls-un-xn. - : can-ls-union (ls-cons P1 X1) (ls-cons P2 X2) (ls-un-cc U O) <- can-ls-union X1 X2 U <- can-loc-or P1 P2 O. %worlds () (can-ls-union _ _ _). %total D (can-ls-union D _ _). %% can-ls-sing : {L} %% ls-sing L X -> type. %mode can-ls-sing +X1 -X2. - : can-ls-sing loc-z ls-sing-z. - : can-ls-sing (loc-s L) (ls-sing-s Sg) <- can-ls-sing L Sg. %worlds () (can-ls-sing _ _). %total L (can-ls-sing L _). %% loc-or-commutes : loc-or A B C -> %% loc-or B A C -> type. %mode loc-or-commutes +X -Y. - : loc-or-commutes loc-or-aa loc-or-aa. - : loc-or-commutes loc-or-xp loc-or-px. - : loc-or-commutes loc-or-px loc-or-xp. %worlds () (loc-or-commutes _ _). %total {} (loc-or-commutes _ _). %% ls-union-commutes : ls-union X Y Z -> ls-union Y X Z -> type. %mode ls-union-commutes +X1 -X2. - : ls-union-commutes ls-un-nx ls-un-xn. - : ls-union-commutes ls-un-xn ls-un-nx. - : ls-union-commutes (ls-un-cc U O) (ls-un-cc U' O') <- loc-or-commutes O O' <- ls-union-commutes U U'. %worlds () (ls-union-commutes _ _). %total D (ls-union-commutes D _). %% ls-subeq-refl : {X} %% ls-subeq X X -> type. %mode ls-subeq-refl +X1 -X2. - : ls-subeq-refl ls-nil ls-subeq-nx. - : ls-subeq-refl (ls-cons loc-absent X) (ls-subeq-ax D) <- ls-subeq-refl X D. - : ls-subeq-refl (ls-cons loc-present X) (ls-subeq-pp D) <- ls-subeq-refl X D. %worlds () (ls-subeq-refl _ _). %total D (ls-subeq-refl D _). %% ls-union-imp-subeq : ls-union S1 S2 S3 -> %% ls-subeq S1 S3 -> ls-subeq S2 S3 -> type. %mode ls-union-imp-subeq +X1 -X2 -X3. - : ls-union-imp-subeq ls-un-nx ls-subeq-nx SE2 <- ls-subeq-refl _ SE2. - : ls-union-imp-subeq ls-un-xn SE1 ls-subeq-nx <- ls-subeq-refl _ SE1. - : ls-union-imp-subeq (ls-un-cc Un loc-or-aa) (ls-subeq-ax SE1) (ls-subeq-ax SE2) <- ls-union-imp-subeq Un SE1 SE2. - : ls-union-imp-subeq (ls-un-cc Un loc-or-px) (ls-subeq-pp SE1) (ls-subeq-ax SE2) <- ls-union-imp-subeq Un SE1 SE2. - : ls-union-imp-subeq (ls-un-cc Un loc-or-px) (ls-subeq-pp SE1) (ls-subeq-pp SE2) <- ls-union-imp-subeq Un SE1 SE2. - : ls-union-imp-subeq (ls-un-cc Un loc-or-xp) (ls-subeq-ax SE1) (ls-subeq-pp SE2) <- ls-union-imp-subeq Un SE1 SE2. - : ls-union-imp-subeq (ls-un-cc Un loc-or-xp) (ls-subeq-pp SE1) (ls-subeq-pp SE2) <- ls-union-imp-subeq Un SE1 SE2. %worlds () (ls-union-imp-subeq _ _ _). %total D (ls-union-imp-subeq D _ _). %% ls-emp-impl-subeq-any : {Y} ls-empty X -> ls-subeq X Y -> type. %mode ls-emp-impl-subeq-any +Y +E -SE. - : ls-emp-impl-subeq-any ls-nil E (ls-subeq-xn E). - : ls-emp-impl-subeq-any _ ls-empty-n ls-subeq-nx. - : ls-emp-impl-subeq-any (ls-cons _ X) (ls-empty-a E) (ls-subeq-ax SE) <- ls-emp-impl-subeq-any X E SE. %worlds () (ls-emp-impl-subeq-any _ _ _). %total D (ls-emp-impl-subeq-any _ D _). %% ls-subeq-emp-impl-emp : ls-subeq X Y -> ls-empty Y -> ls-empty X -> type. %mode ls-subeq-emp-impl-emp +X1 +X2 -X3. - : ls-subeq-emp-impl-emp ls-subeq-nx _ ls-empty-n. - : ls-subeq-emp-impl-emp (ls-subeq-xn E) ls-empty-n E. - : ls-subeq-emp-impl-emp (ls-subeq-ax SE) (ls-empty-a E) (ls-empty-a E') <- ls-subeq-emp-impl-emp SE E E'. %worlds () (ls-subeq-emp-impl-emp _ _ _). %total D (ls-subeq-emp-impl-emp _ D _). %% ls-subeq-trans : ls-subeq X1 X2 -> ls-subeq X2 X3 -> %% ls-subeq X1 X3 -> type. %mode ls-subeq-trans +X1 +X2 -X3. - : ls-subeq-trans ls-subeq-nx _ ls-subeq-nx. - : ls-subeq-trans D ls-subeq-nx D' <- ls-subeq-emp-impl-emp D ls-empty-n E' <- ls-emp-impl-subeq-any _ E' D'. - : ls-subeq-trans D (ls-subeq-xn E) D' <- ls-subeq-emp-impl-emp D E E' <- ls-emp-impl-subeq-any _ E' D'. - : ls-subeq-trans (ls-subeq-ax D12) (ls-subeq-ax D23) (ls-subeq-ax D13) <- ls-subeq-trans D12 D23 D13. - : ls-subeq-trans (ls-subeq-ax D12) (ls-subeq-pp D23) (ls-subeq-ax D13) <- ls-subeq-trans D12 D23 D13. - : ls-subeq-trans (ls-subeq-pp D12) (ls-subeq-pp D23) (ls-subeq-pp D13) <- ls-subeq-trans D12 D23 D13. %worlds () (ls-subeq-trans _ _ _). %total D (ls-subeq-trans D _ _). %% ls-union-monotone-l : ls-union X Y Z -> ls-subeq X X' -> ls-union X' Y Z' -> %% ls-subeq Z Z' -> type. %mode ls-union-monotone-l +X1 +X2 +X3 -X4. %% if Y = ls-nil, then X = Z and X' = Z' - : ls-union-monotone-l (_ : ls-union _ ls-nil _) SE _ SE. %% now Y = (ls-cons _ _) %% consider X = ls-nil, so Y = Z - : ls-union-monotone-l ls-un-nx _ Un SE <- ls-union-imp-subeq Un _ SE. %% now Y = (ls-cons _ _) and X = (ls-cons _ _) %% now if X' = ls-nil, X must be empty... - : ls-union-monotone-l (ls-un-cc Un loc-or-aa) (ls-subeq-xn (ls-empty-a E)) ls-un-nx (ls-subeq-ax SE) <- ls-union-monotone-l Un (ls-subeq-xn E) ls-un-nx SE. - : ls-union-monotone-l (ls-un-cc Un loc-or-xp) (ls-subeq-xn (ls-empty-a E)) ls-un-nx (ls-subeq-pp SE) <- ls-union-monotone-l Un (ls-subeq-xn E) ls-un-nx SE. %% finally, if X' = (ls-cons _ _)... - : ls-union-monotone-l (ls-un-cc Un _) (ls-subeq-ax SE) (ls-un-cc Un' loc-or-aa) (ls-subeq-ax SE') <- ls-union-monotone-l Un SE Un' SE'. - : ls-union-monotone-l (ls-un-cc Un _) (ls-subeq-ax SE) (ls-un-cc Un' loc-or-xp) (ls-subeq-pp SE') <- ls-union-monotone-l Un SE Un' SE'. - : ls-union-monotone-l (ls-un-cc Un _) (ls-subeq-ax SE) (ls-un-cc Un' loc-or-px) (ls-subeq-pp SE') <- ls-union-monotone-l Un SE Un' SE'. - : ls-union-monotone-l (ls-un-cc Un _) (ls-subeq-ax SE) (ls-un-cc Un' loc-or-px) (ls-subeq-ax SE') <- ls-union-monotone-l Un SE Un' SE'. - : ls-union-monotone-l (ls-un-cc Un _) (ls-subeq-pp SE) (ls-un-cc Un' _) (ls-subeq-pp SE') <- ls-union-monotone-l Un SE Un' SE'. - : ls-union-monotone-l (ls-un-cc Un _) (ls-subeq-pp SE) (ls-un-cc Un' _) (ls-subeq-pp SE') <- ls-union-monotone-l Un SE Un' SE'. %worlds () (ls-union-monotone-l _ _ _ _). %total D (ls-union-monotone-l D _ _ _). %% ls-union-monotone-r : ls-union X Y Z -> ls-subeq Y Y' -> ls-union X Y' Z' -> %% ls-subeq Z Z' -> type. %mode ls-union-monotone-r +X1 +X2 +X3 -X4. - : ls-union-monotone-r Un SE Un' SE' <- ls-union-commutes Un Unc <- ls-union-commutes Un' Unc' <- ls-union-monotone-l Unc SE Unc' SE'. %worlds () (ls-union-monotone-r _ _ _ _). %total {} (ls-union-monotone-r _ _ _ _). %% ls-union-monotone : ls-union X1 X2 X3 -> ls-subeq X1 X1' -> ls-subeq X2 X2' -> ls-union X1' X2' X3' -> %% ls-subeq X3 X3' -> type. %mode ls-union-monotone +X1 +X2 +X3 +X4 -X5. - : ls-union-monotone Un SE1 SE2 Un' SE3 <- can-ls-union _ _ Un1'2 <- ls-union-monotone-l Un SE1 Un1'2 SEl <- ls-union-monotone-r Un1'2 SE2 Un' SEr <- ls-subeq-trans SEl SEr SE3. %worlds () (ls-union-monotone _ _ _ _ _). %total {} (ls-union-monotone _ _ _ _ _). %% ls-disjoint-commutes : ls-disjoint X1 X2 -> %% ls-disjoint X2 X1 -> type. %mode ls-disjoint-commutes +X1 -X2. - : ls-disjoint-commutes ls-dj-nx ls-dj-xn. - : ls-disjoint-commutes ls-dj-xn ls-dj-nx. - : ls-disjoint-commutes (ls-dj-ac D) (ls-dj-ca D') <- ls-disjoint-commutes D D'. - : ls-disjoint-commutes (ls-dj-ca D) (ls-dj-ac D') <- ls-disjoint-commutes D D'. %worlds () (ls-disjoint-commutes _ _). %total D (ls-disjoint-commutes D _). %% ls-emp-implies-dj : {Y} ls-empty X -> ls-disjoint X Y -> ls-disjoint Y X -> type. %mode ls-emp-implies-dj +Y +E -D1 -D2. - : ls-emp-implies-dj _ ls-empty-n ls-dj-nx ls-dj-xn. - : ls-emp-implies-dj ls-nil _ ls-dj-xn ls-dj-nx. - : ls-emp-implies-dj (ls-cons _ Y) (ls-empty-a E) (ls-dj-ac Dj1) (ls-dj-ca Dj2) <- ls-emp-implies-dj Y E Dj1 Dj2. %worlds () (ls-emp-implies-dj _ _ _ _). %total Y (ls-emp-implies-dj Y _ _ _). %% ls-disjoint-resp-subeq : ls-disjoint X1 X2 -> ls-subeq X1' X1 -> ls-subeq X2' X2 -> %% ls-disjoint X1' X2' -> type. %mode ls-disjoint-resp-subeq +X1 +X2 +X3 -X4. - : ls-disjoint-resp-subeq _ ls-subeq-nx _ ls-dj-nx. - : ls-disjoint-resp-subeq _ _ ls-subeq-nx ls-dj-xn. - : ls-disjoint-resp-subeq _ (ls-subeq-xn E1) _ Dj <- ls-emp-implies-dj _ E1 Dj _. - : ls-disjoint-resp-subeq _ _ (ls-subeq-xn E2) Dj <- ls-emp-implies-dj _ E2 _ Dj. - : ls-disjoint-resp-subeq (ls-dj-ac Dj) (ls-subeq-ax SE1) (ls-subeq-ax SE2) (ls-dj-ac Dj') <- ls-disjoint-resp-subeq Dj SE1 SE2 Dj'. - : ls-disjoint-resp-subeq (ls-dj-ac Dj) (ls-subeq-ax SE1) (ls-subeq-pp SE2) (ls-dj-ac Dj') <- ls-disjoint-resp-subeq Dj SE1 SE2 Dj'. - : ls-disjoint-resp-subeq (ls-dj-ca Dj) (ls-subeq-ax SE1) (ls-subeq-ax SE2) (ls-dj-ac Dj') <- ls-disjoint-resp-subeq Dj SE1 SE2 Dj'. - : ls-disjoint-resp-subeq (ls-dj-ca Dj) (ls-subeq-pp SE1) (ls-subeq-ax SE2) (ls-dj-ca Dj') <- ls-disjoint-resp-subeq Dj SE1 SE2 Dj'. %worlds () (ls-disjoint-resp-subeq _ _ _ _). %total D (ls-disjoint-resp-subeq D _ _ _). %% ls-union-emp-emp-emp : ls-union X Y Z -> ls-empty X -> ls-empty Y -> ls-empty Z -> type. %mode ls-union-emp-emp-emp +U +EX +EY -EZ. - : ls-union-emp-emp-emp _ ls-empty-n E E. - : ls-union-emp-emp-emp _ E ls-empty-n E. - : ls-union-emp-emp-emp (ls-un-cc Un _) (ls-empty-a X) (ls-empty-a Y) (ls-empty-a Z) <- ls-union-emp-emp-emp Un X Y Z. %worlds () (ls-union-emp-emp-emp _ _ _ _). %total D (ls-union-emp-emp-emp D _ _ _). %% ls-emp-emp-eq : ls-empty X -> ls-empty Y -> ls-eq X Y -> type. %mode ls-emp-emp-eq +E1 +E2 -Eq. - : ls-emp-emp-eq ls-empty-n E2 (ls-eq-nx E2). - : ls-emp-emp-eq E1 ls-empty-n (ls-eq-xn E1). - : ls-emp-emp-eq (ls-empty-a E1) (ls-empty-a E2) (ls-eq-cc Eq) <- ls-emp-emp-eq E1 E2 Eq. %worlds () (ls-emp-emp-eq _ _ _). %total D (ls-emp-emp-eq D _ _). %% ls-eq-refl : {X} ls-eq X X -> type. %mode ls-eq-refl +X -Eq. - : ls-eq-refl ls-nil (ls-eq-nx ls-empty-n). - : ls-eq-refl (ls-cons _ X) (ls-eq-cc Eq) <- ls-eq-refl X Eq. %worlds () (ls-eq-refl _ _). %total X (ls-eq-refl X _). %% ls-union-emp-eq : ls-union X Y Z -> ls-empty X -> ls-eq Y Z -> type. %mode ls-union-emp-eq +U +E -Eq. - : ls-union-emp-eq ls-un-nx _ Eq <- ls-eq-refl _ Eq. - : ls-union-emp-eq ls-un-xn EZ (ls-eq-nx EZ). - : ls-union-emp-eq (ls-un-cc Un Or) (ls-empty-a EX) (ls-eq-cc Eq) <- ls-union-emp-eq Un EX Eq. %worlds () (ls-union-emp-eq _ _ _). %total D (ls-union-emp-eq D _ _). %% ls-subeq-union : ls-subeq X1 X2 -> ls-subeq X3 X2 -> ls-union X1 X3 X4 -> %% ls-subeq X4 X2 -> type. %mode ls-subeq-union +X1 +X2 +X3 -X4. - : ls-subeq-union ls-subeq-nx SE _ SE. - : ls-subeq-union SE ls-subeq-nx _ SE. - : ls-subeq-union (ls-subeq-xn E1) (ls-subeq-xn E3) Un (ls-subeq-xn E4) <- ls-union-emp-emp-emp Un E1 E3 E4. - : ls-subeq-union (ls-subeq-ax SE12) (ls-subeq-ax SE32) (ls-un-cc Un _) (ls-subeq-ax SE42) <- ls-subeq-union SE12 SE32 Un SE42. - : ls-subeq-union (ls-subeq-pp SE12) (ls-subeq-ax SE32) (ls-un-cc Un _) (ls-subeq-pp SE42) <- ls-subeq-union SE12 SE32 Un SE42. - : ls-subeq-union (ls-subeq-ax SE12) (ls-subeq-pp SE32) (ls-un-cc Un _) (ls-subeq-pp SE42) <- ls-subeq-union SE12 SE32 Un SE42. - : ls-subeq-union (ls-subeq-pp SE12) (ls-subeq-pp SE32) (ls-un-cc Un _) (ls-subeq-pp SE42) <- ls-subeq-union SE12 SE32 Un SE42. %worlds () (ls-subeq-union _ _ _ _). %total D (ls-subeq-union D _ _ _). %% ls-disjoint-union : ls-disjoint X Z -> ls-disjoint Y Z -> ls-union X Y XY -> %% ls-disjoint XY Z -> type. %mode ls-disjoint-union +X1 +X2 +X3 -X4. - : ls-disjoint-union ls-dj-nx Dj ls-un-nx Dj. - : ls-disjoint-union Dj ls-dj-nx ls-un-xn Dj. - : ls-disjoint-union _ ls-dj-xn _ ls-dj-xn. - : ls-disjoint-union ls-dj-xn _ _ ls-dj-xn. - : ls-disjoint-union (ls-dj-ac DjXZ) (ls-dj-ac DjYZ) (ls-un-cc Un _) (ls-dj-ac DjXYZ) <- ls-disjoint-union DjXZ DjYZ Un DjXYZ. - : ls-disjoint-union (ls-dj-ca DjXZ) (ls-dj-ac DjYZ) (ls-un-cc Un _) (ls-dj-ca DjXYZ) <- ls-disjoint-union DjXZ DjYZ Un DjXYZ. - : ls-disjoint-union (ls-dj-ac DjXZ) (ls-dj-ca DjYZ) (ls-un-cc Un _) (ls-dj-ca DjXYZ) <- ls-disjoint-union DjXZ DjYZ Un DjXYZ. - : ls-disjoint-union (ls-dj-ca DjXZ) (ls-dj-ca DjYZ) (ls-un-cc Un _) (ls-dj-ca DjXYZ) <- ls-disjoint-union DjXZ DjYZ Un DjXYZ. %worlds () (ls-disjoint-union _ _ _ _). %total D (ls-disjoint-union D _ _ _). %% ls-emp-impl-disj : {Y} ls-empty X -> ls-disjoint X Y -> ls-disjoint Y X -> type. %mode ls-emp-impl-disj +Y +E -D1 -D2. - : ls-emp-impl-disj ls-nil _ ls-dj-xn ls-dj-nx. - : ls-emp-impl-disj _ ls-empty-n ls-dj-nx ls-dj-xn. - : ls-emp-impl-disj (ls-cons _ Y) (ls-empty-a E) (ls-dj-ac D) (ls-dj-ca D') <- ls-emp-impl-disj Y E D D'. %worlds () (ls-emp-impl-disj _ _ _ _). %total D (ls-emp-impl-disj D _ _ _). %% ls-disjoint-resp-eq : ls-disjoint X1 X2 -> ls-eq X1 X1' -> ls-eq X2 X2' -> %% ls-disjoint X1' X2' -> type. %mode ls-disjoint-resp-eq +X1 +X2 +X3 -X4. - : ls-disjoint-resp-eq ls-dj-nx (ls-eq-nx E1') _ Dj <- ls-emp-impl-disj _ E1' Dj _. - : ls-disjoint-resp-eq _ (ls-eq-xn _) _ ls-dj-nx. - : ls-disjoint-resp-eq ls-dj-xn _ (ls-eq-nx E2') Dj <- ls-emp-impl-disj _ E2' _ Dj. - : ls-disjoint-resp-eq _ _ (ls-eq-xn _) ls-dj-xn. - : ls-disjoint-resp-eq (ls-dj-ac Dj) (ls-eq-cc E1) (ls-eq-cc E2) (ls-dj-ac Dj') <- ls-disjoint-resp-eq Dj E1 E2 Dj'. - : ls-disjoint-resp-eq (ls-dj-ac Dj) (ls-eq-cc E1) (ls-eq-cc E2) (ls-dj-ca Dj') <- ls-disjoint-resp-eq Dj E1 E2 Dj'. - : ls-disjoint-resp-eq (ls-dj-ca Dj) (ls-eq-cc E1) (ls-eq-cc E2) (ls-dj-ac Dj') <- ls-disjoint-resp-eq Dj E1 E2 Dj'. - : ls-disjoint-resp-eq (ls-dj-ca Dj) (ls-eq-cc E1) (ls-eq-cc E2) (ls-dj-ca Dj') <- ls-disjoint-resp-eq Dj E1 E2 Dj'. %worlds () (ls-disjoint-resp-eq _ _ _ _). %total D (ls-disjoint-resp-eq D _ _ _). %% ls-eq-commutes : ls-eq X Y -> ls-eq Y X -> type. %mode ls-eq-commutes +X1 -X2. - : ls-eq-commutes (ls-eq-nx E) (ls-eq-xn E). - : ls-eq-commutes (ls-eq-xn E) (ls-eq-nx E). - : ls-eq-commutes (ls-eq-cc Eq) (ls-eq-cc Eq') <- ls-eq-commutes Eq Eq'. %worlds () (ls-eq-commutes _ _). %total D (ls-eq-commutes D _). %% ls-eq-emp-impl-emp : ls-eq X Y -> ls-empty Y -> ls-empty X -> type. %mode ls-eq-emp-impl-emp +EqXY +EY -EX. - : ls-eq-emp-impl-emp (ls-eq-nx _) _ ls-empty-n. - : ls-eq-emp-impl-emp (ls-eq-xn EX) _ EX. - : ls-eq-emp-impl-emp (ls-eq-cc Eq) (ls-empty-a EY) (ls-empty-a EX) <- ls-eq-emp-impl-emp Eq EY EX. %worlds () (ls-eq-emp-impl-emp _ _ _). %total D (ls-eq-emp-impl-emp D _ _). %% ls-eq-trans : ls-eq X Y -> ls-eq Y Z -> ls-eq X Z -> type. %mode ls-eq-trans +XY +YZ -XZ. - : ls-eq-trans (ls-eq-nx EY) EqYZ (ls-eq-nx EZ) <- ls-eq-commutes EqYZ EqZY <- ls-eq-emp-impl-emp EqZY EY EZ. - : ls-eq-trans EqXY (ls-eq-xn EY) (ls-eq-xn EX) <- ls-eq-emp-impl-emp EqXY EY EX. - : ls-eq-trans (ls-eq-xn EX) (ls-eq-nx EZ) Eq <- ls-emp-emp-eq EX EZ Eq. - : ls-eq-trans (ls-eq-xn EX) (ls-eq-xn _) (ls-eq-xn EX). - : ls-eq-trans (ls-eq-cc EqXY) (ls-eq-cc EqYZ) (ls-eq-cc EqXZ) <- ls-eq-trans EqXY EqYZ EqXZ. %worlds () (ls-eq-trans _ _ _). %total D (ls-eq-trans D _ _). %% ls-union-fun-l : ls-eq X1 X1' -> ls-union X1 X2 X -> ls-union X1' X2 X' -> %% ls-eq X X' -> type. %mode ls-union-fun-l +E +U1 +U2 -E'. - : ls-union-fun-l (ls-eq-nx EX1') _ Un' Eq <- ls-union-emp-eq Un' EX1' Eq. - : ls-union-fun-l (ls-eq-xn EX1) Un _ Eq <- ls-union-emp-eq Un EX1 Eqc <- ls-eq-commutes Eqc Eq. - : ls-union-fun-l Eq ls-un-xn ls-un-xn Eq. - : ls-union-fun-l (ls-eq-cc Eq) (ls-un-cc Un _) (ls-un-cc Un' _) (ls-eq-cc Eq') <- ls-union-fun-l Eq Un Un' Eq'. %worlds () (ls-union-fun-l _ _ _ _). %total D (ls-union-fun-l D _ _ _). %% ls-union-fun-r : ls-eq X2 X2' -> ls-union X1 X2 X -> ls-union X1 X2' X' -> %% ls-eq X X' -> type. %mode ls-union-fun-r +E +U1 +U2 -E'. - : ls-union-fun-r E U U' Eres <- ls-union-commutes U Uc <- ls-union-commutes U' Uc' <- ls-union-fun-l E Uc Uc' Eres. %worlds () (ls-union-fun-r _ _ _ _). %total {} (ls-union-fun-r _ _ _ _). %% ls-union-fun : ls-eq X1 X1' -> ls-eq X2 X2' -> ls-union X1 X2 X -> ls-union X1' X2' X' -> %% ls-eq X X' -> type. %mode ls-union-fun +X1 +X2 +X3 +X4 -X5. - : ls-union-fun E1 E2 U12 U1'2' Eres <- can-ls-union _ _ U1'2 <- ls-union-fun-l E1 U12 U1'2 El <- ls-union-fun-r E2 U1'2 U1'2' Er <- ls-eq-trans El Er Eres. %worlds () (ls-union-fun _ _ _ _ _). %total {} (ls-union-fun _ _ _ _ _). %% ls-sing-fun : ls-sing L X -> ls-sing L X' -> ls-eq X X' -> type. %mode ls-sing-fun +X1 +X2 -X3. - : ls-sing-fun ls-sing-z ls-sing-z (ls-eq-cc (ls-eq-nx ls-empty-n)). - : ls-sing-fun (ls-sing-s Sg1) (ls-sing-s Sg2) (ls-eq-cc Eq) <- ls-sing-fun Sg1 Sg2 Eq. %worlds () (ls-sing-fun _ _ _). %total D (ls-sing-fun D _ _). %% loc-or-assoc : loc-or P2 P3 P23 -> loc-or P1 P23 P123 -> loc-or P1 P2 P12 -> %% loc-or P12 P3 P123 -> type. %mode loc-or-assoc +X1 +X2 +X3 -X4. - : loc-or-assoc _ _ _ loc-or-aa. - : loc-or-assoc _ _ _ loc-or-px. - : loc-or-assoc _ _ _ loc-or-xp. %worlds () (loc-or-assoc _ _ _ _). %total {} (loc-or-assoc _ _ _ _). %% ls-id-c : {P} ls-id X Y -> ls-id (ls-cons P X) (ls-cons P Y) -> type. %mode ls-id-c +P +I1 -I2. - : ls-id-c _ ls-id_ ls-id_. %worlds () (ls-id-c _ _ _). %total {} (ls-id-c _ _ _). %% ls-su-id : ls-union X Y Z -> ls-union X Y Z' -> ls-id Z Z' -> type. %mode ls-su-id +U1 +U2 -I. - : ls-su-id _ _ ls-id_. - : ls-su-id (ls-un-cc U _) (ls-un-cc U' _) Id <- ls-su-id U U' Id' <- ls-id-c _ Id' Id. %worlds () (ls-su-id _ _ _). %total D (ls-su-id _ D _). %% ls-id-unil : ls-id X Y -> ls-union Y ls-nil X -> type. %mode ls-id-unil +I -U. - : ls-id-unil ls-id_ ls-un-xn. %worlds () (ls-id-unil _ _). %total {} (ls-id-unil _ _). %% ls-union-assoc : ls-union X2 X3 X23 -> ls-union X1 X23 X123 -> ls-union X1 X2 X12 -> %% ls-union X12 X3 X123 -> type. %mode ls-union-assoc +X1 +X2 +X3 -X4. - : ls-union-assoc ls-un-nx ls-un-nx Un Un. - : ls-union-assoc ls-un-nx ls-un-xn Un Un. - : ls-union-assoc ls-un-nx Un ls-un-xn Un. - : ls-union-assoc Un ls-un-nx ls-un-nx Un. - : ls-union-assoc ls-un-xn U1'23 U12 U12'3 <- ls-su-id U1'23 U12 Id <- ls-id-unil Id U12'3. - : ls-union-assoc (ls-un-cc U23 Or23) (ls-un-cc U1'23 Or1'23) (ls-un-cc U12 Or12) (ls-un-cc U12'3 Or12'3) <- ls-union-assoc U23 U1'23 U12 U12'3 <- loc-or-assoc Or23 Or1'23 Or12 Or12'3. %worlds () (ls-union-assoc _ _ _ _). %total D (ls-union-assoc D _ _ _). %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% store-lemmas.thm %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% st-update-imp-lookup : st-update _ L V S -> %% st-lookup S L V -> type. %mode st-update-imp-lookup +X1 -X2. - : st-update-imp-lookup st-up-nz st-lo-z. - : st-update-imp-lookup st-up-cz st-lo-z. - : st-update-imp-lookup (st-up-ns Dup) (st-lo-s Dlo) <- st-update-imp-lookup Dup Dlo. - : st-update-imp-lookup (st-up-cs Dup) (st-lo-s Dlo) <- st-update-imp-lookup Dup Dlo. %worlds () (st-update-imp-lookup _ _). %total D (st-update-imp-lookup D _). contradiction-implies-val-eq : {V}{V'} false -> val-eq V V' -> type. %mode contradiction-implies-val-eq +V1 +V2 +X1 -X2. %worlds () (contradiction-implies-val-eq _ _ _ _). %total {} (contradiction-implies-val-eq _ _ _ _). st-lookup-fun : st-lookup S L V -> st-lookup S L V' -> %% val-eq V V' -> type. %mode st-lookup-fun +X1 +X2 -X3. - : st-lookup-fun st-lo-z st-lo-z val-eq_. - : st-lookup-fun (st-lo-s Dup) (st-lo-s Dup') Deq <- st-lookup-fun Dup Dup' Deq. %worlds (var-block) (st-lookup-fun _ _ _). %total {D1 D2} (st-lookup-fun D1 D2 _). %% st-eq-preserves-emp : st-empty S1 -> st-eq S1 S2 -> st-empty S2 -> type. %mode st-eq-preserves-emp +X1 +X2 -X3. - : st-eq-preserves-emp _ (st-eq-nx Emp) Emp. - : st-eq-preserves-emp _ (st-eq-xn _) st-empty-n. - : st-eq-preserves-emp (st-empty-e Emp1) (st-eq-cc Eq _) (st-empty-e Emp2) <- st-eq-preserves-emp Emp1 Eq Emp2. %worlds () (st-eq-preserves-emp _ _ _). %total D (st-eq-preserves-emp _ D _). %% st-emp-eq-emp : st-empty S1 -> st-empty S2 -> st-eq S1 S2 -> type. %mode st-emp-eq-emp +E1 +E2 -E3. - : st-emp-eq-emp st-empty-n Emp2 (st-eq-nx Emp2). - : st-emp-eq-emp Emp1 st-empty-n (st-eq-xn Emp1). - : st-emp-eq-emp (st-empty-e Emp1) (st-empty-e Emp2) (st-eq-cc Emp sv-eq_) <- st-emp-eq-emp Emp1 Emp2 Emp. %worlds () (st-emp-eq-emp _ _ _). %total D (st-emp-eq-emp D _ _). %% st-eq-refl : {S} st-eq S S -> type. %mode st-eq-refl +X1 -X2. - : st-eq-refl st-nil (st-eq-nx st-empty-n). - : st-eq-refl (st-cons V S) (st-eq-cc Eq sv-eq_) <- st-eq-refl S Eq. %worlds () (st-eq-refl _ _). %total S (st-eq-refl S _). %% st-eq-comm : st-eq S1 S2 -> st-eq S2 S1 -> type. %mode st-eq-comm +X1 -X2. - : st-eq-comm (st-eq-nx E) (st-eq-xn E). - : st-eq-comm (st-eq-xn E) (st-eq-nx E). - : st-eq-comm (st-eq-cc Eq12 _) (st-eq-cc Eq21 sv-eq_) <- st-eq-comm Eq12 Eq21. %worlds () (st-eq-comm _ _). %total D (st-eq-comm D _). %% st-eq-trans : st-eq S1 S2 -> st-eq S2 S3 -> st-eq S1 S3 -> type. %mode st-eq-trans +X1 +X2 -X3. - : st-eq-trans (st-eq-nx E1) Eq2 (st-eq-nx E) <- st-eq-preserves-emp E1 Eq2 E. - : st-eq-trans (st-eq-xn E1) (st-eq-nx E3) Eq <- st-emp-eq-emp E1 E3 Eq. - : st-eq-trans Eq12 (st-eq-xn E2) (st-eq-xn E1) <- st-eq-comm Eq12 Eq21 <- st-eq-preserves-emp E2 Eq21 E1. - : st-eq-trans (st-eq-cc Eq1 _) (st-eq-cc Eq2 _) (st-eq-cc Eq sv-eq_) <- st-eq-trans Eq1 Eq2 Eq. %worlds () (st-eq-trans _ _ _). %total D (st-eq-trans D _ _). %% st-sqsubeq-ex-refl : {S}{X} %% st-sqsubeq-ex S X S -> type. %mode st-sqsubeq-ex-refl +X1 +X2 -X3. - : st-sqsubeq-ex-refl st-nil _ st-ssee-nxx. - : st-sqsubeq-ex-refl (st-cons sv-free S) ls-nil (st-ssee-fnc Dssee) <- st-sqsubeq-ex-refl S ls-nil Dssee. - : st-sqsubeq-ex-refl (st-cons sv-free S) ls-nil (st-ssee-fnc Dssee) <- st-sqsubeq-ex-refl S ls-nil Dssee. - : st-sqsubeq-ex-refl (st-cons (sv-val _) S) ls-nil (st-ssee-vnv Dssee val-eq_) <- st-sqsubeq-ex-refl S ls-nil Dssee. - : st-sqsubeq-ex-refl (st-cons sv-free S) (ls-cons _ X) (st-ssee-fcc Dssee) <- st-sqsubeq-ex-refl S X Dssee. - : st-sqsubeq-ex-refl (st-cons (sv-val _) S) (ls-cons loc-absent X) (st-ssee-vav Dssee val-eq_) <- st-sqsubeq-ex-refl S X Dssee. - : st-sqsubeq-ex-refl (st-cons _ S) (ls-cons loc-present X) (st-ssee-cpc Dssee) <- st-sqsubeq-ex-refl S X Dssee. %worlds () (st-sqsubeq-ex-refl _ _ _). %total D (st-sqsubeq-ex-refl D _ _). %% st-sqsubeq-ex-nil-impl-any : {S'} st-sqsubeq-ex S X st-nil -> %% st-sqsubeq-ex S X S' -> type. %mode st-sqsubeq-ex-nil-impl-any +S +X1 -X2. - : st-sqsubeq-ex-nil-impl-any _ st-ssee-nxx st-ssee-nxx. - : st-sqsubeq-ex-nil-impl-any st-nil (st-ssee-fnn Dssee) (st-ssee-fnn Dssee') <- st-sqsubeq-ex-nil-impl-any st-nil Dssee Dssee'. - : st-sqsubeq-ex-nil-impl-any (st-cons _ S') (st-ssee-fnn Dssee) (st-ssee-fnc Dssee') <- st-sqsubeq-ex-nil-impl-any S' Dssee Dssee'. - : st-sqsubeq-ex-nil-impl-any st-nil (st-ssee-fcn Dssee) (st-ssee-fcn Dssee') <- st-sqsubeq-ex-nil-impl-any st-nil Dssee Dssee'. - : st-sqsubeq-ex-nil-impl-any (st-cons _ S') (st-ssee-fcn Dssee) (st-ssee-fcc Dssee') <- st-sqsubeq-ex-nil-impl-any S' Dssee Dssee'. - : st-sqsubeq-ex-nil-impl-any st-nil (st-ssee-cpn Dssee) (st-ssee-cpn Dssee') <- st-sqsubeq-ex-nil-impl-any st-nil Dssee Dssee'. - : st-sqsubeq-ex-nil-impl-any (st-cons _ S') (st-ssee-cpn Dssee) (st-ssee-cpc Dssee') <- st-sqsubeq-ex-nil-impl-any S' Dssee Dssee'. %worlds () (st-sqsubeq-ex-nil-impl-any _ _ _). %total D (st-sqsubeq-ex-nil-impl-any _ D _). %% st-sqsubeq-ex-trans : st-sqsubeq-ex S1 X S2 -> st-sqsubeq-ex S2 X S3 -> %% st-sqsubeq-ex S1 X S3 -> type. %mode st-sqsubeq-ex-trans +X1 +X2 -X3. - : st-sqsubeq-ex-trans st-ssee-nxx _ st-ssee-nxx. - : st-sqsubeq-ex-trans (Dssee12 : st-sqsubeq-ex _ _ st-nil) (_ : st-sqsubeq-ex st-nil _ S3) Dssee13 <- st-sqsubeq-ex-nil-impl-any S3 Dssee12 Dssee13. - : st-sqsubeq-ex-trans (st-ssee-fnc Dssee12) (st-ssee-fnn Dssee23) (st-ssee-fnn Dssee13) <- st-sqsubeq-ex-trans Dssee12 Dssee23 Dssee13. - : st-sqsubeq-ex-trans (st-ssee-fcc Dssee12) (st-ssee-fcn Dssee23) (st-ssee-fcn Dssee13) <- st-sqsubeq-ex-trans Dssee12 Dssee23 Dssee13. - : st-sqsubeq-ex-trans (st-ssee-fnc Dssee12) (st-ssee-fnc Dssee23) (st-ssee-fnc Dssee13) <- st-sqsubeq-ex-trans Dssee12 Dssee23 Dssee13. - : st-sqsubeq-ex-trans (st-ssee-fcc Dssee12) (st-ssee-fcc Dssee23) (st-ssee-fcc Dssee13) <- st-sqsubeq-ex-trans Dssee12 Dssee23 Dssee13. - : st-sqsubeq-ex-trans (st-ssee-fnc Dssee12) (st-ssee-vnv Dssee23 _) (st-ssee-fnc Dssee13) <- st-sqsubeq-ex-trans Dssee12 Dssee23 Dssee13. - : st-sqsubeq-ex-trans (st-ssee-fcc Dssee12) (st-ssee-vav Dssee23 _) (st-ssee-fcc Dssee13) <- st-sqsubeq-ex-trans Dssee12 Dssee23 Dssee13. - : st-sqsubeq-ex-trans (st-ssee-fcc Dssee12) (st-ssee-cpn Dssee23) (st-ssee-fcn Dssee13) <- st-sqsubeq-ex-trans Dssee12 Dssee23 Dssee13. - : st-sqsubeq-ex-trans (st-ssee-fcc Dssee12) (st-ssee-cpc Dssee23) (st-ssee-fcc Dssee13) <- st-sqsubeq-ex-trans Dssee12 Dssee23 Dssee13. - : st-sqsubeq-ex-trans (st-ssee-vnv Dssee12 _) (st-ssee-vnv Dssee23 _) (st-ssee-vnv Dssee13 val-eq_) <- st-sqsubeq-ex-trans Dssee12 Dssee23 Dssee13. - : st-sqsubeq-ex-trans (st-ssee-vav Dssee12 _) (st-ssee-vav Dssee23 _) (st-ssee-vav Dssee13 val-eq_) <- st-sqsubeq-ex-trans Dssee12 Dssee23 Dssee13. - : st-sqsubeq-ex-trans (st-ssee-cpc Dssee12) (st-ssee-fcn Dssee23) (st-ssee-cpn Dssee13) <- st-sqsubeq-ex-trans Dssee12 Dssee23 Dssee13. - : st-sqsubeq-ex-trans (st-ssee-cpc Dssee12) (st-ssee-fcc Dssee23) (st-ssee-cpc Dssee13) <- st-sqsubeq-ex-trans Dssee12 Dssee23 Dssee13. - : st-sqsubeq-ex-trans (st-ssee-cpc Dssee12) (st-ssee-cpn Dssee23) (st-ssee-cpn Dssee13) <- st-sqsubeq-ex-trans Dssee12 Dssee23 Dssee13. - : st-sqsubeq-ex-trans (st-ssee-cpc Dssee12) (st-ssee-cpc Dssee23) (st-ssee-cpc Dssee13) <- st-sqsubeq-ex-trans Dssee12 Dssee23 Dssee13. %worlds () (st-sqsubeq-ex-trans _ _ _). %total D (st-sqsubeq-ex-trans D _ _). st-sqsubeq-ex-resp-subeq : st-sqsubeq-ex S1 X S2 -> ls-subeq X X' -> %% st-sqsubeq-ex S1 X' S2 -> type. %mode st-sqsubeq-ex-resp-subeq +X1 +X2 -X3. - : st-sqsubeq-ex-resp-subeq st-ssee-nxx _ st-ssee-nxx. - : st-sqsubeq-ex-resp-subeq (st-ssee-fnn D) ls-subeq-nx (st-ssee-fnn D') <- st-sqsubeq-ex-resp-subeq D ls-subeq-nx D'. - : st-sqsubeq-ex-resp-subeq (st-ssee-fnn D) ls-subeq-nx (st-ssee-fcn D') <- st-sqsubeq-ex-resp-subeq D ls-subeq-nx D'. - : st-sqsubeq-ex-resp-subeq (st-ssee-fnn D) (ls-subeq-xn ls-empty-n) (st-ssee-fnn D') <- st-sqsubeq-ex-resp-subeq D (ls-subeq-xn ls-empty-n) D'. - : st-sqsubeq-ex-resp-subeq (st-ssee-fcn D) (ls-subeq-xn (ls-empty-a Emp)) (st-ssee-fnn D') <- st-sqsubeq-ex-resp-subeq D (ls-subeq-xn Emp) D'. - : st-sqsubeq-ex-resp-subeq (st-ssee-fcn D) (ls-subeq-ax Dsub) (st-ssee-fcn D') <- st-sqsubeq-ex-resp-subeq D Dsub D'. - : st-sqsubeq-ex-resp-subeq (st-ssee-fcn D) (ls-subeq-pp Dsub) (st-ssee-fcn D') <- st-sqsubeq-ex-resp-subeq D Dsub D'. - : st-sqsubeq-ex-resp-subeq (st-ssee-fnc D) ls-subeq-nx (st-ssee-fnc D') <- st-sqsubeq-ex-resp-subeq D ls-subeq-nx D'. - : st-sqsubeq-ex-resp-subeq (st-ssee-fnc D) ls-subeq-nx (st-ssee-fcc D') <- st-sqsubeq-ex-resp-subeq D ls-subeq-nx D'. - : st-sqsubeq-ex-resp-subeq (st-ssee-fnc D) (ls-subeq-xn ls-empty-n) (st-ssee-fnc D') <- st-sqsubeq-ex-resp-subeq D (ls-subeq-xn ls-empty-n) D'. - : st-sqsubeq-ex-resp-subeq (st-ssee-fcc D) (ls-subeq-xn (ls-empty-a Emp)) (st-ssee-fnc D') <- st-sqsubeq-ex-resp-subeq D (ls-subeq-xn Emp) D'. - : st-sqsubeq-ex-resp-subeq (st-ssee-fcc D) (ls-subeq-ax Dsub) (st-ssee-fcc D') <- st-sqsubeq-ex-resp-subeq D Dsub D'. - : st-sqsubeq-ex-resp-subeq (st-ssee-fcc D) (ls-subeq-pp Dsub) (st-ssee-fcc D') <- st-sqsubeq-ex-resp-subeq D Dsub D'. - : st-sqsubeq-ex-resp-subeq (st-ssee-vnv D _) (ls-subeq-xn _) (st-ssee-vnv D' val-eq_) <- st-sqsubeq-ex-resp-subeq D ls-subeq-nx D'. - : st-sqsubeq-ex-resp-subeq (st-ssee-vav D _) (ls-subeq-xn _) (st-ssee-vnv D' val-eq_) <- st-sqsubeq-ex-resp-subeq D ls-subeq-nx D'. - : st-sqsubeq-ex-resp-subeq (st-ssee-vnv D _) ls-subeq-nx (st-ssee-vnv D' val-eq_) <- st-sqsubeq-ex-resp-subeq D ls-subeq-nx D'. - : st-sqsubeq-ex-resp-subeq (st-ssee-vnv D _) ls-subeq-nx (st-ssee-vav D' val-eq_) <- st-sqsubeq-ex-resp-subeq D ls-subeq-nx D'. - : st-sqsubeq-ex-resp-subeq (st-ssee-vnv D _) ls-subeq-nx (st-ssee-cpc D') <- st-sqsubeq-ex-resp-subeq D ls-subeq-nx D'. - : st-sqsubeq-ex-resp-subeq (st-ssee-vav D _) (ls-subeq-xn (ls-empty-a Emp)) (st-ssee-vnv D' val-eq_) <- st-sqsubeq-ex-resp-subeq D (ls-subeq-xn Emp) D'. - : st-sqsubeq-ex-resp-subeq (st-ssee-vav D _) (ls-subeq-ax Dsub) (st-ssee-vav D' val-eq_) <- st-sqsubeq-ex-resp-subeq D Dsub D'. - : st-sqsubeq-ex-resp-subeq (st-ssee-vav D _) (ls-subeq-ax Dsub) (st-ssee-cpc D') <- st-sqsubeq-ex-resp-subeq D Dsub D'. - : st-sqsubeq-ex-resp-subeq (st-ssee-cpn D) (ls-subeq-pp Dsub) (st-ssee-cpn D') <- st-sqsubeq-ex-resp-subeq D Dsub D'. - : st-sqsubeq-ex-resp-subeq (st-ssee-cpc D) (ls-subeq-pp Dsub) (st-ssee-cpc D') <- st-sqsubeq-ex-resp-subeq D Dsub D'. %worlds () (st-sqsubeq-ex-resp-subeq _ _ _). %total D (st-sqsubeq-ex-resp-subeq D _ _). st-update-imp-st-sqsubeq-ex : st-update S L V S' -> ls-sing L X -> %% st-sqsubeq-ex S X S' -> type. %mode st-update-imp-st-sqsubeq-ex +X1 +X2 -X3. - : st-update-imp-st-sqsubeq-ex st-up-nz ls-sing-z st-ssee-nxx. - : st-update-imp-st-sqsubeq-ex (st-up-ns _) _ st-ssee-nxx. - : st-update-imp-st-sqsubeq-ex (st-up-cz : st-update (st-cons sv-free S) _ _ _) ls-sing-z (st-ssee-fcc D) <- st-sqsubeq-ex-refl S ls-nil D. - : st-update-imp-st-sqsubeq-ex (st-up-cz : st-update (st-cons (sv-val _) S) _ _ _) ls-sing-z (st-ssee-cpc D) <- st-sqsubeq-ex-refl S ls-nil D. - : st-update-imp-st-sqsubeq-ex (st-up-cs Dup : st-update (st-cons sv-free S) _ _ _) (ls-sing-s Dls) (st-ssee-fcc D) <- st-update-imp-st-sqsubeq-ex Dup Dls D. - : st-update-imp-st-sqsubeq-ex (st-up-cs Dup : st-update (st-cons (sv-val _) S) _ _ _) (ls-sing-s Dls) (st-ssee-vav D val-eq_) <- st-update-imp-st-sqsubeq-ex Dup Dls D. %worlds () (st-update-imp-st-sqsubeq-ex _ _ _). %total D (st-update-imp-st-sqsubeq-ex D _ _). %% st-lo-ssee-nil-contradiction : st-lookup S L _ -> ls-sing L X -> ls-disjoint X G -> st-sqsubeq-ex S G st-nil -> false -> type. %mode st-lo-ssee-nil-contradiction +X1 +X2 +X3 +X4 -X3. - : st-lo-ssee-nil-contradiction (st-lo-s L) (ls-sing-s Sg) ls-dj-xn (st-ssee-fnn Dssee) False <- st-lo-ssee-nil-contradiction L Sg ls-dj-xn Dssee False. - : st-lo-ssee-nil-contradiction (st-lo-s L) (ls-sing-s Sg) (ls-dj-ac Dj) (st-ssee-fcn Dssee) False <- st-lo-ssee-nil-contradiction L Sg Dj Dssee False. - : st-lo-ssee-nil-contradiction (st-lo-s L) (ls-sing-s Sg) (ls-dj-ac Dj) (st-ssee-cpn Dssee) False <- st-lo-ssee-nil-contradiction L Sg Dj Dssee False. - : st-lo-ssee-nil-contradiction (st-lo-s L) (ls-sing-s Sg) (ls-dj-ca Dj) (st-ssee-fcn Dssee) False <- st-lo-ssee-nil-contradiction L Sg Dj Dssee False. %worlds (var-block) (st-lo-ssee-nil-contradiction _ _ _ _ _). %total D (st-lo-ssee-nil-contradiction D _ _ _ _). %% st-false-implies-nil-lookup : {L}{V} false -> st-lookup st-nil L V -> type. %mode st-false-implies-nil-lookup +L +V +F -Dlu. %worlds (var-block) (st-false-implies-nil-lookup _ _ _ _). %total {} (st-false-implies-nil-lookup _ _ _ _). %% %{ This lemma is the motivation for our representation of stores and location sets; it is a straightforward induction in this representation, but would seem to require a lot of sub-lemmas in some more "obvious" representations (e.g. association lists for stores and lists for location sets). }% st-lookup-resp-sqsubeq-ex-notin : st-lookup S L V -> st-sqsubeq-ex S G S' -> ls-sing L X -> ls-disjoint X G -> %% st-lookup S' L V -> type. %mode st-lookup-resp-sqsubeq-ex-notin +X1 +X2 +X3 +X4 -X5. - : st-lookup-resp-sqsubeq-ex-notin Dlo Dssee Sg Dj Dlo' <- st-lo-ssee-nil-contradiction Dlo Sg Dj Dssee False <- st-false-implies-nil-lookup _ _ False Dlo'. - : st-lookup-resp-sqsubeq-ex-notin st-lo-z (st-ssee-vnv _ _) ls-sing-z ls-dj-xn st-lo-z. - : st-lookup-resp-sqsubeq-ex-notin st-lo-z (st-ssee-vav _ _) ls-sing-z (ls-dj-ca _) st-lo-z. - : st-lookup-resp-sqsubeq-ex-notin (st-lo-s L) (st-ssee-fnc Dssee) (ls-sing-s Sg) ls-dj-xn (st-lo-s L') <- st-lookup-resp-sqsubeq-ex-notin L Dssee Sg ls-dj-xn L'. - : st-lookup-resp-sqsubeq-ex-notin (st-lo-s L) (st-ssee-fcc Dssee) (ls-sing-s Sg) (ls-dj-ac Dj) (st-lo-s L') <- st-lookup-resp-sqsubeq-ex-notin L Dssee Sg Dj L'. - : st-lookup-resp-sqsubeq-ex-notin (st-lo-s L) (st-ssee-fcc Dssee) (ls-sing-s Sg) (ls-dj-ca Dj) (st-lo-s L') <- st-lookup-resp-sqsubeq-ex-notin L Dssee Sg Dj L'. - : st-lookup-resp-sqsubeq-ex-notin (st-lo-s L) (st-ssee-vnv Dssee _) (ls-sing-s Sg) ls-dj-xn (st-lo-s L') <- st-lookup-resp-sqsubeq-ex-notin L Dssee Sg ls-dj-xn L'. - : st-lookup-resp-sqsubeq-ex-notin (st-lo-s L) (st-ssee-vav Dssee _) (ls-sing-s Sg) (ls-dj-ac Dj) (st-lo-s L') <- st-lookup-resp-sqsubeq-ex-notin L Dssee Sg Dj L'. - : st-lookup-resp-sqsubeq-ex-notin (st-lo-s L) (st-ssee-vav Dssee _) (ls-sing-s Sg) (ls-dj-ca Dj) (st-lo-s L') <- st-lookup-resp-sqsubeq-ex-notin L Dssee Sg Dj L'. - : st-lookup-resp-sqsubeq-ex-notin (st-lo-s L) (st-ssee-cpc Dssee) (ls-sing-s Sg) (ls-dj-ac Dj) (st-lo-s L') <- st-lookup-resp-sqsubeq-ex-notin L Dssee Sg Dj L'. %worlds (var-block) (st-lookup-resp-sqsubeq-ex-notin _ _ _ _ _). %total D (st-lookup-resp-sqsubeq-ex-notin D _ _ _ _). %% st-lookup-nodep : ({v : val} st-lookup S L (V v)) -> %% st-lookup S L V' -> ({v : val} val-eq (V v) V') -> type. %mode st-lookup-nodep +X1 -X2 -X3. - : st-lookup-nodep ([v] st-lo-z) %% st-lo-z ([v] val-eq_) . - : st-lookup-nodep ([v] st-lo-s (Dstl v)) %% (st-lo-s Dstl') Deq <- st-lookup-nodep Dstl Dstl' Deq. %worlds (var-block) (st-lookup-nodep _ _ _). %total D (st-lookup-nodep D _ _). %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% trace-lemmas.thm %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% trs-gen-fun : trs-gen Ts X -> trs-gen Ts X' -> %% ls-eq X X' -> type. %mode trs-gen-fun +X1 +X2 -X3. trc-gen-fun : trc-gen Tc X -> trc-gen Tc X' -> %% ls-eq X X' -> type. %mode trc-gen-fun +X1 +X2 -X3. %{ cases for trs-gen-fun }% - : trs-gen-fun trs-gen-nil _ (ls-eq-nx ls-empty-n). - : trs-gen-fun (trs-gen-mod Dlu Dls Dcg) (trs-gen-mod Dlu' Dls' Dcg') Deq <- trc-gen-fun Dcg Dcg' Deq1 <- ls-sing-fun Dls Dls' Deq2 <- ls-union-fun Deq1 Deq2 Dlu Dlu' Deq. - : trs-gen-fun (trs-gen-let Dun Dsg1 Dsg2) (trs-gen-let Dun' Dsg1' Dsg2') Eqres <- trs-gen-fun Dsg1 Dsg1' Eq1 <- trs-gen-fun Dsg2 Dsg2' Eq2 <- ls-union-fun Eq2 Eq1 Dun Dun' Eqres. %{ cases for trc-gen-fun }% - : trc-gen-fun trc-gen-wr _ (ls-eq-nx ls-empty-n). - : trc-gen-fun (trc-gen-let Dun Dcg Dsg) (trc-gen-let Dun' Dcg' Dsg') Eqres <- trc-gen-fun Dcg Dcg' Eqc <- trs-gen-fun Dsg Dsg' Eqs <- ls-union-fun Eqs Eqc Dun Dun' Eqres. - : trc-gen-fun (trc-gen-rd Dcg) (trc-gen-rd Dcg') Eqres <- trc-gen-fun Dcg Dcg' Eqres. %worlds () (trs-gen-fun _ _ _) (trc-gen-fun _ _ _). %total (Dc Ds) (trc-gen-fun Dc _ _) (trs-gen-fun Ds _ _). %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% eval-lemmas.thm %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% evals-imp-st-sqsubeq-ex-trs-gen : evals S _ _ S' Ts -> trs-gen Ts G -> %% st-sqsubeq-ex S G S' -> type. %mode evals-imp-st-sqsubeq-ex-trs-gen +X1 +X2 -X3. evalc-imp-st-sqsubeq-ex-trc-gen : evalc S L _ S' Ts -> trc-gen Ts G -> ls-sing L X -> ls-union G X G+X -> %% st-sqsubeq-ex S G+X S' -> type. %mode evalc-imp-st-sqsubeq-ex-trc-gen +X1 +X2 +X3 +X4 -X5. cps-imp-st-sqsubeq-ex-trs-gen : cps S _ S' Ts' -> trs-gen Ts' G -> %% st-sqsubeq-ex S G S' -> type. %mode cps-imp-st-sqsubeq-ex-trs-gen +X1 +X2 -X3. cpc-imp-st-sqsubeq-ex-trc-gen : cpc S L _ S' Ts' -> trc-gen Ts' G -> ls-sing L X -> ls-union G X G+X -> %% st-sqsubeq-ex S G+X S' -> type. %mode cpc-imp-st-sqsubeq-ex-trc-gen +X1 +X2 +X3 +X4 -X5. %% - : evals-imp-st-sqsubeq-ex-trs-gen evals-val trs-gen-nil %% Dssee' <- st-sqsubeq-ex-refl _ _ Dssee' . - : evals-imp-st-sqsubeq-ex-trs-gen (evals-plus Dsum) trs-gen-nil %% Dssee' <- st-sqsubeq-ex-refl _ _ Dssee' . - : evals-imp-st-sqsubeq-ex-trs-gen (evals-mod _ _ _ Devalc) (trs-gen-mod Dlu Dls Dtg) %% Dssee' <- evalc-imp-st-sqsubeq-ex-trc-gen Devalc Dtg Dls Dlu Dssee' . - : evals-imp-st-sqsubeq-ex-trs-gen (evals-memo-miss Devals) Dtg %% Dssee' <- evals-imp-st-sqsubeq-ex-trs-gen Devals Dtg Dssee' . - : evals-imp-st-sqsubeq-ex-trs-gen (evals-memo-hit Dcps _ _) Dtg %% Dssee' <- cps-imp-st-sqsubeq-ex-trs-gen Dcps Dtg Dssee' . - : evals-imp-st-sqsubeq-ex-trs-gen (evals-app Devals) Dtg %% Dssee' <- evals-imp-st-sqsubeq-ex-trs-gen Devals Dtg Dssee' . - : evals-imp-st-sqsubeq-ex-trs-gen (evals-let _ _ _ Devals2 Devals1) (trs-gen-let (Dlu : ls-union G1 G2 G1+G2) Dtg2 Dtg1) %% Dssee' <- evals-imp-st-sqsubeq-ex-trs-gen Devals1 Dtg1 Dssee1 <- evals-imp-st-sqsubeq-ex-trs-gen Devals2 Dtg2 Dssee2 <- ls-union-imp-subeq Dlu (Dlse1 : ls-subeq G1 G1+G2) (Dlse2 : ls-subeq G2 G1+G2) <- st-sqsubeq-ex-resp-subeq Dssee1 Dlse1 Dssee1' <- st-sqsubeq-ex-resp-subeq Dssee2 Dlse2 Dssee2' <- st-sqsubeq-ex-trans Dssee1' Dssee2' Dssee' . - : evals-imp-st-sqsubeq-ex-trs-gen (evals-letp Devals) Dtg %% Dssee' <- evals-imp-st-sqsubeq-ex-trs-gen Devals Dtg Dssee' . - : evals-imp-st-sqsubeq-ex-trs-gen (evals-case-inl Devals) Dtg %% Dssee' <- evals-imp-st-sqsubeq-ex-trs-gen Devals Dtg Dssee' . - : evals-imp-st-sqsubeq-ex-trs-gen (evals-case-inr Devals) Dtg %% Dssee' <- evals-imp-st-sqsubeq-ex-trs-gen Devals Dtg Dssee' . %% - : evalc-imp-st-sqsubeq-ex-trc-gen (evalc-write Dstu) trc-gen-wr Dls _ %% Dssee' <- st-update-imp-st-sqsubeq-ex Dstu Dls Dssee' . - : evalc-imp-st-sqsubeq-ex-trc-gen (evalc-read Devalc _) (trc-gen-rd Dtg) Dls Dlu %% Dssee' <- evalc-imp-st-sqsubeq-ex-trc-gen Devalc Dtg Dls Dlu Dssee' . - : evalc-imp-st-sqsubeq-ex-trc-gen (evalc-memo-miss Devalc) Dtg Dls Dlu %% Dssee' <- evalc-imp-st-sqsubeq-ex-trc-gen Devalc Dtg Dls Dlu Dssee' . - : evalc-imp-st-sqsubeq-ex-trc-gen (evalc-memo-hit Dcpc _ _) Dtg Dls Dlu %% Dssee' <- cpc-imp-st-sqsubeq-ex-trc-gen Dcpc Dtg Dls Dlu Dssee' . - : evalc-imp-st-sqsubeq-ex-trc-gen (evalc-app Devalc) Dtg Dls Dlu %% Dssee' <- evalc-imp-st-sqsubeq-ex-trc-gen Devalc Dtg Dls Dlu Dssee' . - : evalc-imp-st-sqsubeq-ex-trc-gen (evalc-let _ _ _ Devalc2 Devals1) (trc-gen-let (Dlu : ls-union G1 G2 G1+G2) Dtg2 Dtg1) Dls (Dlu2 : ls-union G1+G2 X G1+G2+X) %% Dssee' <- evals-imp-st-sqsubeq-ex-trs-gen Devals1 Dtg1 Dssee1 <- can-ls-union _ _ (Dlu3 : ls-union G2 X G2+X) <- evalc-imp-st-sqsubeq-ex-trc-gen Devalc2 Dtg2 Dls Dlu3 Dssee2 <- ls-union-imp-subeq Dlu2 (Dlse5 : ls-subeq G1+G2 G1+G2+X) (Dlse6 : ls-subeq X G1+G2+X) <- ls-union-imp-subeq Dlu (Dlse7 : ls-subeq G1 G1+G2) (Dlse8 : ls-subeq G2 G1+G2) <- ls-subeq-trans Dlse7 Dlse5 (Dlse3 : ls-subeq G1 G1+G2+X) <- ls-subeq-trans Dlse8 Dlse5 (Dlse9 : ls-subeq G2 G1+G2+X) <- ls-subeq-union Dlse9 Dlse6 Dlu3 (Dlse4 : ls-subeq G2+X G1+G2+X) <- st-sqsubeq-ex-resp-subeq Dssee1 Dlse3 Dssee1' <- st-sqsubeq-ex-resp-subeq Dssee2 Dlse4 Dssee2' <- st-sqsubeq-ex-trans Dssee1' Dssee2' Dssee' . - : evalc-imp-st-sqsubeq-ex-trc-gen (evalc-letp Devalc) Dtg Dls Dlu %% Dssee' <- evalc-imp-st-sqsubeq-ex-trc-gen Devalc Dtg Dls Dlu Dssee' . - : evalc-imp-st-sqsubeq-ex-trc-gen (evalc-case-inl Devalc) Dtg Dls Dlu %% Dssee' <- evalc-imp-st-sqsubeq-ex-trc-gen Devalc Dtg Dls Dlu Dssee' . - : evalc-imp-st-sqsubeq-ex-trc-gen (evalc-case-inr Devalc) Dtg Dls Dlu %% Dssee' <- evalc-imp-st-sqsubeq-ex-trc-gen Devalc Dtg Dls Dlu Dssee' . %% - : cps-imp-st-sqsubeq-ex-trs-gen cps-nil trs-gen-nil %% Dssee' <- st-sqsubeq-ex-refl _ _ Dssee' . - : cps-imp-st-sqsubeq-ex-trs-gen (cps-mod _ _ _ Dcpc) (trs-gen-mod Dlu Dls Dtg) %% Dssee' <- cpc-imp-st-sqsubeq-ex-trc-gen Dcpc Dtg Dls Dlu Dssee' . - : cps-imp-st-sqsubeq-ex-trs-gen (cps-let _ _ _ Dcps2 Dcps1) (trs-gen-let (Dlu : ls-union G1 G2 G1+G2) Dtg2 Dtg1) %% Dssee' <- cps-imp-st-sqsubeq-ex-trs-gen Dcps1 Dtg1 Dssee1 <- cps-imp-st-sqsubeq-ex-trs-gen Dcps2 Dtg2 Dssee2 <- ls-union-imp-subeq Dlu (Dlse1 : ls-subeq G1 G1+G2) (Dlse2 : ls-subeq G2 G1+G2) <- st-sqsubeq-ex-resp-subeq Dssee1 Dlse1 Dssee1' <- st-sqsubeq-ex-resp-subeq Dssee2 Dlse2 Dssee2' <- st-sqsubeq-ex-trans Dssee1' Dssee2' Dssee' . %% - : cpc-imp-st-sqsubeq-ex-trc-gen (cpc-write Dstu) trc-gen-wr Dls Dlu %% Dssee' <- st-update-imp-st-sqsubeq-ex Dstu Dls Dssee' . - : cpc-imp-st-sqsubeq-ex-trc-gen (cpc-let _ _ _ Dcpc2 Dcps1) (trc-gen-let (Dlu : ls-union G1 G2 G1+G2) Dtg2 Dtg1) Dls (Dlu2 : ls-union G1+G2 X G1+G2+X) %% Dssee' <- cps-imp-st-sqsubeq-ex-trs-gen Dcps1 Dtg1 Dssee1 <- can-ls-union _ _ (Dlu3 : ls-union G2 X G2+X) <- cpc-imp-st-sqsubeq-ex-trc-gen Dcpc2 Dtg2 Dls Dlu3 Dssee2 <- ls-union-imp-subeq Dlu2 (Dlse5 : ls-subeq G1+G2 G1+G2+X) (Dlse6 : ls-subeq X G1+G2+X) <- ls-union-imp-subeq Dlu (Dlse7 : ls-subeq G1 G1+G2) (Dlse8 : ls-subeq G2 G1+G2) <- ls-subeq-trans Dlse7 Dlse5 (Dlse3 : ls-subeq G1 G1+G2+X) <- ls-subeq-trans Dlse8 Dlse5 (Dlse9 : ls-subeq G2 G1+G2+X) <- ls-subeq-union Dlse9 Dlse6 Dlu3 (Dlse4 : ls-subeq G2+X G1+G2+X) <- st-sqsubeq-ex-resp-subeq Dssee1 Dlse3 Dssee1' <- st-sqsubeq-ex-resp-subeq Dssee2 Dlse4 Dssee2' <- st-sqsubeq-ex-trans Dssee1' Dssee2' Dssee' . - : cpc-imp-st-sqsubeq-ex-trc-gen (cpc-read/noch Dcpc _) (trc-gen-rd Dtg) Dls Dlu %% Dssee' <- cpc-imp-st-sqsubeq-ex-trc-gen Dcpc Dtg Dls Dlu Dssee' . - : cpc-imp-st-sqsubeq-ex-trc-gen (cpc-read/ch Devalc _ _) (trc-gen-rd Dtg) Dls Dlu %% Dssee' <- evalc-imp-st-sqsubeq-ex-trc-gen Devalc Dtg Dls Dlu Dssee' . %% %worlds () (evals-imp-st-sqsubeq-ex-trs-gen _ _ _) (evalc-imp-st-sqsubeq-ex-trc-gen _ _ _ _ _) (cps-imp-st-sqsubeq-ex-trs-gen _ _ _) (cpc-imp-st-sqsubeq-ex-trc-gen _ _ _ _ _). %total (D1 D2 D3 D4) (evals-imp-st-sqsubeq-ex-trs-gen D1 _ _) (evalc-imp-st-sqsubeq-ex-trc-gen D2 _ _ _ _) (cps-imp-st-sqsubeq-ex-trs-gen D3 _ _) (cpc-imp-st-sqsubeq-ex-trc-gen D4 _ _ _ _). %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% syntax-lemmas.thm %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% val-eq-nat : nat-eq N N' -> val-eq (val-nat N) (val-nat N') -> type. %mode val-eq-nat +X1 -X2. - : val-eq-nat nat-eq_ val-eq_. %worlds () (val-eq-nat _ _). %total {} (val-eq-nat _ _). val-eq-pr : val-eq V1 V1' -> val-eq V2 V2' -> val-eq (val-pr V1 V2) (val-pr V1' V2') -> type. %mode val-eq-pr +X1 +X2 -X3. - : val-eq-pr val-eq_ val-eq_ val-eq_. %worlds (val-block) (val-eq-pr _ _ _). %total {} (val-eq-pr _ _ _). val-eq-inl : val-eq V V' -> val-eq (val-inl V) (val-inl V') -> type. %mode val-eq-inl +X1 -X2. - : val-eq-inl val-eq_ val-eq_. %worlds (val-block) (val-eq-inl _ _). %total {} (val-eq-inl _ _). val-eq-inr : val-eq V V' -> val-eq (val-inr V) (val-inr V') -> type. %mode val-eq-inr +X1 -X2. - : val-eq-inr val-eq_ val-eq_. %worlds (val-block) (val-eq-inr _ _). %total {} (val-eq-inr _ _). val-eq-fns : ({v1}{v2} es-eq (Es v1 v2) (Es' v1 v2)) -> val-eq (val-fns Es) (val-fns Es') -> type. %mode val-eq-fns +X1 -X2. - : val-eq-fns ([v1][v2] es-eq_) val-eq_. %worlds (val-block) (val-eq-fns _ _). %total {} (val-eq-fns _ _). val-eq-fnc : ({v1}{v2} ec-eq (Ec v1 v2) (Ec' v1 v2)) -> val-eq (val-fnc Ec) (val-fnc Ec') -> type. %mode val-eq-fnc +X1 -X2. - : val-eq-fnc ([v1][v2] ec-eq_) val-eq_. %worlds (val-block) (val-eq-fnc _ _). %total {} (val-eq-fnc _ _). es-eq-val : val-eq V V' -> es-eq (es-val V) (es-val V') -> type. %mode es-eq-val +X1 -X2. - : es-eq-val val-eq_ es-eq_. %worlds (val-block) (es-eq-val _ _). %total {} (es-eq-val _ _). es-eq-plus : val-eq V1 V1' -> val-eq V2 V2' -> es-eq (es-plus V1 V2) (es-plus V1' V2') -> type. %mode es-eq-plus +X1 +X2 -X3. - : es-eq-plus val-eq_ val-eq_ es-eq_. %worlds (val-block) (es-eq-plus _ _ _). %total {} (es-eq-plus _ _ _). es-eq-mod : ec-eq Ec Ec' -> es-eq (es-mod Ec) (es-mod Ec') -> type. %mode es-eq-mod +X1 -X2. - : es-eq-mod ec-eq_ es-eq_. %worlds (val-block) (es-eq-mod _ _). %total {} (es-eq-mod _ _). es-eq-app : val-eq V1 V1' -> val-eq V2 V2' -> es-eq (es-app V1 V2) (es-app V1' V2') -> type. %mode es-eq-app +X1 +X2 -X3. - : es-eq-app val-eq_ val-eq_ es-eq_. %worlds (val-block) (es-eq-app _ _ _). %total {} (es-eq-app _ _ _). es-eq-let : es-eq Es1 Es1' -> ({v} es-eq (Es2 v) (Es2' v)) -> es-eq (es-let Es1 Es2) (es-let Es1' Es2') -> type. %mode es-eq-let +X1 +X2 -X3. - : es-eq-let es-eq_ ([v] es-eq_) es-eq_. %worlds (val-block) (es-eq-let _ _ _). %total {} (es-eq-let _ _ _). es-eq-letp : val-eq V1 V1' -> ({v1}{v2} es-eq (Es2 v1 v2) (Es2' v1 v2)) -> es-eq (es-letp V1 Es2) (es-letp V1' Es2') -> type. %mode es-eq-letp +X1 +X2 -X3. - : es-eq-letp val-eq_ ([v1][v2] es-eq_) es-eq_. %worlds (val-block) (es-eq-letp _ _ _). %total {} (es-eq-letp _ _ _). es-eq-case : val-eq V0 V0' -> ({v} es-eq (Es1 v) (Es1' v)) -> ({v} es-eq (Es2 v) (Es2' v)) -> es-eq (es-case V0 Es1 Es2) (es-case V0' Es1' Es2') -> type. %mode es-eq-case +X1 +X2 +X3 -X4. - : es-eq-case val-eq_ ([v] es-eq_) ([v] es-eq_) es-eq_. %worlds (val-block) (es-eq-case _ _ _ _). %total {} (es-eq-case _ _ _ _). es-eq-memo : es-eq Es Es' -> es-eq (es-memo Es) (es-memo Es') -> type. %mode es-eq-memo +X1 -X2. - : es-eq-memo es-eq_ es-eq_. %worlds (val-block) (es-eq-memo _ _). %total {} (es-eq-memo _ _). ec-eq-wr : val-eq V V' -> ec-eq (ec-wr V) (ec-wr V') -> type. %mode ec-eq-wr +X1 -X2. - : ec-eq-wr val-eq_ ec-eq_. %worlds (val-block) (ec-eq-wr _ _). %total {} (ec-eq-wr _ _). ec-eq-read : val-eq V1 V1' -> ({v} ec-eq (Ec2 v) (Ec2' v)) -> ec-eq (ec-read V1 Ec2) (ec-read V1' Ec2') -> type. %mode ec-eq-read +X1 +X2 -X3. - : ec-eq-read val-eq_ ([v] ec-eq_) ec-eq_. %worlds (val-block) (ec-eq-read _ _ _). %total {} (ec-eq-read _ _ _). ec-eq-app : val-eq V1 V1' -> val-eq V2 V2' -> ec-eq (ec-app V1 V2) (ec-app V1' V2') -> type. %mode ec-eq-app +X1 +X2 -X3. - : ec-eq-app val-eq_ val-eq_ ec-eq_. %worlds (val-block) (ec-eq-app _ _ _). %total {} (ec-eq-app _ _ _). ec-eq-let : es-eq Es1 Es1' -> ({v} ec-eq (Ec2 v) (Ec2' v)) -> ec-eq (ec-let Es1 Ec2) (ec-let Es1' Ec2') -> type. %mode ec-eq-let +X1 +X2 -X3. - : ec-eq-let es-eq_ ([v] ec-eq_) ec-eq_. %worlds (val-block) (ec-eq-let _ _ _). %total {} (ec-eq-let _ _ _). ec-eq-letp : val-eq V1 V1' -> ({v1}{v2} ec-eq (Ec2 v1 v2) (Ec2' v1 v2)) -> ec-eq (ec-letp V1 Ec2) (ec-letp V1' Ec2') -> type. %mode ec-eq-letp +X1 +X2 -X3. - : ec-eq-letp val-eq_ ([v1][v2] ec-eq_) ec-eq_. %worlds (val-block) (ec-eq-letp _ _ _). %total {} (ec-eq-letp _ _ _). ec-eq-case : val-eq V0 V0' -> ({v} ec-eq (Ec1 v) (Ec1' v)) -> ({v} ec-eq (Ec2 v) (Ec2' v)) -> ec-eq (ec-case V0 Ec1 Ec2) (ec-case V0' Ec1' Ec2') -> type. %mode ec-eq-case +X1 +X2 +X3 -X4. - : ec-eq-case val-eq_ ([v] ec-eq_) ([v] ec-eq_) ec-eq_. %worlds (val-block) (ec-eq-case _ _ _ _). %total {} (ec-eq-case _ _ _ _). ec-eq-memo : ec-eq Ec Ec' -> ec-eq (ec-memo Ec) (ec-memo Ec') -> type. %mode ec-eq-memo +X1 -X2. - : ec-eq-memo ec-eq_ ec-eq_. %worlds (val-block) (ec-eq-memo _ _). %total {} (ec-eq-memo _ _). es-eq-subst : {Es} val-eq V V' -> es-eq (Es V) (Es V') -> type. %mode es-eq-subst +X1 +X2 -X3. - : es-eq-subst _ val-eq_ es-eq_. %worlds () (es-eq-subst _ _ _). %total {} (es-eq-subst _ _ _). ec-eq-subst : {Ec} val-eq V V' -> ec-eq (Ec V) (Ec V') -> type. %mode ec-eq-subst +X1 +X2 -X3. - : ec-eq-subst _ val-eq_ ec-eq_. %worlds () (ec-eq-subst _ _ _). %total {} (ec-eq-subst _ _ _). %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% wf-ex-lemmas.thm %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% we only need the functionality of the lifted expression wf-val-fun : wf-val V S V^ R -> wf-val V' S V^' R' -> val-eq V V' -> %% need this for val-loc case %% val-eq V^ V^' -> type. %mode wf-val-fun +X1 +X2 +X3 -X4. wf-es-fun : wf-es Es S Es^ R -> wf-es Es S Es^' R' -> %% es-eq Es^ Es^' -> type. %mode wf-es-fun +X1 +X2 -X3. wf-ec-fun : wf-ec Ec S Ec^ R -> wf-ec Ec S Ec^' R' -> %% ec-eq Ec^ Ec^' -> type. %mode wf-ec-fun +X1 +X2 -X3. - : wf-val-fun (wf-val-var _) (wf-val-var _) val-eq_ val-eq_. - : wf-val-fun wf-val-emp wf-val-emp val-eq_ val-eq_. - : wf-val-fun wf-val-nat wf-val-nat val-eq_ val-eq_. - : wf-val-fun (wf-val-loc _ _ Dwv Dstl) (wf-val-loc _ _ Dwv' Dstl') val-eq_ Deq' <- st-lookup-fun Dstl Dstl' Deq <- wf-val-fun Dwv Dwv' Deq Deq'. - : wf-val-fun (wf-val-pr _ Dwv2 Dwv1) (wf-val-pr _ Dwv2' Dwv1') val-eq_ Deq' <- wf-val-fun Dwv1 Dwv1' val-eq_ Deq1' <- wf-val-fun Dwv2 Dwv2' val-eq_ Deq2' <- val-eq-pr Deq1' Deq2' Deq'. - : wf-val-fun (wf-val-inl Dwv) (wf-val-inl Dwv') val-eq_ Deq' <- wf-val-fun Dwv Dwv' val-eq_ Deq'' <- val-eq-inl Deq'' Deq'. - : wf-val-fun (wf-val-inr Dwv) (wf-val-inr Dwv') val-eq_ Deq' <- wf-val-fun Dwv Dwv' val-eq_ Deq'' <- val-eq-inr Deq'' Deq'. - : wf-val-fun (wf-val-fns Dwe) (wf-val-fns Dwe') val-eq_ Deq' <- ({v1}{d1}{v2}{d2} wf-es-fun (Dwe v1 d1 v2 d2) (Dwe' v1 d1 v2 d2) (Deq'' v1 v2)) <- val-eq-fns Deq'' Deq'. - : wf-val-fun (wf-val-fnc Dwe) (wf-val-fnc Dwe') val-eq_ Deq' <- ({v1}{d1}{v2}{d2} wf-ec-fun (Dwe v1 d1 v2 d2) (Dwe' v1 d1 v2 d2) (Deq'' v1 v2)) <- val-eq-fnc Deq'' Deq'. - : wf-es-fun (wf-es-val Dwv) (wf-es-val Dwv') Deq' <- wf-val-fun Dwv Dwv' val-eq_ Deq'' <- es-eq-val Deq'' Deq'. - : wf-es-fun (wf-es-plus _ Dwv2 Dwv1) (wf-es-plus _ Dwv2' Dwv1') Deq' <- wf-val-fun Dwv1 Dwv1' val-eq_ Deq1' <- wf-val-fun Dwv2 Dwv2' val-eq_ Deq2' <- es-eq-plus Deq1' Deq2' Deq'. - : wf-es-fun (wf-es-mod Dwe) (wf-es-mod Dwe') Deq' <- wf-ec-fun Dwe Dwe' Deq'' <- es-eq-mod Deq'' Deq'. - : wf-es-fun (wf-es-app _ Dwv2 Dwv1) (wf-es-app _ Dwv2' Dwv1') Deq' <- wf-val-fun Dwv1 Dwv1' val-eq_ Deq1' <- wf-val-fun Dwv2 Dwv2' val-eq_ Deq2' <- es-eq-app Deq1' Deq2' Deq'. - : wf-es-fun (wf-es-let _ Dwe2 Dwe1) (wf-es-let _ Dwe2' Dwe1') Deq' <- wf-es-fun Dwe1 Dwe1' Deq1' <- ({v}{d} wf-es-fun (Dwe2 v d) (Dwe2' v d) (Deq2' v)) <- es-eq-let Deq1' Deq2' Deq'. - : wf-es-fun (wf-es-letp _ Dwe2 Dwv1) (wf-es-letp _ Dwe2' Dwv1') Deq' <- wf-val-fun Dwv1 Dwv1' val-eq_ Deq1' <- ({v1}{d1}{v2}{d2} wf-es-fun (Dwe2 v1 d1 v2 d2) (Dwe2' v1 d1 v2 d2) (Deq2' v1 v2)) <- es-eq-letp Deq1' Deq2' Deq'. - : wf-es-fun (wf-es-case _ _ Dwe2 Dwe1 Dwv0) (wf-es-case _ _ Dwe2' Dwe1' Dwv0') Deq' <- wf-val-fun Dwv0 Dwv0' val-eq_ Deq0' <- ({v}{d} wf-es-fun (Dwe1 v d) (Dwe1' v d) (Deq1' v)) <- ({v}{d} wf-es-fun (Dwe2 v d) (Dwe2' v d) (Deq2' v)) <- es-eq-case Deq0' Deq1' Deq2' Deq'. - : wf-es-fun (wf-es-memo Dwe) (wf-es-memo Dwe') Deq' <- wf-es-fun Dwe Dwe' Deq'' <- es-eq-memo Deq'' Deq'. - : wf-ec-fun (wf-ec-wr Dwv) (wf-ec-wr Dwv') Deq' <- wf-val-fun Dwv Dwv' val-eq_ Deq'' <- ec-eq-wr Deq'' Deq'. - : wf-ec-fun (wf-ec-read _ Dwe2 Dwv1) (wf-ec-read _ Dwe2' Dwv1') Deq' <- wf-val-fun Dwv1 Dwv1' val-eq_ Deq1' <- ({v}{d} wf-ec-fun (Dwe2 v d) (Dwe2' v d) (Deq2' v)) <- ec-eq-read Deq1' Deq2' Deq'. - : wf-ec-fun (wf-ec-app _ Dwv2 Dwv1) (wf-ec-app _ Dwv2' Dwv1') Deq' <- wf-val-fun Dwv1 Dwv1' val-eq_ Deq1' <- wf-val-fun Dwv2 Dwv2' val-eq_ Deq2' <- ec-eq-app Deq1' Deq2' Deq'. - : wf-ec-fun (wf-ec-let _ Dwe2 Dwe1) (wf-ec-let _ Dwe2' Dwe1') Deq' <- wf-es-fun Dwe1 Dwe1' Deq1' <- ({v}{d} wf-ec-fun (Dwe2 v d) (Dwe2' v d) (Deq2' v)) <- ec-eq-let Deq1' Deq2' Deq'. - : wf-ec-fun (wf-ec-letp _ Dwe2 Dwv1) (wf-ec-letp _ Dwe2' Dwv1') Deq' <- wf-val-fun Dwv1 Dwv1' val-eq_ Deq1' <- ({v1}{d1}{v2}{d2} wf-ec-fun (Dwe2 v1 d1 v2 d2) (Dwe2' v1 d1 v2 d2) (Deq2' v1 v2)) <- ec-eq-letp Deq1' Deq2' Deq'. - : wf-ec-fun (wf-ec-case _ _ Dwe2 Dwe1 Dwv0) (wf-ec-case _ _ Dwe2' Dwe1' Dwv0') Deq' <- wf-val-fun Dwv0 Dwv0' val-eq_ Deq0' <- ({v}{d} wf-ec-fun (Dwe1 v d) (Dwe1' v d) (Deq1' v)) <- ({v}{d} wf-ec-fun (Dwe2 v d) (Dwe2' v d) (Deq2' v)) <- ec-eq-case Deq0' Deq1' Deq2' Deq'. - : wf-ec-fun (wf-ec-memo Dwe) (wf-ec-memo Dwe') Deq' <- wf-ec-fun Dwe Dwe' Deq'' <- ec-eq-memo Deq'' Deq'. %worlds (var-block) (wf-val-fun _ _ _ _) (wf-es-fun _ _ _) (wf-ec-fun _ _ _). %total (D1 D2 D3) (wf-val-fun D1 _ _ _) (wf-es-fun D2 _ _) (wf-ec-fun D3 _ _). wf-val-resp-eq : wf-val V S V^ R -> val-eq V V' -> val-eq V^ V^' -> %% wf-val V' S V^' R -> type. %mode wf-val-resp-eq +X1 +X2 +X3 -X4. - : wf-val-resp-eq Dwv val-eq_ val-eq_ Dwv. %worlds (var-block) (wf-val-resp-eq _ _ _ _). %total {} (wf-val-resp-eq _ _ _ _). %{ Here we remove the dependencies on both the input value and the lifted value in one induction. (This takes equality as an arg because I can't get the termination to go through if I use wf-val-resp-eq in the subst lemma, even with %reduces.) }% wf-val-nodep : ({v}{d : var v} wf-val (V v) S (V' v) R) -> ({v} val-eq (V v) V2) -> %% wf-val V2 S V2' R -> ({v} val-eq V2' (V' v)) -> type. %mode wf-val-nodep +X1 +X2 -X3 -X4. wf-es-nodep : ({v}{d : var v} wf-es (Es v) S (Es' v) R) -> ({v} es-eq (Es v) Es2) -> %% wf-es Es2 S Es2' R -> ({v} es-eq Es2' (Es' v)) -> type. %mode wf-es-nodep +X1 +X2 -X3 -X4. wf-ec-nodep : ({v}{d : var v} wf-ec (Ec v) S (Ec' v) R) -> ({v} ec-eq (Ec v) Ec2) -> %% wf-ec Ec2 S Ec2' R -> ({v} ec-eq Ec2' (Ec' v)) -> type. %mode wf-ec-nodep +X1 +X2 -X3 -X4. - : wf-val-nodep ([v][d] wf-val-var Dwv) _ %% (wf-val-var Dwv) ([v] val-eq_). - : wf-val-nodep ([v][d] wf-val-emp) _ %% wf-val-emp ([v] val-eq_). - : wf-val-nodep ([v][d] wf-val-nat) ([v] val-eq_) %% wf-val-nat ([v] val-eq_). - : wf-val-nodep ([v][d] wf-val-loc Dlu Dls (Dwv v d) (Dstl v)) ([v] val-eq_) %% (wf-val-loc Dlu Dls Dwv' Dstl') Deq' <- st-lookup-nodep Dstl Dstl' Deq <- wf-val-nodep Dwv Deq Dwv' Deq'. - : wf-val-nodep ([v][d] wf-val-pr Dlu (Dwv2 v d) (Dwv1 v d)) ([v] val-eq_) %% (wf-val-pr Dlu Dwv2' Dwv1') Deq' <- wf-val-nodep Dwv1 ([v] val-eq_) Dwv1' Deq1' <- wf-val-nodep Dwv2 ([v] val-eq_) Dwv2' Deq2' <- ({v} val-eq-pr (Deq1' v) (Deq2' v) (Deq' v)). - : wf-val-nodep ([v][d] wf-val-inl (Dwv v d)) ([v] val-eq_) %% (wf-val-inl Dwv') Deq' <- wf-val-nodep Dwv ([v] val-eq_) Dwv' Deq'' <- ({v} val-eq-inl (Deq'' v) (Deq' v)). - : wf-val-nodep ([v][d] wf-val-inr (Dwv v d)) ([v] val-eq_) %% (wf-val-inr Dwv') Deq' <- wf-val-nodep Dwv ([v] val-eq_) Dwv' Deq'' <- ({v} val-eq-inr (Deq'' v) (Deq' v)). - : wf-val-nodep ([v][d] wf-val-fns (Dwe v d)) ([v] val-eq_) %% (wf-val-fns Dwe') Deq' <- ({v1}{d1}{v2}{d2} wf-es-nodep ([v3][d3] Dwe v3 d3 v1 d1 v2 d2) ([v] es-eq_) (Dwe' v1 d1 v2 d2) (Deq'' v1 v2)) <- ({v} val-eq-fns ([v1][v2] Deq'' v1 v2 v) (Deq' v)). - : wf-val-nodep ([v][d] wf-val-fnc (Dwe v d)) ([v] val-eq_) %% (wf-val-fnc Dwe') Deq' <- ({v1}{d1}{v2}{d2} wf-ec-nodep ([v3][d3] Dwe v3 d3 v1 d1 v2 d2) ([v] ec-eq_) (Dwe' v1 d1 v2 d2) (Deq'' v1 v2)) <- ({v} val-eq-fnc ([v1][v2] Deq'' v1 v2 v) (Deq' v)). - : wf-es-nodep ([v][d] wf-es-val (Dwv v d)) ([v] es-eq_) %% (wf-es-val Dwv') Deq' <- wf-val-nodep Dwv ([v] val-eq_) Dwv' Deq'' <- ({v} es-eq-val (Deq'' v) (Deq' v)). - : wf-es-nodep ([v][d] wf-es-plus Dlu (Dwv2 v d) (Dwv1 v d)) ([v] es-eq_) %% (wf-es-plus Dlu Dwv2' Dwv1') Deq' <- wf-val-nodep Dwv1 ([v] val-eq_) Dwv1' Deq1' <- wf-val-nodep Dwv2 ([v] val-eq_) Dwv2' Deq2' <- ({v} es-eq-plus (Deq1' v) (Deq2' v) (Deq' v)). - : wf-es-nodep ([v][d] wf-es-mod (Dwe v d)) ([v] es-eq_) %% (wf-es-mod Dwe') Deq' <- wf-ec-nodep Dwe ([v] ec-eq_) Dwe' Deq'' <- ({v} es-eq-mod (Deq'' v) (Deq' v)). - : wf-es-nodep ([v][d] wf-es-app Dlu (Dwv2 v d) (Dwv1 v d)) ([v] es-eq_) %% (wf-es-app Dlu Dwv2' Dwv1') Deq' <- wf-val-nodep Dwv1 ([v] val-eq_) Dwv1' Deq1' <- wf-val-nodep Dwv2 ([v] val-eq_) Dwv2' Deq2' <- ({v} es-eq-app (Deq1' v) (Deq2' v) (Deq' v)). - : wf-es-nodep ([v][d] wf-es-let Dlu (Dwe2 v d) (Dwe1 v d)) ([v] es-eq_) %% (wf-es-let Dlu Dwe2' Dwe1') Deq' <- wf-es-nodep Dwe1 ([v] es-eq_) Dwe1' Deq1' <- ({v1}{d1} wf-es-nodep ([v2][d2] Dwe2 v2 d2 v1 d1) ([v] es-eq_) (Dwe2' v1 d1) (Deq2' v1)) <- ({v} es-eq-let (Deq1' v) ([v1] Deq2' v1 v) (Deq' v)). - : wf-es-nodep ([v][d] wf-es-letp Dlu (Dwe2 v d) (Dwv1 v d)) ([v] es-eq_) %% (wf-es-letp Dlu Dwe2' Dwv1') Deq' <- wf-val-nodep Dwv1 ([v] val-eq_) Dwv1' Deq1' <- ({v1}{d1}{v2}{d2} wf-es-nodep ([v3][d3] Dwe2 v3 d3 v1 d1 v2 d2) ([v] es-eq_) (Dwe2' v1 d1 v2 d2) (Deq2' v1 v2)) <- ({v} es-eq-letp (Deq1' v) ([v1][v2] Deq2' v1 v2 v) (Deq' v)). - : wf-es-nodep ([v][d] wf-es-case Dlu2 Dlu1 (Dwe2 v d) (Dwe1 v d) (Dwv0 v d)) ([v] es-eq_) %% (wf-es-case Dlu2 Dlu1 Dwe2' Dwe1' Dwv0') Deq' <- wf-val-nodep Dwv0 ([v] val-eq_) Dwv0' Deq0' <- ({v1}{d1} wf-es-nodep ([v2][d2] Dwe1 v2 d2 v1 d1) ([v] es-eq_) (Dwe1' v1 d1) (Deq1' v1)) <- ({v1}{d1} wf-es-nodep ([v2][d2] Dwe2 v2 d2 v1 d1) ([v] es-eq_) (Dwe2' v1 d1) (Deq2' v1)) <- ({v} es-eq-case (Deq0' v) ([v1] Deq1' v1 v) ([v1] Deq2' v1 v) (Deq' v)). - : wf-es-nodep ([v][d] wf-es-memo (Dwe v d)) ([v] es-eq_) %% (wf-es-memo Dwe') Deq' <- wf-es-nodep Dwe ([v] es-eq_) Dwe' Deq'' <- ({v} es-eq-memo (Deq'' v) (Deq' v)). - : wf-ec-nodep ([v][d] wf-ec-wr (Dwv v d)) ([v] ec-eq_) %% (wf-ec-wr Dwv') Deq' <- wf-val-nodep Dwv ([v] val-eq_) Dwv' Deq'' <- ({v} ec-eq-wr (Deq'' v) (Deq' v)). - : wf-ec-nodep ([v][d] wf-ec-read Dlu (Dwe2 v d) (Dwv1 v d)) ([v] ec-eq_) %% (wf-ec-read Dlu Dwe2' Dwv1') Deq' <- wf-val-nodep Dwv1 ([v] val-eq_) Dwv1' Deq1' <- ({v1}{d1} wf-ec-nodep ([v2][d2] Dwe2 v2 d2 v1 d1) ([v] ec-eq_) (Dwe2' v1 d1) (Deq2' v1)) <- ({v} ec-eq-read (Deq1' v) ([v1] Deq2' v1 v) (Deq' v)). - : wf-ec-nodep ([v][d] wf-ec-app Dlu (Dwv2 v d) (Dwv1 v d)) ([v] ec-eq_) %% (wf-ec-app Dlu Dwv2' Dwv1') Deq' <- wf-val-nodep Dwv1 ([v] val-eq_) Dwv1' Deq1' <- wf-val-nodep Dwv2 ([v] val-eq_) Dwv2' Deq2' <- ({v} ec-eq-app (Deq1' v) (Deq2' v) (Deq' v)). - : wf-ec-nodep ([v][d] wf-ec-let Dlu (Dwe2 v d) (Dwe1 v d)) ([v] ec-eq_) %% (wf-ec-let Dlu Dwe2' Dwe1') Deq' <- wf-es-nodep Dwe1 ([v] es-eq_) Dwe1' Deq1' <- ({v1}{d1} wf-ec-nodep ([v2][d2] Dwe2 v2 d2 v1 d1) ([v] ec-eq_) (Dwe2' v1 d1) (Deq2' v1)) <- ({v} ec-eq-let (Deq1' v) ([v1] Deq2' v1 v) (Deq' v)). - : wf-ec-nodep ([v][d] wf-ec-letp Dlu (Dwe2 v d) (Dwv1 v d)) ([v] ec-eq_) %% (wf-ec-letp Dlu Dwe2' Dwv1') Deq' <- wf-val-nodep Dwv1 ([v] val-eq_) Dwv1' Deq1' <- ({v1}{d1}{v2}{d2} wf-ec-nodep ([v3][d3] Dwe2 v3 d3 v1 d1 v2 d2) ([v] ec-eq_) (Dwe2' v1 d1 v2 d2) (Deq2' v1 v2)) <- ({v} ec-eq-letp (Deq1' v) ([v1][v2] Deq2' v1 v2 v) (Deq' v)). - : wf-ec-nodep ([v][d] wf-ec-case Dlu2 Dlu1 (Dwe2 v d) (Dwe1 v d) (Dwv0 v d)) ([v] ec-eq_) %% (wf-ec-case Dlu2 Dlu1 Dwe2' Dwe1' Dwv0') Deq' <- wf-val-nodep Dwv0 ([v] val-eq_) Dwv0' Deq0' <- ({v1}{d1} wf-ec-nodep ([v2][d2] Dwe1 v2 d2 v1 d1) ([v] ec-eq_) (Dwe1' v1 d1) (Deq1' v1)) <- ({v1}{d1} wf-ec-nodep ([v2][d2] Dwe2 v2 d2 v1 d1) ([v] ec-eq_) (Dwe2' v1 d1) (Deq2' v1)) <- ({v} ec-eq-case (Deq0' v) ([v1] Deq1' v1 v) ([v1] Deq2' v1 v) (Deq' v)). - : wf-ec-nodep ([v][d] wf-ec-memo (Dwe v d)) ([v] ec-eq_) %% (wf-ec-memo Dwe') Deq' <- wf-ec-nodep Dwe ([v] ec-eq_) Dwe' Deq'' <- ({v} ec-eq-memo (Deq'' v) (Deq' v)). %worlds (var-block) (wf-val-nodep _ _ _ _) (wf-es-nodep _ _ _ _) (wf-ec-nodep _ _ _ _). %total (D1 D2 D3) (wf-val-nodep D1 _ _ _) (wf-es-nodep D2 _ _ _) (wf-ec-nodep D3 _ _ _). wf-subst-subeq-lemma : ls-union X1 X2 X1+X2 -> ls-union X1+X2 XV X1+X2+XV -> ls-union X1 XV X1+XV -> ls-union X2 XV X2+XV -> ls-subeq X1' X1+XV -> ls-subeq X2' X2+XV -> %% ls-union X1' X2' X1'+X2' -> ls-subeq X1'+X2' X1+X2+XV -> type. %mode wf-subst-subeq-lemma +X1 +X2 +X3 +X4 +X5 +X6 -X7 -X8. - : wf-subst-subeq-lemma Dlu Dlu3 Dlu1 Dlu2 Dlse1 Dlse2 %% Dlu' Dlse' <- can-ls-union _ _ (Dlu' : ls-union X1' X2' X1'+X2') <- ls-union-imp-subeq Dlu3 (Dlse7 : ls-subeq X1+X2 X1+X2+XV) (Dlse8 : ls-subeq XV X1+X2+XV) <- ls-union-imp-subeq Dlu (Dlse9 : ls-subeq X1 X1+X2) (Dlse10 : ls-subeq X2 X1+X2) <- ls-subeq-trans Dlse9 Dlse7 (Dlse11 : ls-subeq X1 X1+X2+XV) <- ls-subeq-trans Dlse10 Dlse7 (Dlse13 : ls-subeq X2 X1+X2+XV) <- ls-subeq-union Dlse11 Dlse8 Dlu1 (Dlse5 : ls-subeq X1+XV X1+X2+XV) <- ls-subeq-union Dlse13 Dlse8 Dlu2 (Dlse6 : ls-subeq X2+XV X1+X2+XV) <- ls-subeq-trans Dlse1 Dlse5 (Dlse3 : ls-subeq X1' X1+X2+XV) <- ls-subeq-trans Dlse2 Dlse6 (Dlse4 : ls-subeq X2' X1+X2+XV) <- ls-subeq-union Dlse3 Dlse4 Dlu' (Dlse' : ls-subeq X1'+X2' X1+X2+XV) . %worlds () (wf-subst-subeq-lemma _ _ _ _ _ _ _ _). %total {} (wf-subst-subeq-lemma _ _ _ _ _ _ _ _). wf-val-subst-subeq : ({v}{d : var v} wf-val (V v) S (V' v) X1) -> wf-val V2 S V2' X2 -> ls-union X1 X2 X -> %% wf-val (V V2) S (V' V2') X' -> ls-subeq X' X -> type. %mode wf-val-subst-subeq +X1 +X2 +X3 -X4 -X5. wf-es-subst-subeq : ({v}{d : var v} wf-es (Es v) S (Es' v) X1) -> wf-val V S V' X2 -> ls-union X1 X2 X -> %% wf-es (Es V) S (Es' V') X' -> ls-subeq X' X -> type. %mode wf-es-subst-subeq +X1 +X2 +X3 -X4 -X5. wf-ec-subst-subeq : ({v}{d : var v} wf-ec (Ec v) S (Ec' v) X1) -> wf-val V S V' X2 -> ls-union X1 X2 X -> %% wf-ec (Ec V) S (Ec' V') X' -> ls-subeq X' X -> type. %mode wf-ec-subst-subeq +X1 +X2 +X3 -X4 -X5. - : wf-val-subst-subeq ([v][d] wf-val-var d) Dwv _ %% Dwv Dlse <- ls-subeq-refl _ Dlse . - : wf-val-subst-subeq ([v][d] wf-val-emp) _ _ %% wf-val-emp ls-subeq-nx . - : wf-val-subst-subeq ([v][d] wf-val-nat : wf-val (val-nat N) _ _ _) _ _ %% wf-val-nat ls-subeq-nx . %{ Twelf makes a conservative approximation of possible dependencies--e.g. since var subordinates val and val in turn subordinates st-lookups, it thinks that in var-block worlds the looked-up value might depend on var. So we have to cover the case where it does, and then prove that it can't (the nodep lemmas). }% - : wf-val-subst-subeq ([v][d] wf-val-loc (Dlu : ls-union RV RL RV+RL) Dls ((Dwv : {v} var v -> wf-val (V1 v) _ (V1' v) _) v d) ((Dstl : {v} st-lookup _ _ (V1 v)) v)) (Dwv2 : wf-val V2 _ V2' _) (Dlu2 : ls-union RV+RL _ _) %% (wf-val-loc Dlu Dls Dwv' Dstl') Dlse' <- st-lookup-nodep Dstl Dstl' (Deq : {v} val-eq (V1 v) V1-) <- wf-val-nodep Dwv Deq Dwv3 (Deq2 : {v} val-eq V1'- (V1' v)) <- wf-val-resp-eq Dwv3 val-eq_ (Deq2 V2') Dwv' <- ls-union-imp-subeq Dlu2 (Dlse' : ls-subeq RV+RL _) _ . - : wf-val-subst-subeq ([v][d] wf-val-pr (Dlu : ls-union X1 X2 X1+X2) (Dwv2 v d) (Dwv1 v d)) Dwv3 (Dlu3 : ls-union X1+X2 XV X1+X2+XV) %% (wf-val-pr Dlu' Dwv2' Dwv1') Dlse' <- can-ls-union _ _ (Dlu1 : ls-union X1 XV X1+XV) <- wf-val-subst-subeq Dwv1 Dwv3 Dlu1 Dwv1' (Dlse1 : ls-subeq X1' X1+XV) <- can-ls-union _ _ (Dlu2 : ls-union X2 XV X2+XV) <- wf-val-subst-subeq Dwv2 Dwv3 Dlu2 Dwv2' (Dlse2 : ls-subeq X2' X2+XV) <- wf-subst-subeq-lemma Dlu Dlu3 Dlu1 Dlu2 Dlse1 Dlse2 Dlu' Dlse' . - : wf-val-subst-subeq ([v][d] wf-val-inl (Dwv v d)) Dwv2 (Dlu : ls-union X1 X2 X) %% (wf-val-inl Dwv') Dlse' <- wf-val-subst-subeq Dwv Dwv2 Dlu Dwv' Dlse' . - : wf-val-subst-subeq ([v][d] wf-val-inr (Dwv v d)) Dwv2 (Dlu : ls-union X1 X2 X) %% (wf-val-inr Dwv') Dlse' <- wf-val-subst-subeq Dwv Dwv2 Dlu Dwv' Dlse' . - : wf-val-subst-subeq ([v][d] wf-val-fns (Dwe v d)) Dwv2 (Dlu : ls-union X1 X2 X) %% (wf-val-fns Dwe') Dlse' <- ({v1}{d1}{v2}{d2} wf-es-subst-subeq ([v3][d3] Dwe v3 d3 v1 d1 v2 d2) Dwv2 Dlu (Dwe' v1 d1 v2 d2) Dlse') . - : wf-val-subst-subeq ([v][d] wf-val-fnc (Dwe v d)) Dwv2 (Dlu : ls-union X1 X2 X) %% (wf-val-fnc Dwe') Dlse' <- ({v1}{d1}{v2}{d2} wf-ec-subst-subeq ([v3][d3] Dwe v3 d3 v1 d1 v2 d2) Dwv2 Dlu (Dwe' v1 d1 v2 d2) Dlse') . %% this case covers var-block. - : wf-val-subst-subeq ([v][d] Dwv) _ _ %% Dwv ls-subeq-nx . - : wf-es-subst-subeq ([v][d] wf-es-val (Dwv v d)) Dwv2 (Dlu : ls-union X1 X2 X) %% (wf-es-val Dwv') Dlse' <- wf-val-subst-subeq Dwv Dwv2 Dlu Dwv' Dlse' . - : wf-es-subst-subeq ([v][d] wf-es-plus (Dlu : ls-union X1 X2 X1+X2) (Dwv2 v d) (Dwv1 v d)) Dwv3 (Dlu3 : ls-union X1+X2 XV X1+X2+XV) %% (wf-es-plus Dlu' Dwv2' Dwv1') Dlse' <- can-ls-union _ _ (Dlu1 : ls-union X1 XV X1+XV) <- wf-val-subst-subeq Dwv1 Dwv3 Dlu1 Dwv1' (Dlse1 : ls-subeq X1' X1+XV) <- can-ls-union _ _ (Dlu2 : ls-union X2 XV X2+XV) <- wf-val-subst-subeq Dwv2 Dwv3 Dlu2 Dwv2' (Dlse2 : ls-subeq X2' X2+XV) <- wf-subst-subeq-lemma Dlu Dlu3 Dlu1 Dlu2 Dlse1 Dlse2 Dlu' Dlse' . - : wf-es-subst-subeq ([v][d] wf-es-mod (Dwe v d)) Dwv (Dlu : ls-union X1 X2 X) %% (wf-es-mod Dwe') Dlse' <- wf-ec-subst-subeq Dwe Dwv Dlu Dwe' Dlse' . - : wf-es-subst-subeq ([v][d] wf-es-app (Dlu : ls-union X1 X2 X1+X2) (Dwv2 v d) (Dwv1 v d)) Dwv3 (Dlu3 : ls-union X1+X2 XV X1+X2+XV) %% (wf-es-app Dlu' Dwv2' Dwv1') Dlse' <- can-ls-union _ _ (Dlu1 : ls-union X1 XV X1+XV) <- wf-val-subst-subeq Dwv1 Dwv3 Dlu1 Dwv1' (Dlse1 : ls-subeq X1' X1+XV) <- can-ls-union _ _ (Dlu2 : ls-union X2 XV X2+XV) <- wf-val-subst-subeq Dwv2 Dwv3 Dlu2 Dwv2' (Dlse2 : ls-subeq X2' X2+XV) <- wf-subst-subeq-lemma Dlu Dlu3 Dlu1 Dlu2 Dlse1 Dlse2 Dlu' Dlse' . - : wf-es-subst-subeq ([v][d] wf-es-let (Dlu : ls-union X1 X2 X1+X2) (Dwe2 v d) (Dwe1 v d)) Dwv3 (Dlu3 : ls-union X1+X2 XV X1+X2+XV) %% (wf-es-let Dlu' Dwe2' Dwe1') Dlse' <- can-ls-union _ _ (Dlu1 : ls-union X1 XV X1+XV) <- wf-es-subst-subeq Dwe1 Dwv3 Dlu1 Dwe1' (Dlse1 : ls-subeq X1' X1+XV) <- can-ls-union _ _ (Dlu2 : ls-union X2 XV X2+XV) <- ({v1 : val}{d1 : var v1} wf-es-subst-subeq ([v2][d2] Dwe2 v2 d2 v1 d1) Dwv3 Dlu2 (Dwe2' v1 d1) (Dlse2 : ls-subeq X2' X2+XV)) <- wf-subst-subeq-lemma Dlu Dlu3 Dlu1 Dlu2 Dlse1 Dlse2 Dlu' Dlse' . - : wf-es-subst-subeq ([v][d] wf-es-letp (Dlu : ls-union X1 X2 X1+X2) (Dwe2 v d) (Dwv1 v d)) Dwv3 (Dlu3 : ls-union X1+X2 XV X1+X2+XV) %% (wf-es-letp Dlu' Dwe2' Dwv1') Dlse' <- can-ls-union _ _ (Dlu1 : ls-union X1 XV X1+XV) <- wf-val-subst-subeq Dwv1 Dwv3 Dlu1 Dwv1' (Dlse1 : ls-subeq X1' X1+XV) <- can-ls-union _ _ (Dlu2 : ls-union X2 XV X2+XV) <- ({v1}{d1}{v2}{d2} wf-es-subst-subeq ([v3][d3] Dwe2 v3 d3 v1 d1 v2 d2) Dwv3 Dlu2 (Dwe2' v1 d1 v2 d2) (Dlse2 : ls-subeq X2' X2+XV)) <- wf-subst-subeq-lemma Dlu Dlu3 Dlu1 Dlu2 Dlse1 Dlse2 Dlu' Dlse' . - : wf-es-subst-subeq ([v][d] wf-es-case (Dlu3 : ls-union X1+X2 X0 X1+X2+X0) (Dlu4 : ls-union X1 X2 X1+X2) (Dwe2 v d) (Dwe1 v d) (Dwv0 v d)) Dwv3 (Dlu5 : ls-union X1+X2+X0 XV X1+X2+X0+XV) %% (wf-es-case Dlu3' Dlu4' Dwe2' Dwe1' Dwv0') Dlse' <- can-ls-union _ _ (Dlu0 : ls-union X0 XV X0+XV) <- wf-val-subst-subeq Dwv0 Dwv3 Dlu0 Dwv0' (Dlse0 : ls-subeq X0' X0+XV) <- can-ls-union _ _ (Dlu1 : ls-union X1 XV X1+XV) <- ({v1}{d1} wf-es-subst-subeq ([v2][d2] Dwe1 v2 d2 v1 d1) Dwv3 Dlu1 (Dwe1' v1 d1) (Dlse1 : ls-subeq X1' X1+XV)) <- can-ls-union _ _ (Dlu2 : ls-union X2 XV X2+XV) <- ({v1}{d1} wf-es-subst-subeq ([v2][d2] Dwe2 v2 d2 v1 d1) Dwv3 Dlu2 (Dwe2' v1 d1) (Dlse2 : ls-subeq X2' X2+XV)) <- can-ls-union _ _ (Dlu4' : ls-union X1' X2' X1'+X2') <- can-ls-union _ _ (Dlu3' : ls-union X1'+X2' X0' X1'+X2'+X0') <- ls-union-imp-subeq Dlu3 (Dlse14 : ls-subeq X1+X2 X1+X2+X0) (Dlse10 : ls-subeq X0 X1+X2+X0) <- ls-union-imp-subeq Dlu4 (Dlse16 : ls-subeq X1 X1+X2) (Dlse17 : ls-subeq X2 X1+X2) <- ls-subeq-trans Dlse16 Dlse14 (Dlse11 : ls-subeq X1 X1+X2+X0) <- ls-subeq-trans Dlse17 Dlse14 (Dlse12 : ls-subeq X2 X1+X2+X0) <- ls-subeq-refl _ (Dlse13 : ls-subeq XV XV) <- ls-union-monotone Dlu0 Dlse10 Dlse13 Dlu5 (Dlse7 : ls-subeq X0+XV X1+X2+X0+XV) <- ls-union-monotone Dlu1 Dlse11 Dlse13 Dlu5 (Dlse8 : ls-subeq X1+XV X1+X2+X0+XV) <- ls-union-monotone Dlu2 Dlse12 Dlse13 Dlu5 (Dlse9 : ls-subeq X2+XV X1+X2+X0+XV) <- ls-subeq-trans Dlse0 Dlse7 (Dlse4 : ls-subeq X0' X1+X2+X0+XV) <- ls-subeq-trans Dlse1 Dlse8 (Dlse5 : ls-subeq X1' X1+X2+X0+XV) <- ls-subeq-trans Dlse2 Dlse9 (Dlse6 : ls-subeq X2' X1+X2+X0+XV) <- ls-subeq-union Dlse5 Dlse6 Dlu4' (Dlse3 : ls-subeq X1'+X2' X1+X2+X0+XV) <- ls-subeq-union Dlse3 Dlse4 Dlu3' (Dlse' : ls-subeq X1'+X2'+X0' X1+X2+X0+XV) . - : wf-es-subst-subeq ([v][d] wf-es-memo (Dwe v d)) Dwv (Dlu : ls-union X1 X2 X) %% (wf-es-memo Dwe') Dlse' <- wf-es-subst-subeq Dwe Dwv Dlu Dwe' Dlse' . - : wf-ec-subst-subeq ([v][d] wf-ec-wr (Dwv v d)) Dwv2 (Dlu : ls-union X1 X2 X) %% (wf-ec-wr Dwv') Dlse' <- wf-val-subst-subeq Dwv Dwv2 Dlu Dwv' Dlse' . - : wf-ec-subst-subeq ([v][d] wf-ec-read (Dlu : ls-union X1 X2 X1+X2) (Dwe2 v d) (Dwv1 v d)) Dwv3 (Dlu3 : ls-union X1+X2 XV X1+X2+XV) %% (wf-ec-read Dlu' Dwe2' Dwv1') Dlse' <- can-ls-union _ _ (Dlu1 : ls-union X1 XV X1+XV) <- wf-val-subst-subeq Dwv1 Dwv3 Dlu1 Dwv1' (Dlse1 : ls-subeq X1' X1+XV) <- can-ls-union _ _ (Dlu2 : ls-union X2 XV X2+XV) <- ({v1}{d1} wf-ec-subst-subeq ([v2][d2] Dwe2 v2 d2 v1 d1) Dwv3 Dlu2 (Dwe2' v1 d1) (Dlse2 : ls-subeq X2' X2+XV)) <- wf-subst-subeq-lemma Dlu Dlu3 Dlu1 Dlu2 Dlse1 Dlse2 Dlu' Dlse' . - : wf-ec-subst-subeq ([v][d] wf-ec-app (Dlu : ls-union X1 X2 X1+X2) (Dwv2 v d) (Dwv1 v d)) Dwv3 (Dlu3 : ls-union X1+X2 XV X1+X2+XV) %% (wf-ec-app Dlu' Dwv2' Dwv1') Dlse' <- can-ls-union _ _ (Dlu1 : ls-union X1 XV X1+XV) <- wf-val-subst-subeq Dwv1 Dwv3 Dlu1 Dwv1' (Dlse1 : ls-subeq X1' X1+XV) <- can-ls-union _ _ (Dlu2 : ls-union X2 XV X2+XV) <- wf-val-subst-subeq Dwv2 Dwv3 Dlu2 Dwv2' (Dlse2 : ls-subeq X2' X2+XV) <- wf-subst-subeq-lemma Dlu Dlu3 Dlu1 Dlu2 Dlse1 Dlse2 Dlu' Dlse' . - : wf-ec-subst-subeq ([v][d] wf-ec-let (Dlu : ls-union X1 X2 X1+X2) (Dwe2 v d) (Dwe1 v d)) Dwv3 (Dlu3 : ls-union X1+X2 XV X1+X2+XV) %% (wf-ec-let Dlu' Dwe2' Dwe1') Dlse' <- can-ls-union _ _ (Dlu1 : ls-union X1 XV X1+XV) <- wf-es-subst-subeq Dwe1 Dwv3 Dlu1 Dwe1' (Dlse1 : ls-subeq X1' X1+XV) <- can-ls-union _ _ (Dlu2 : ls-union X2 XV X2+XV) <- ({v1}{d1} wf-ec-subst-subeq ([v2][d2] Dwe2 v2 d2 v1 d1) Dwv3 Dlu2 (Dwe2' v1 d1) (Dlse2 : ls-subeq X2' X2+XV)) <- wf-subst-subeq-lemma Dlu Dlu3 Dlu1 Dlu2 Dlse1 Dlse2 Dlu' Dlse' . - : wf-ec-subst-subeq ([v][d] wf-ec-letp (Dlu : ls-union X1 X2 X1+X2) (Dwe2 v d) (Dwv1 v d)) Dwv3 (Dlu3 : ls-union X1+X2 XV X1+X2+XV) %% (wf-ec-letp Dlu' Dwe2' Dwv1') Dlse' <- can-ls-union _ _ (Dlu1 : ls-union X1 XV X1+XV) <- wf-val-subst-subeq Dwv1 Dwv3 Dlu1 Dwv1' (Dlse1 : ls-subeq X1' X1+XV) <- can-ls-union _ _ (Dlu2 : ls-union X2 XV X2+XV) <- ({v1}{d1}{v2}{d2} wf-ec-subst-subeq ([v3][d3] Dwe2 v3 d3 v1 d1 v2 d2) Dwv3 Dlu2 (Dwe2' v1 d1 v2 d2) (Dlse2 : ls-subeq X2' X2+XV)) <- wf-subst-subeq-lemma Dlu Dlu3 Dlu1 Dlu2 Dlse1 Dlse2 Dlu' Dlse' . - : wf-ec-subst-subeq ([v][d] wf-ec-case (Dlu3 : ls-union X1+X2 X0 X1+X2+X0) (Dlu4 : ls-union X1 X2 X1+X2) (Dwe2 v d) (Dwe1 v d) (Dwv0 v d)) Dwv3 (Dlu5 : ls-union X1+X2+X0 XV X1+X2+X0+XV) %% (wf-ec-case Dlu3' Dlu4' Dwe2' Dwe1' Dwv0') Dlse' <- can-ls-union _ _ (Dlu0 : ls-union X0 XV X0+XV) <- wf-val-subst-subeq Dwv0 Dwv3 Dlu0 Dwv0' (Dlse0 : ls-subeq X0' X0+XV) <- can-ls-union _ _ (Dlu1 : ls-union X1 XV X1+XV) <- ({v1}{d1} wf-ec-subst-subeq ([v2][d2] Dwe1 v2 d2 v1 d1) Dwv3 Dlu1 (Dwe1' v1 d1) (Dlse1 : ls-subeq X1' X1+XV)) <- can-ls-union _ _ (Dlu2 : ls-union X2 XV X2+XV) <- ({v1}{d1} wf-ec-subst-subeq ([v2][d2] Dwe2 v2 d2 v1 d1) Dwv3 Dlu2 (Dwe2' v1 d1) (Dlse2 : ls-subeq X2' X2+XV)) <- can-ls-union _ _ (Dlu4' : ls-union X1' X2' X1'+X2') <- can-ls-union _ _ (Dlu3' : ls-union X1'+X2' X0' X1'+X2'+X0') <- ls-union-imp-subeq Dlu3 (Dlse14 : ls-subeq X1+X2 X1+X2+X0) (Dlse10 : ls-subeq X0 X1+X2+X0) <- ls-union-imp-subeq Dlu4 (Dlse16 : ls-subeq X1 X1+X2) (Dlse17 : ls-subeq X2 X1+X2) <- ls-subeq-trans Dlse16 Dlse14 (Dlse11 : ls-subeq X1 X1+X2+X0) <- ls-subeq-trans Dlse17 Dlse14 (Dlse12 : ls-subeq X2 X1+X2+X0) <- ls-subeq-refl _ (Dlse13 : ls-subeq XV XV) <- ls-union-monotone Dlu0 Dlse10 Dlse13 Dlu5 (Dlse7 : ls-subeq X0+XV X1+X2+X0+XV) <- ls-union-monotone Dlu1 Dlse11 Dlse13 Dlu5 (Dlse8 : ls-subeq X1+XV X1+X2+X0+XV) <- ls-union-monotone Dlu2 Dlse12 Dlse13 Dlu5 (Dlse9 : ls-subeq X2+XV X1+X2+X0+XV) <- ls-subeq-trans Dlse0 Dlse7 (Dlse4 : ls-subeq X0' X1+X2+X0+XV) <- ls-subeq-trans Dlse1 Dlse8 (Dlse5 : ls-subeq X1' X1+X2+X0+XV) <- ls-subeq-trans Dlse2 Dlse9 (Dlse6 : ls-subeq X2' X1+X2+X0+XV) <- ls-subeq-union Dlse5 Dlse6 Dlu4' (Dlse3 : ls-subeq X1'+X2' X1+X2+X0+XV) <- ls-subeq-union Dlse3 Dlse4 Dlu3' (Dlse' : ls-subeq X1'+X2'+X0' X1+X2+X0+XV) . - : wf-ec-subst-subeq ([v][d] wf-ec-memo (Dwe v d)) Dwv (Dlu : ls-union X1 X2 X) %% (wf-ec-memo Dwe') Dlse' <- wf-ec-subst-subeq Dwe Dwv Dlu Dwe' Dlse' . %worlds (var-block) (wf-val-subst-subeq _ _ _ _ _) (wf-es-subst-subeq _ _ _ _ _) (wf-ec-subst-subeq _ _ _ _ _). %total (D1 D2 D3) (wf-val-subst-subeq D1 _ _ _ _) (wf-es-subst-subeq D2 _ _ _ _) (wf-ec-subst-subeq D3 _ _ _ _). wf-val-resp-st-sqsubeq-ex-disjoint : wf-val V S V' R -> st-sqsubeq-ex S G S' -> ls-disjoint R G -> %% wf-val V S' V' R -> type. %mode wf-val-resp-st-sqsubeq-ex-disjoint +X1 +X2 +X3 -X4. wf-es-resp-st-sqsubeq-ex-disjoint : wf-es Es S Es' R -> st-sqsubeq-ex S G S' -> ls-disjoint R G -> %% wf-es Es S' Es' R -> type. %mode wf-es-resp-st-sqsubeq-ex-disjoint +X1 +X2 +X3 -X4. wf-ec-resp-st-sqsubeq-ex-disjoint : wf-ec Ec S Ec' R -> st-sqsubeq-ex S G S' -> ls-disjoint R G -> %% wf-ec Ec S' Ec' R -> type. %mode wf-ec-resp-st-sqsubeq-ex-disjoint +X1 +X2 +X3 -X4. - : wf-val-resp-st-sqsubeq-ex-disjoint (wf-val-var Dwv) _ _ %% (wf-val-var Dwv) . - : wf-val-resp-st-sqsubeq-ex-disjoint wf-val-emp _ _ %% wf-val-emp . - : wf-val-resp-st-sqsubeq-ex-disjoint wf-val-nat _ _ %% wf-val-nat . - : wf-val-resp-st-sqsubeq-ex-disjoint (wf-val-loc (Dlu : ls-union RV RL RV+RL) Dls Dwv Dstl) Dssee (Dld: ls-disjoint RV+RL G) %% (wf-val-loc Dlu Dls Dwv' Dstl') <- ls-union-imp-subeq Dlu (Dlse3 : ls-subeq RV RV+RL) (Dlse1 : ls-subeq RL RV+RL) <- ls-subeq-refl _ (Dlse2 : ls-subeq G G) <- ls-disjoint-resp-subeq Dld Dlse1 Dlse2 (Dld2 : ls-disjoint RL G) <- st-lookup-resp-sqsubeq-ex-notin Dstl Dssee Dls Dld2 Dstl' <- ls-disjoint-resp-subeq Dld Dlse3 Dlse2 (Dld3 : ls-disjoint RV G) <- wf-val-resp-st-sqsubeq-ex-disjoint Dwv Dssee Dld3 Dwv' . - : wf-val-resp-st-sqsubeq-ex-disjoint (wf-val-pr (Dlu : ls-union R1 R2 R1+R2) Dwv2 Dwv1) Dssee (Dld : ls-disjoint R1+R2 G) %% (wf-val-pr Dlu Dwv2' Dwv1') <- ls-union-imp-subeq Dlu (Dlse1 : ls-subeq R1 R1+R2) (Dlse2 : ls-subeq R2 R1+R2) <- ls-subeq-refl _ (Dlse3 : ls-subeq G G) <- ls-disjoint-resp-subeq Dld Dlse1 Dlse3 (Dld1 : ls-disjoint R1 G) <- ls-disjoint-resp-subeq Dld Dlse2 Dlse3 (Dld2 : ls-disjoint R2 G) <- wf-val-resp-st-sqsubeq-ex-disjoint Dwv1 Dssee Dld1 Dwv1' <- wf-val-resp-st-sqsubeq-ex-disjoint Dwv2 Dssee Dld2 Dwv2' . - : wf-val-resp-st-sqsubeq-ex-disjoint (wf-val-inl Dwv) Dssee Dld %% (wf-val-inl Dwv') <- wf-val-resp-st-sqsubeq-ex-disjoint Dwv Dssee Dld Dwv' . - : wf-val-resp-st-sqsubeq-ex-disjoint (wf-val-inr Dwv) Dssee Dld %% (wf-val-inr Dwv') <- wf-val-resp-st-sqsubeq-ex-disjoint Dwv Dssee Dld Dwv' . - : wf-val-resp-st-sqsubeq-ex-disjoint (wf-val-fns Dwe) Dssee Dld %% (wf-val-fns Dwe') <- ({v1}{d1} {v2}{d2} wf-es-resp-st-sqsubeq-ex-disjoint (Dwe v1 d1 v2 d2) Dssee Dld (Dwe' v1 d1 v2 d2)) . - : wf-val-resp-st-sqsubeq-ex-disjoint (wf-val-fnc Dwe) Dssee Dld %% (wf-val-fnc Dwe') <- ({v1}{d1} {v2}{d2} wf-ec-resp-st-sqsubeq-ex-disjoint (Dwe v1 d1 v2 d2) Dssee Dld (Dwe' v1 d1 v2 d2)) . - : wf-es-resp-st-sqsubeq-ex-disjoint (wf-es-val Dwv) Dssee Dld %% (wf-es-val Dwv') <- wf-val-resp-st-sqsubeq-ex-disjoint Dwv Dssee Dld Dwv' . - : wf-es-resp-st-sqsubeq-ex-disjoint (wf-es-plus Dlu Dwv2 Dwv1) Dssee Dld %% (wf-es-plus Dlu Dwv2' Dwv1') <- ls-union-imp-subeq Dlu (Dlse1 : ls-subeq R1 R1+R2) (Dlse2 : ls-subeq R2 R1+R2) <- ls-subeq-refl _ (Dlse3 : ls-subeq G G) <- ls-disjoint-resp-subeq Dld Dlse1 Dlse3 (Dld1 : ls-disjoint R1 G) <- ls-disjoint-resp-subeq Dld Dlse2 Dlse3 (Dld2 : ls-disjoint R2 G) <- wf-val-resp-st-sqsubeq-ex-disjoint Dwv1 Dssee Dld1 Dwv1' <- wf-val-resp-st-sqsubeq-ex-disjoint Dwv2 Dssee Dld2 Dwv2' . - : wf-es-resp-st-sqsubeq-ex-disjoint (wf-es-mod Dwe) Dssee Dld %% (wf-es-mod Dwe') <- wf-ec-resp-st-sqsubeq-ex-disjoint Dwe Dssee Dld Dwe' . - : wf-es-resp-st-sqsubeq-ex-disjoint (wf-es-app Dlu Dwv2 Dwv1) Dssee Dld %% (wf-es-app Dlu Dwv2' Dwv1') <- ls-union-imp-subeq Dlu (Dlse1 : ls-subeq R1 R1+R2) (Dlse2 : ls-subeq R2 R1+R2) <- ls-subeq-refl _ (Dlse3 : ls-subeq G G) <- ls-disjoint-resp-subeq Dld Dlse1 Dlse3 (Dld1 : ls-disjoint R1 G) <- ls-disjoint-resp-subeq Dld Dlse2 Dlse3 (Dld2 : ls-disjoint R2 G) <- wf-val-resp-st-sqsubeq-ex-disjoint Dwv1 Dssee Dld1 Dwv1' <- wf-val-resp-st-sqsubeq-ex-disjoint Dwv2 Dssee Dld2 Dwv2' . - : wf-es-resp-st-sqsubeq-ex-disjoint (wf-es-let Dlu Dwe2 Dwe1) Dssee Dld %% (wf-es-let Dlu Dwe2' Dwe1') <- ls-union-imp-subeq Dlu (Dlse1 : ls-subeq R1 R1+R2) (Dlse2 : ls-subeq R2 R1+R2) <- ls-subeq-refl _ (Dlse3 : ls-subeq G G) <- ls-disjoint-resp-subeq Dld Dlse1 Dlse3 (Dld1 : ls-disjoint R1 G) <- ls-disjoint-resp-subeq Dld Dlse2 Dlse3 (Dld2 : ls-disjoint R2 G) <- wf-es-resp-st-sqsubeq-ex-disjoint Dwe1 Dssee Dld1 Dwe1' <- ({v}{d} wf-es-resp-st-sqsubeq-ex-disjoint (Dwe2 v d) Dssee Dld2 (Dwe2' v d)) . - : wf-es-resp-st-sqsubeq-ex-disjoint (wf-es-letp Dlu Dwe2 Dwv1) Dssee Dld %% (wf-es-letp Dlu Dwe2' Dwv1') <- ls-union-imp-subeq Dlu (Dlse1 : ls-subeq R1 R1+R2) (Dlse2 : ls-subeq R2 R1+R2) <- ls-subeq-refl _ (Dlse3 : ls-subeq G G) <- ls-disjoint-resp-subeq Dld Dlse1 Dlse3 (Dld1 : ls-disjoint R1 G) <- ls-disjoint-resp-subeq Dld Dlse2 Dlse3 (Dld2 : ls-disjoint R2 G) <- wf-val-resp-st-sqsubeq-ex-disjoint Dwv1 Dssee Dld1 Dwv1' <- ({v1}{d1}{v2}{d2} wf-es-resp-st-sqsubeq-ex-disjoint (Dwe2 v1 d1 v2 d2) Dssee Dld2 (Dwe2' v1 d1 v2 d2)) . - : wf-es-resp-st-sqsubeq-ex-disjoint (wf-es-case Dlu2 Dlu1 Dwe2 Dwe1 Dwv0) Dssee Dld %% (wf-es-case Dlu2 Dlu1 Dwe2' Dwe1' Dwv0') <- ls-union-imp-subeq Dlu1 (Dlse1 : ls-subeq RB1 RB1+RB2) (Dlse2 : ls-subeq RB2 RB1+RB2) <- ls-union-imp-subeq Dlu2 (Dlse3 : ls-subeq RB1+RB2 RB1+RB2+RV) (Dlse4 : ls-subeq RV RB1+RB2+RV) <- ls-subeq-trans Dlse1 Dlse3 (Dlse5 : ls-subeq RB1 RB1+RB2+RV) <- ls-subeq-trans Dlse2 Dlse3 (Dlse6 : ls-subeq RB2 RB1+RB2+RV) <- ls-subeq-refl _ (Dlse7 : ls-subeq G G) <- ls-disjoint-resp-subeq Dld Dlse4 Dlse7 (Dld0 : ls-disjoint RV G) <- ls-disjoint-resp-subeq Dld Dlse5 Dlse7 (Dld1 : ls-disjoint RB1 G) <- ls-disjoint-resp-subeq Dld Dlse6 Dlse7 (Dld2 : ls-disjoint RB2 G) <- wf-val-resp-st-sqsubeq-ex-disjoint Dwv0 Dssee Dld0 Dwv0' <- ({v}{d} wf-es-resp-st-sqsubeq-ex-disjoint (Dwe1 v d) Dssee Dld1 (Dwe1' v d)) <- ({v}{d} wf-es-resp-st-sqsubeq-ex-disjoint (Dwe2 v d) Dssee Dld2 (Dwe2' v d)) . - : wf-es-resp-st-sqsubeq-ex-disjoint (wf-es-memo Dwe) Dssee Dld %% (wf-es-memo Dwe') <- wf-es-resp-st-sqsubeq-ex-disjoint Dwe Dssee Dld Dwe' . - : wf-ec-resp-st-sqsubeq-ex-disjoint (wf-ec-wr Dwv) Dssee Dld %% (wf-ec-wr Dwv') <- wf-val-resp-st-sqsubeq-ex-disjoint Dwv Dssee Dld Dwv' . - : wf-ec-resp-st-sqsubeq-ex-disjoint (wf-ec-read Dlu Dwe2 Dwv1) Dssee Dld %% (wf-ec-read Dlu Dwe2' Dwv1') <- ls-union-imp-subeq Dlu (Dlse1 : ls-subeq R1 R1+R2) (Dlse2 : ls-subeq R2 R1+R2) <- ls-subeq-refl _ (Dlse3 : ls-subeq G G) <- ls-disjoint-resp-subeq Dld Dlse1 Dlse3 (Dld1 : ls-disjoint R1 G) <- ls-disjoint-resp-subeq Dld Dlse2 Dlse3 (Dld2 : ls-disjoint R2 G) <- wf-val-resp-st-sqsubeq-ex-disjoint Dwv1 Dssee Dld1 Dwv1' <- ({v}{d} wf-ec-resp-st-sqsubeq-ex-disjoint (Dwe2 v d) Dssee Dld2 (Dwe2' v d)) . - : wf-ec-resp-st-sqsubeq-ex-disjoint (wf-ec-app Dlu Dwv2 Dwv1) Dssee Dld %% (wf-ec-app Dlu Dwv2' Dwv1') <- ls-union-imp-subeq Dlu (Dlse1 : ls-subeq R1 R1+R2) (Dlse2 : ls-subeq R2 R1+R2) <- ls-subeq-refl _ (Dlse3 : ls-subeq G G) <- ls-disjoint-resp-subeq Dld Dlse1 Dlse3 (Dld1 : ls-disjoint R1 G) <- ls-disjoint-resp-subeq Dld Dlse2 Dlse3 (Dld2 : ls-disjoint R2 G) <- wf-val-resp-st-sqsubeq-ex-disjoint Dwv1 Dssee Dld1 Dwv1' <- wf-val-resp-st-sqsubeq-ex-disjoint Dwv2 Dssee Dld2 Dwv2' . - : wf-ec-resp-st-sqsubeq-ex-disjoint (wf-ec-let Dlu Dwe2 Dwe1) Dssee Dld %% (wf-ec-let Dlu Dwe2' Dwe1') <- ls-union-imp-subeq Dlu (Dlse1 : ls-subeq R1 R1+R2) (Dlse2 : ls-subeq R2 R1+R2) <- ls-subeq-refl _ (Dlse3 : ls-subeq G G) <- ls-disjoint-resp-subeq Dld Dlse1 Dlse3 (Dld1 : ls-disjoint R1 G) <- ls-disjoint-resp-subeq Dld Dlse2 Dlse3 (Dld2 : ls-disjoint R2 G) <- wf-es-resp-st-sqsubeq-ex-disjoint Dwe1 Dssee Dld1 Dwe1' <- ({v}{d} wf-ec-resp-st-sqsubeq-ex-disjoint (Dwe2 v d) Dssee Dld2 (Dwe2' v d)) . - : wf-ec-resp-st-sqsubeq-ex-disjoint (wf-ec-letp Dlu Dwe2 Dwv1) Dssee Dld %% (wf-ec-letp Dlu Dwe2' Dwv1') <- ls-union-imp-subeq Dlu (Dlse1 : ls-subeq R1 R1+R2) (Dlse2 : ls-subeq R2 R1+R2) <- ls-subeq-refl _ (Dlse3 : ls-subeq G G) <- ls-disjoint-resp-subeq Dld Dlse1 Dlse3 (Dld1 : ls-disjoint R1 G) <- ls-disjoint-resp-subeq Dld Dlse2 Dlse3 (Dld2 : ls-disjoint R2 G) <- wf-val-resp-st-sqsubeq-ex-disjoint Dwv1 Dssee Dld1 Dwv1' <- ({v1}{d1}{v2}{d2} wf-ec-resp-st-sqsubeq-ex-disjoint (Dwe2 v1 d1 v2 d2) Dssee Dld2 (Dwe2' v1 d1 v2 d2)) . - : wf-ec-resp-st-sqsubeq-ex-disjoint (wf-ec-case Dlu2 Dlu1 Dwe2 Dwe1 Dwv0) Dssee Dld %% (wf-ec-case Dlu2 Dlu1 Dwe2' Dwe1' Dwv0') <- ls-union-imp-subeq Dlu1 (Dlse1 : ls-subeq RB1 RB1+RB2) (Dlse2 : ls-subeq RB2 RB1+RB2) <- ls-union-imp-subeq Dlu2 (Dlse3 : ls-subeq RB1+RB2 RB1+RB2+RV) (Dlse4 : ls-subeq RV RB1+RB2+RV) <- ls-subeq-trans Dlse1 Dlse3 (Dlse5 : ls-subeq RB1 RB1+RB2+RV) <- ls-subeq-trans Dlse2 Dlse3 (Dlse6 : ls-subeq RB2 RB1+RB2+RV) <- ls-subeq-refl _ (Dlse7 : ls-subeq G G) <- ls-disjoint-resp-subeq Dld Dlse4 Dlse7 (Dld0 : ls-disjoint RV G) <- ls-disjoint-resp-subeq Dld Dlse5 Dlse7 (Dld1 : ls-disjoint RB1 G) <- ls-disjoint-resp-subeq Dld Dlse6 Dlse7 (Dld2 : ls-disjoint RB2 G) <- wf-val-resp-st-sqsubeq-ex-disjoint Dwv0 Dssee Dld0 Dwv0' <- ({v}{d} wf-ec-resp-st-sqsubeq-ex-disjoint (Dwe1 v d) Dssee Dld1 (Dwe1' v d)) <- ({v}{d} wf-ec-resp-st-sqsubeq-ex-disjoint (Dwe2 v d) Dssee Dld2 (Dwe2' v d)) . - : wf-ec-resp-st-sqsubeq-ex-disjoint (wf-ec-memo Dwe) Dssee Dld %% (wf-ec-memo Dwe') <- wf-ec-resp-st-sqsubeq-ex-disjoint Dwe Dssee Dld Dwe' . %worlds (var-block) (wf-val-resp-st-sqsubeq-ex-disjoint _ _ _ _) (wf-es-resp-st-sqsubeq-ex-disjoint _ _ _ _) (wf-ec-resp-st-sqsubeq-ex-disjoint _ _ _ _). %total (D1 D2 D3) (wf-val-resp-st-sqsubeq-ex-disjoint D1 _ _ _) (wf-es-resp-st-sqsubeq-ex-disjoint D2 _ _ _) (wf-ec-resp-st-sqsubeq-ex-disjoint D3 _ _ _). %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% wf-eval-lemmas.thm %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %{ These lemmas say that the subevaluations of well-formed evaluations are also well-formed; we use them to induct over well-formed evaluations. Another way to go about it might be to define a ruleset for evaluation which carries the well-formedness properties, and show that a well-formed evaluation according to the existing ruleset can be translated to this new ruleset (so these lemmas would be cases of this proof); then we would be spared calling these lemmas in each induction. }% wf-pres-es-mod : wf-es (es-mod Ec) S (es-mod Ec') R -> trc-gen Tc G -> ls-sing L X -> ls-union G X G+X -> ls-disjoint R G+X -> trc-gen Tc G' -> ls-sing L X' -> ls-disjoint X' G' -> %% wf-ec Ec S Ec' R -> ls-disjoint R G -> ls-disjoint X R -> ls-disjoint X G -> type. %mode wf-pres-es-mod +X1 +X2 +X3 +X4 +X5 +X6 +X7 +X8 -X9 -X10 -X11 -X12. - : wf-pres-es-mod (wf-es-mod Dwe2 : wf-es _ _ _ R) (Dtg3 : trc-gen Tc G) (Dls2 : ls-sing L X) (Dlu2 : ls-union G X G+X) (Dld2 : ls-disjoint R G+X) (Dtg : trc-gen Tc G+) (Dls : ls-sing L X+) (Dld : ls-disjoint X+ G+) %% Dwe2 Dld3 Dld4 Dld5 <- ls-subeq-refl _ (Dlse1 : ls-subeq R R) <- ls-union-imp-subeq Dlu2 (Dlse2 : ls-subeq G G+X) (Dlse3 : ls-subeq X G+X) <- ls-disjoint-resp-subeq Dld2 Dlse1 Dlse2 (Dld3 : ls-disjoint R G) <- ls-disjoint-resp-subeq Dld2 Dlse1 Dlse3 (Dld6 : ls-disjoint R X) <- ls-disjoint-commutes Dld6 (Dld4 : ls-disjoint X R) <- ls-sing-fun Dls Dls2 Deq1 <- trc-gen-fun Dtg Dtg3 Deq2 <- ls-disjoint-resp-eq Dld Deq1 Deq2 (Dld5 : ls-disjoint X G) . %worlds () (wf-pres-es-mod _ _ _ _ _ _ _ _ _ _ _ _). %total {} (wf-pres-es-mod _ _ _ _ _ _ _ _ _ _ _ _). wf-pres-es-app : wf-es (es-app (val-fns Es) V) S (es-app (val-fns Es') V') R -> ls-disjoint R G -> %% wf-es (Es (val-fns Es) V) S (Es' (val-fns Es') V') R' -> ls-subeq R' R -> ls-disjoint R' G -> type. %mode wf-pres-es-app +X1 +X2 -X3 -X4 -X5. - : wf-pres-es-app (wf-es-app (Dlu : ls-union RF RV RF+RV) Dwv (wf-val-fns Dwe)) (Dld : ls-disjoint RF+RV G) %% Dwe' Dlse' Dld' <- ({v}{d} wf-es-subst-subeq (Dwe v d) Dwv Dlu (Dwe1 v d) (Dlse1 : ls-subeq RF+RV' RF+RV)) <- can-ls-union _ _ (Dlu1 : ls-union RF+RV' RF RF+RV'+RF) <- wf-es-subst-subeq Dwe1 (wf-val-fns Dwe) Dlu1 Dwe' (Dlse2 : ls-subeq RF+RV'+RF' RF+RV'+RF) <- ls-union-imp-subeq Dlu (Dlse6 : ls-subeq RF RF+RV) _ <- ls-subeq-union Dlse1 Dlse6 Dlu1 (Dlse5 : ls-subeq RF+RV'+RF RF+RV) <- ls-subeq-trans Dlse2 Dlse5 (Dlse' : ls-subeq RF+RV'+RF' RF+RV) <- ls-subeq-refl _ (Dlse4 : ls-subeq G G) <- ls-disjoint-resp-subeq Dld Dlse' Dlse4 (Dld' : ls-disjoint RF+RV'+RF' G) . %worlds () (wf-pres-es-app _ _ _ _ _). %total {} (wf-pres-es-app _ _ _ _ _). wf-pres-es-let-1 : ls-union R1 R2 R1+R2 -> ls-union G1 G2 G1+G2 -> ls-disjoint R1+R2 G1+G2 -> %% ls-disjoint R1 G1 -> type. %mode wf-pres-es-let-1 +X1 +X2 +X3 -X4. - : wf-pres-es-let-1 (Dlu2 : ls-union R1 R2 R1+R2) (Dlu1 : ls-union G1 G2 G1+G2) Dld2 %% Dld4 <- ls-union-imp-subeq Dlu1 (Dlse4 : ls-subeq G1 G1+G2) _ <- ls-union-imp-subeq Dlu2 (Dlse3 : ls-subeq R1 R1+R2) _ <- ls-disjoint-resp-subeq Dld2 Dlse3 Dlse4 (Dld4 : ls-disjoint R1 G1) . %worlds () (wf-pres-es-let-1 _ _ _ _). %total {} (wf-pres-es-let-1 _ _ _ _). wf-pres-es-let-2 : ls-union R1 R2 R1+R2 -> ({v}{d : var v} wf-es (Es2 v) S (Es2' v) R2) -> ls-union G1 G2 G1+G2 -> trs-gen Ts2 G2 -> trs-gen Ts1 G1 -> ls-disjoint R1+R2 G1+G2 -> trs-gen Ts1 G1' -> trs-gen Ts2 G2' -> ls-disjoint G1' G2' -> st-sqsubeq-ex S G1 S' -> wf-val V S' V' RV -> ls-union R1 G1 R1+G1 -> ls-subeq RV R1+G1 -> %% wf-es (Es2 V) S' (Es2' V') R2+RV' -> ls-union R2 RV R2+RV -> ls-subeq R2+RV' R2+RV -> ls-disjoint G1 G2 -> ls-disjoint R2+RV' G2 -> type. %mode wf-pres-es-let-2 +X1 +X2 +X3 +X4 +X5 +X6 +X7 +X8 +X9 +X10 +X11 +X12 +X13 -X14 -X15 -X16 -X17 -X18. - : wf-pres-es-let-2 (Dlu2 : ls-union R1 R2 R1+R2) (Dwe2 : {v}{d : var v} wf-es (Es2 v) S (Es2' v) R2) (Dlu1 : ls-union G1 G2 G1+G2) (Dtg2 : trs-gen Ts2 G2) (Dtg1 : trs-gen Ts1 G1) (Dld2 : ls-disjoint R1+R2 G1+G2) (Dtg1+ : trs-gen Ts1 G1') (Dtg2+ : trs-gen Ts2 G2') (Dld+ : ls-disjoint G1' G2') (Dssee : st-sqsubeq-ex S G1 S') (Dwv1 : wf-val V S' V' RV) (Dlu3 : ls-union R1 G1 R1+G1) (Dlse1 : ls-subeq RV R1+G1) %% Dwe4 Dlu4 Dlse7 Dld Dld7 <- trs-gen-fun Dtg1+ Dtg1 Deq1 <- trs-gen-fun Dtg2+ Dtg2 Deq2 <- ls-disjoint-resp-eq Dld+ Deq1 Deq2 (Dld : ls-disjoint G1 G2) <- ls-union-imp-subeq Dlu1 (Dlse4 : ls-subeq G1 G1+G2) (Dlse6 : ls-subeq G2 G1+G2) <- ls-union-imp-subeq Dlu2 (Dlse3 : ls-subeq R1 R1+R2) (Dlse5 : ls-subeq R2 R1+R2) <- ls-disjoint-resp-subeq Dld2 Dlse5 Dlse4 (Dld6 : ls-disjoint R2 G1) <- ({v}{d} wf-es-resp-st-sqsubeq-ex-disjoint (Dwe2 v d) Dssee Dld6 (Dwe3 v d)) <- can-ls-union _ _ (Dlu4 : ls-union R2 RV R2+RV) <- wf-es-subst-subeq Dwe3 Dwv1 Dlu4 Dwe4 (Dlse7 : ls-subeq R2+RV' R2+RV) <- ls-subeq-refl _ (Dlse9 : ls-subeq R1+R2 R1+R2) <- ls-disjoint-resp-subeq Dld2 Dlse9 Dlse6 (Dld9 : ls-disjoint R1+R2 G2) <- can-ls-union _ _ (Dlu5 : ls-union R1+R2 G1 R1+R2+G1) <- ls-disjoint-union Dld9 Dld Dlu5 (Dld8 : ls-disjoint R1+R2+G1 G2) <- ls-union-imp-subeq Dlu5 (Dlse13 : ls-subeq R1+R2 R1+R2+G1) (Dlse14 : ls-subeq G1 R1+R2+G1) <- ls-subeq-trans Dlse5 Dlse13 Dlse15 <- ls-subeq-trans Dlse3 Dlse13 (Dlse18 : ls-subeq R1 R1+R2+G1) <- ls-subeq-union Dlse18 Dlse14 Dlu3 (Dlse17 : ls-subeq R1+G1 R1+R2+G1) <- ls-subeq-trans Dlse1 Dlse17 (Dlse16 : ls-subeq RV R1+R2+G1) <- ls-subeq-union Dlse15 Dlse16 Dlu4 (Dlse12 : ls-subeq R2+RV R1+R2+G1) <- ls-subeq-trans Dlse7 Dlse12 (Dlse11 : ls-subeq R2+RV' R1+R2+G1) <- ls-subeq-refl _ (Dlse10 : ls-subeq G2 G2) <- ls-disjoint-resp-subeq Dld8 Dlse11 Dlse10 (Dld7 : ls-disjoint R2+RV' G2) . %worlds () (wf-pres-es-let-2 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _). %total {} (wf-pres-es-let-2 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _). wf-pres-es-letp : wf-es (es-letp (val-pr V1 V2) Es) S (es-letp (val-pr V1' V2') Es') R -> ls-disjoint R G -> %% wf-es (Es V1 V2) S (Es' V1' V2') R' -> ls-subeq R' R -> ls-disjoint R' G -> type. %mode wf-pres-es-letp +X1 +X2 -X3 -X4 -X5. - : wf-pres-es-letp (wf-es-letp (Dlu : ls-union RV1+RV2 RB RV1+RV2+RB) Dwe (wf-val-pr (Dlu1 : ls-union RV1 RV2 RV1+RV2) Dwv2 Dwv1)) (Dld : ls-disjoint RV1+RV2+RB G) %% Dwe2 Dlse5 Dld2 <- can-ls-union _ _ (Dlu2 : ls-union RB RV2 RB+RV2) <- ({v}{d} wf-es-subst-subeq (Dwe v d) Dwv2 Dlu2 (Dwe1 v d) (Dlse1 : ls-subeq RB+RV2' RB+RV2)) <- can-ls-union _ _ (Dlu3 : ls-union RB+RV2' RV1 RB+RV2'+RV1) <- wf-es-subst-subeq Dwe1 Dwv1 Dlu3 Dwe2 (Dlse2 : ls-subeq RB+RV2'+RV1' RB+RV2'+RV1) <- ls-subeq-refl _ (Dlse4 : ls-subeq G G) <- ls-union-imp-subeq Dlu (Dlse6 : ls-subeq RV1+RV2 RV1+RV2+RB) (Dlse7 : ls-subeq RB RV1+RV2+RB) <- ls-union-imp-subeq Dlu1 (Dlse14 : ls-subeq RV1 RV1+RV2) (Dlse15 : ls-subeq RV2 RV1+RV2) <- ls-subeq-trans Dlse15 Dlse6 (Dlse13 : ls-subeq RV2 RV1+RV2+RB) <- ls-subeq-union Dlse7 Dlse13 Dlu2 (Dlse11 : ls-subeq RB+RV2 RV1+RV2+RB) <- ls-subeq-trans Dlse1 Dlse11 (Dlse9 : ls-subeq RB+RV2' RV1+RV2+RB) <- ls-subeq-trans Dlse14 Dlse6 (Dlse10 : ls-subeq RV1 RV1+RV2+RB) <- ls-subeq-union Dlse9 Dlse10 Dlu3 (Dlse8 : ls-subeq RB+RV2'+RV1 RV1+RV2+RB) <- ls-subeq-trans Dlse2 Dlse8 (Dlse5 : ls-subeq RB+RV2'+RV1' RV1+RV2+RB) <- ls-disjoint-resp-subeq Dld Dlse5 Dlse4 (Dld2 : ls-disjoint RB+RV2'+RV1' G) . %worlds () (wf-pres-es-letp _ _ _ _ _). %total {} (wf-pres-es-letp _ _ _ _ _). wf-pres-es-case-inl : wf-es (es-case (val-inl V) Es1 Es2) S (es-case (val-inl V') Es1' Es2') R -> ls-disjoint R G -> %% wf-es (Es1 V) S (Es1' V') R' -> ls-subeq R' R -> ls-disjoint R' G -> type. %mode wf-pres-es-case-inl +X1 +X2 -X3 -X4 -X5. - : wf-pres-es-case-inl (wf-es-case (Dlu2 : ls-union R1+R2 RV R) (Dlu1 : ls-union R1 R2 R1+R2) Dwe2 Dwe1 (wf-val-inl Dwv)) (Dld : ls-disjoint R G) %% Dwe3 Dlse3 Dld2 <- can-ls-union _ _ (Dlu4 : ls-union R1 RV R1+RV) <- wf-es-subst-subeq Dwe1 Dwv Dlu4 Dwe3 (Dlse2 : ls-subeq R1+RV' R1+RV) <- ls-union-imp-subeq Dlu1 (Dlse8 : ls-subeq R1 R1+R2) (Dlse9 : ls-subeq R2 R1+R2) <- ls-union-imp-subeq Dlu2 (Dlse10 : ls-subeq R1+R2 R) (Dlse11 : ls-subeq RV R) <- ls-subeq-trans Dlse8 Dlse10 (Dlse6 : ls-subeq R1 R) <- ls-subeq-union Dlse6 Dlse11 Dlu4 (Dlse5 : ls-subeq R1+RV R) <- ls-subeq-trans Dlse2 Dlse5 (Dlse3 : ls-subeq R1+RV' R) <- ls-subeq-refl _ (Dlse4 : ls-subeq G G) <- ls-disjoint-resp-subeq Dld Dlse3 Dlse4 (Dld2 : ls-disjoint R1+RV' G) . %worlds () (wf-pres-es-case-inl _ _ _ _ _). %total {} (wf-pres-es-case-inl _ _ _ _ _). wf-pres-es-case-inr : wf-es (es-case (val-inr V) Es1 Es2) S (es-case (val-inr V') Es1' Es2') R -> ls-disjoint R G -> %% wf-es (Es2 V) S (Es2' V') R' -> ls-subeq R' R -> ls-disjoint R' G -> type. %mode wf-pres-es-case-inr +X1 +X2 -X3 -X4 -X5. - : wf-pres-es-case-inr (wf-es-case (Dlu2 : ls-union R1+R2 RV R) (Dlu1 : ls-union R1 R2 R1+R2) Dwe2 Dwe1 (wf-val-inr Dwv)) (Dld : ls-disjoint R G) %% Dwe3 Dlse3 Dld2 <- can-ls-union _ _ (Dlu4 : ls-union R2 RV R2+RV) <- wf-es-subst-subeq Dwe2 Dwv Dlu4 Dwe3 (Dlse2 : ls-subeq R2+RV' R2+RV) <- ls-union-imp-subeq Dlu1 (Dlse8 : ls-subeq R1 R1+R2) (Dlse9 : ls-subeq R2 R1+R2) <- ls-union-imp-subeq Dlu2 (Dlse10 : ls-subeq R1+R2 R) (Dlse11 : ls-subeq RV R) <- ls-subeq-trans Dlse9 Dlse10 (Dlse6 : ls-subeq R2 R) <- ls-subeq-union Dlse6 Dlse11 Dlu4 (Dlse5 : ls-subeq R2+RV R) <- ls-subeq-trans Dlse2 Dlse5 (Dlse3 : ls-subeq R2+RV' R) <- ls-subeq-refl _ (Dlse4 : ls-subeq G G) <- ls-disjoint-resp-subeq Dld Dlse3 Dlse4 (Dld2 : ls-disjoint R2+RV' G) . %worlds () (wf-pres-es-case-inr _ _ _ _ _). %total {} (wf-pres-es-case-inr _ _ _ _ _). wf-pres-ec-read : wf-val (val-loc L') S V' RV+X' -> ({v}{d : var v} wf-ec (Ec v) S (Ec' v) RB) -> ls-union RV+X' RB RV+X'+RB -> ls-disjoint RV+X'+RB G -> ls-disjoint X RV+X'+RB -> st-lookup S L' V+ -> %% wf-ec (Ec V+) S (Ec' V') R' -> ls-subeq R' RV+X'+RB -> ls-disjoint R' G -> ls-disjoint X R' -> type. %mode wf-pres-ec-read +X1 +X2 +X3 +X4 +X5 +X6 -X7 -X8 -X9 -X10. - : wf-pres-ec-read (wf-val-loc (Dlu2 : ls-union RV X' RV+X') (Dls2 : ls-sing L' X') Dwv Dstl) Dwe (Dlu1 : ls-union RV+X' RB RV+X'+RB) (Dld : ls-disjoint RV+X'+RB G) (Dld1 : ls-disjoint X RV+X'+RB) (Dstl+ : st-lookup S L' V+) %% Dwe2 Dlse4 Dld2 Dld3 <- st-lookup-fun Dstl Dstl+ Deq <- wf-val-resp-eq Dwv Deq val-eq_ Dwv2 <- can-ls-union _ _ (Dlu3 : ls-union RB RV RB+RV) <- wf-ec-subst-subeq Dwe Dwv2 Dlu3 Dwe2 (Dlse3 : ls-subeq R' RB+RV) <- ls-union-imp-subeq Dlu2 (Dlse6 : ls-subeq RV RV+X') _ <- ls-union-imp-subeq Dlu1 (Dlse7 : ls-subeq RV+X' RV+X'+RB) (Dlse8 : ls-subeq RB RV+X'+RB) <- ls-subeq-trans Dlse6 Dlse7 (Dlse9 : ls-subeq RV RV+X'+RB) <- ls-subeq-union Dlse8 Dlse9 Dlu3 (Dlse5 : ls-subeq RB+RV RV+X'+RB) <- ls-subeq-trans Dlse3 Dlse5 (Dlse4 : ls-subeq R' RV+X'+RB) <- ls-subeq-refl _ (Dlse11 : ls-subeq G G) <- ls-disjoint-resp-subeq Dld Dlse4 Dlse11 (Dld2 : ls-disjoint R' G) <- ls-subeq-refl _ (Dlse10 : ls-subeq X X) <- ls-disjoint-resp-subeq Dld1 Dlse10 Dlse4 (Dld3 : ls-disjoint X R') . %worlds () (wf-pres-ec-read _ _ _ _ _ _ _ _ _ _). %total {} (wf-pres-ec-read _ _ _ _ _ _ _ _ _ _). wf-pres-ec-app : wf-ec (ec-app (val-fnc Ec) V) S (ec-app (val-fnc Ec') V') RF+RV -> ls-disjoint RF+RV G -> ls-disjoint X RF+RV -> %% wf-ec (Ec (val-fnc Ec) V) S (Ec' (val-fnc Ec') V') R' -> ls-subeq R' RF+RV -> ls-disjoint R' G -> ls-disjoint X R' -> type. %mode wf-pres-ec-app +X1 +X2 +X3 -X4 -X5 -X6 -X7. - : wf-pres-ec-app (wf-ec-app (Dlu : ls-union RF RV RF+RV) Dwv (wf-val-fnc Dwe)) (Dld1 : ls-disjoint RF+RV G) (Dld2 : ls-disjoint X RF+RV) %% Dwe' Dlse' Dld1' Dld2' <- ({v}{d} wf-ec-subst-subeq (Dwe v d) Dwv Dlu (Dwe1 v d) (Dlse1 : ls-subeq R' RF+RV)) <- can-ls-union _ _ (Dlu1 : ls-union R' RF R'+RF) <- wf-ec-subst-subeq Dwe1 (wf-val-fnc Dwe) Dlu1 Dwe' (Dlse2 : ls-subeq R'' R'+RF) <- ls-union-imp-subeq Dlu (Dlse6 : ls-subeq RF RF+RV) _ <- ls-subeq-union Dlse1 Dlse6 Dlu1 (Dlse5 : ls-subeq R'+RF RF+RV) <- ls-subeq-trans Dlse2 Dlse5 (Dlse' : ls-subeq R'' RF+RV) <- ls-subeq-refl _ (Dlse4 : ls-subeq G G) <- ls-disjoint-resp-subeq Dld1 Dlse' Dlse4 (Dld1' : ls-disjoint R'' G) <- ls-subeq-refl _ (Dlse7 : ls-subeq X X) <- ls-disjoint-resp-subeq Dld2 Dlse7 Dlse' (Dld2' : ls-disjoint X R'') . %worlds () (wf-pres-ec-app _ _ _ _ _ _ _). %total {} (wf-pres-ec-app _ _ _ _ _ _ _). wf-pres-ec-let-2 : ls-union R1 R2 R1+R2 -> ({v}{d : var v} wf-ec (Ec2 v) S (Ec2' v) R2) -> ls-union G1 G2 G1+G2 -> trc-gen Ts2 G2 -> trs-gen Ts1 G1 -> ls-disjoint R1+R2 G1+G2 -> ls-disjoint X R1+R2 -> ls-disjoint X G1+G2 -> trs-gen Ts1 G1' -> trc-gen Ts2 G2' -> ls-disjoint G1' G2' -> st-sqsubeq-ex S G1 S' -> wf-val V S' V' RV -> ls-union R1 G1 R1+G1 -> ls-subeq RV R1+G1 -> %% wf-ec (Ec2 V) S' (Ec2' V') R2+RV' -> ls-union R2 RV R2+RV -> ls-subeq R2+RV' R2+RV -> ls-disjoint G1 G2 -> ls-disjoint R2+RV' G2 -> ls-disjoint X R2+RV' -> ls-disjoint X G2 -> type. %mode wf-pres-ec-let-2 +X1 +X2 +X3 +X4 +X5 +X6 +X7 +X8 +X9 +X10 +X11 +X12 +X13 +X14 +X15 -X16 -X17 -X18 -X19 -X20 -X21 -X22. - : wf-pres-ec-let-2 (Dlu2 : ls-union R1 R2 R) Dwe2 (Dlu1 : ls-union G1 G2 G) Dtg2 Dtg1 (Dld : ls-disjoint R G) (Dld1 : ls-disjoint X R) (Dld2 : ls-disjoint X G) Dtg1+ Dtg2+ Dld3+ Dssee Dwv1 (Dlu3 : ls-union R1 G1 R1+G1) (Dlse1 : ls-subeq RV1 R1+G1) %% Dwe4 Dlu5 Dlse7 Dld3 Dld4 Dld5 Dld6 <- trs-gen-fun Dtg1+ Dtg1 Deq1 <- trc-gen-fun Dtg2+ Dtg2 Deq2 <- ls-disjoint-resp-eq Dld3+ Deq1 Deq2 (Dld3 : ls-disjoint G1 G2) <- ls-union-imp-subeq Dlu1 (Dlse4 : ls-subeq G1 G) (Dlse6 : ls-subeq G2 G) <- ls-union-imp-subeq Dlu2 (Dlse3 : ls-subeq R1 R) (Dlse5 : ls-subeq R2 R) <- ls-disjoint-resp-subeq Dld Dlse5 Dlse6 (Dld8 : ls-disjoint R2 G2) <- ls-disjoint-resp-subeq Dld Dlse5 Dlse4 (Dld9 : ls-disjoint R2 G1) <- ({v}{d} wf-ec-resp-st-sqsubeq-ex-disjoint (Dwe2 v d) Dssee Dld9 (Dwe3 v d)) <- can-ls-union _ _ (Dlu5 : ls-union R2 RV1 R2+RV1) <- wf-ec-subst-subeq Dwe3 Dwv1 Dlu5 Dwe4 (Dlse7 : ls-subeq R2V1 R2+RV1) <- ls-subeq-refl _ (Dlse18 : ls-subeq X X) <- ls-disjoint-resp-subeq Dld2 Dlse18 Dlse6 (Dld6 : ls-disjoint X G2) <- can-ls-union _ _ (Dlu' : ls-union R G R+G) <- ls-union-imp-subeq Dlu' (Dlse12 : ls-subeq R R+G) (Dlse13 : ls-subeq G R+G) <- ls-disjoint-commutes Dld1 (Dld11 : ls-disjoint R X) <- ls-disjoint-commutes Dld2 (Dld12 : ls-disjoint G X) <- ls-disjoint-union Dld11 Dld12 Dlu' (Dld13 : ls-disjoint R+G X) <- ls-subeq-trans Dlse5 Dlse12 (Dlse10 : ls-subeq R2 R+G) <- ls-subeq-trans Dlse3 Dlse12 (Dlse15: ls-subeq R1 R+G) <- ls-subeq-trans Dlse4 Dlse13 (Dlse16 : ls-subeq G1 R+G) <- ls-subeq-union Dlse15 Dlse16 Dlu3 (Dlse14 : ls-subeq R1+G1 R+G) <- ls-subeq-trans Dlse1 Dlse14 (Dlse11 : ls-subeq RV1 R+G) <- ls-subeq-union Dlse10 Dlse11 Dlu5 (Dlse9 : ls-subeq R2+RV1 R+G) <- ls-subeq-trans Dlse7 Dlse9 (Dlse8 : ls-subeq R2V1 R+G) <- ls-disjoint-commutes Dld13 (Dld14 : ls-disjoint X R+G) <- ls-disjoint-resp-subeq Dld14 Dlse18 Dlse8 (Dld5 : ls-disjoint X R2V1) <- ls-disjoint-resp-subeq Dld Dlse3 Dlse6 (Dld15 : ls-disjoint R1 G2) <- ls-disjoint-union Dld15 Dld3 Dlu3 (Dld16 : ls-disjoint R1+G1 G2) <- ls-subeq-refl _ (Dlse17 : ls-subeq G2 G2) <- ls-disjoint-resp-subeq Dld16 Dlse1 Dlse17 (Dld17 : ls-disjoint RV1 G2) <- ls-disjoint-union Dld8 Dld17 Dlu5 (Dld18 : ls-disjoint R2+RV1 G2) <- ls-disjoint-resp-subeq Dld18 Dlse7 Dlse17 (Dld4 : ls-disjoint R2V1 G2) . %worlds () (wf-pres-ec-let-2 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _). %total {} (wf-pres-ec-let-2 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _). wf-pres-ec-letp : wf-ec (ec-letp (val-pr V1 V2) Ec) S (ec-letp (val-pr V1' V2') Ec') R -> ls-disjoint R G -> ls-disjoint X R -> %% wf-ec (Ec V1 V2) S (Ec' V1' V2') R' -> ls-subeq R' R -> ls-disjoint R' G -> ls-disjoint X R' -> type. %mode wf-pres-ec-letp +X1 +X2 +X3 -X4 -X5 -X6 -X7. - : wf-pres-ec-letp (wf-ec-letp (Dlu : ls-union RV1+RV2 RB R) Dwe (wf-val-pr (Dlu1 : ls-union RV1 RV2 RV1+RV2) Dwv2 Dwv1)) (Dld : ls-disjoint R G) (Dld11 : ls-disjoint X R) %% Dwe2 Dlse5 Dld2 Dld13 <- can-ls-union _ _ (Dlu3 : ls-union RB RV2 RB+RV2) <- ({v}{d} wf-ec-subst-subeq (Dwe v d) Dwv2 Dlu3 (Dwe1 v d) (Dlse3 : ls-subeq RB+RV2' RB+RV2)) <- can-ls-union _ _ (Dlu4 : ls-union RB+RV2' RV1 RB+RV2'+RV1) <- wf-ec-subst-subeq Dwe1 Dwv1 Dlu4 Dwe2 (Dlse4 : ls-subeq RB+RV2'+RV1' RB+RV2'+RV1) <- ls-union-imp-subeq Dlu1 (Dlse13 : ls-subeq RV1 RV1+RV2) (Dlse14 : ls-subeq RV2 RV1+RV2) <- ls-union-imp-subeq Dlu (Dlse12 : ls-subeq RV1+RV2 R) (Dlse10: ls-subeq RB R) <- ls-subeq-trans Dlse14 Dlse12 (Dlse11 : ls-subeq RV2 R) <- ls-subeq-union Dlse10 Dlse11 Dlu3 (Dlse9 : ls-subeq RB+RV2 R) <- ls-subeq-trans Dlse3 Dlse9 (Dlse7 : ls-subeq RB+RV2' R) <- ls-subeq-trans Dlse13 Dlse12 (Dlse8 : ls-subeq RV1 R) <- ls-subeq-union Dlse7 Dlse8 Dlu4 (Dlse6 : ls-subeq RB+RV2'+RV1 R) <- ls-subeq-trans Dlse4 Dlse6 (Dlse5 : ls-subeq RB+RV2'+RV1' R) <- ls-subeq-refl _ (Dlse16 : ls-subeq X X) <- ls-disjoint-resp-subeq Dld11 Dlse16 Dlse5 (Dld13 : ls-disjoint X RB+RV2'+RV1') <- ls-subeq-refl _ (Dlse15 : ls-subeq G G) <- ls-disjoint-resp-subeq Dld Dlse5 Dlse15 (Dld2 : ls-disjoint RB+RV2'+RV1' G) . %worlds () (wf-pres-ec-letp _ _ _ _ _ _ _). %total {} (wf-pres-ec-letp _ _ _ _ _ _ _). wf-pres-ec-case-inl : wf-ec (ec-case (val-inl V) Ec1 Ec2) S (ec-case (val-inl V') Ec1' Ec2') R -> ls-disjoint R G -> ls-disjoint X R -> %% wf-ec (Ec1 V) S (Ec1' V') R' -> ls-subeq R' R -> ls-disjoint R' G -> ls-disjoint X R' -> type. %mode wf-pres-ec-case-inl +X1 +X2 +X3 -X4 -X5 -X6 -X7. - : wf-pres-ec-case-inl (wf-ec-case (Dlu2 : ls-union R1+R2 RV R) (Dlu1 : ls-union R1 R2 R1+R2) Dwe2 Dwe1 (wf-val-inl Dwv)) (Dld : ls-disjoint R G) (Dld11 : ls-disjoint X R) %% Dwe3 Dlse3 Dld2 Dld13 <- can-ls-union _ _ (Dlu4 : ls-union R1 RV R1+RV) <- wf-ec-subst-subeq Dwe1 Dwv Dlu4 Dwe3 (Dlse2 : ls-subeq R1+RV' R1+RV) <- ls-union-imp-subeq Dlu1 (Dlse8 : ls-subeq R1 R1+R2) (Dlse9 : ls-subeq R2 R1+R2) <- ls-union-imp-subeq Dlu2 (Dlse10 : ls-subeq R1+R2 R) (Dlse11 : ls-subeq RV R) <- ls-subeq-trans Dlse8 Dlse10 (Dlse6 : ls-subeq R1 R) <- ls-subeq-union Dlse6 Dlse11 Dlu4 (Dlse5 : ls-subeq R1+RV R) <- ls-subeq-trans Dlse2 Dlse5 (Dlse3 : ls-subeq R1+RV' R) <- ls-subeq-refl _ (Dlse4 : ls-subeq G G) <- ls-disjoint-resp-subeq Dld Dlse3 Dlse4 (Dld2 : ls-disjoint R1+RV' G) <- ls-subeq-refl _ (Dlse12 : ls-subeq X X) <- ls-disjoint-resp-subeq Dld11 Dlse12 Dlse3 (Dld13 : ls-disjoint X R1+RV') . %worlds () (wf-pres-ec-case-inl _ _ _ _ _ _ _). %total {} (wf-pres-ec-case-inl _ _ _ _ _ _ _). wf-pres-ec-case-inr : wf-ec (ec-case (val-inr V) Ec1 Ec2) S (ec-case (val-inr V') Ec1' Ec2') R -> ls-disjoint R G -> ls-disjoint X R -> %% wf-ec (Ec2 V) S (Ec2' V') R' -> ls-subeq R' R -> ls-disjoint R' G -> ls-disjoint X R' -> type. %mode wf-pres-ec-case-inr +X1 +X2 +X3 -X4 -X5 -X6 -X7. - : wf-pres-ec-case-inr (wf-ec-case (Dlu2 : ls-union R1+R2 RV R) (Dlu1 : ls-union R1 R2 R1+R2) Dwe2 Dwe1 (wf-val-inr Dwv)) (Dld : ls-disjoint R G) (Dld11 : ls-disjoint X R) %% Dwe3 Dlse3 Dld2 Dld13 <- can-ls-union _ _ (Dlu4 : ls-union R2 RV R2+RV) <- wf-ec-subst-subeq Dwe2 Dwv Dlu4 Dwe3 (Dlse2 : ls-subeq R2+RV' R2+RV) <- ls-union-imp-subeq Dlu1 (Dlse8 : ls-subeq R1 R1+R2) (Dlse9 : ls-subeq R2 R1+R2) <- ls-union-imp-subeq Dlu2 (Dlse10 : ls-subeq R1+R2 R) (Dlse11 : ls-subeq RV R) <- ls-subeq-trans Dlse9 Dlse10 (Dlse6 : ls-subeq R2 R) <- ls-subeq-union Dlse6 Dlse11 Dlu4 (Dlse5 : ls-subeq R2+RV R) <- ls-subeq-trans Dlse2 Dlse5 (Dlse3 : ls-subeq R2+RV' R) <- ls-subeq-refl _ (Dlse4 : ls-subeq G G) <- ls-disjoint-resp-subeq Dld Dlse3 Dlse4 (Dld2 : ls-disjoint R2+RV' G) <- ls-subeq-refl _ (Dlse12 : ls-subeq X X) <- ls-disjoint-resp-subeq Dld11 Dlse12 Dlse3 (Dld13 : ls-disjoint X R2+RV') . %worlds () (wf-pres-ec-case-inr _ _ _ _ _ _ _). %total {} (wf-pres-ec-case-inr _ _ _ _ _ _ _). %% This lemma is true for general well-formed evaluations, but that seems %% to be difficult to prove without making use of memo-elimination. Since %% we need it in the proof of memo-elimination, we state it only for clean %% evaluations, and then memo-eliminate before applying it in the proof of %% memo-elimination. (Another way to go about it might be to define well- %% formedness of traces, and prove that evaluation of a well-formed expression %% gives a well-formed trace, and that change-propagation preserves the well- %% formedness of the trace and of the output value.) wf-cln-evals-imp-wf-val : {Devals : evals S Es V S' Ts} wf-evals Es' R G Devals -> cln-evals Devals -> ls-union R G R+G -> %% wf-val V S' V' R' -> ls-subeq R' R+G -> type. %mode wf-cln-evals-imp-wf-val +X1 +X2 +X3 +X4 -X5 -X6. wf-cln-evalc-imp-wf-val : {Devalc: evalc S L Ec S' Tc} wf-evalc Ec' R G X Devalc -> cln-evalc Devalc -> ls-union R G R+G -> ls-union R+G X R+G+X -> %% wf-val (val-loc L) S' V' R' -> ls-subeq R' R+G+X -> type. %mode wf-cln-evalc-imp-wf-val +X1 +X2 +X3 +X4 +X5 -X6 -X7. - : wf-cln-evals-imp-wf-val evals-val (wf-evals_ _ _ (wf-es-val Dwv)) _ Dlu %% Dwv Dlse' <- ls-union-imp-subeq Dlu Dlse' _ . - : wf-cln-evals-imp-wf-val (evals-plus _) _ _ _ %% wf-val-nat ls-subeq-nx . - : wf-cln-evals-imp-wf-val (evals-mod Dld+ Dls+ Dtg+ Devalc) (wf-evals_ Dld (trs-gen-mod Dlu Dls Dtg) Dwe) (cln-evals-mod Dce) (Dlu2 : ls-union R G+X R+G+X) %% Dwv' Dlse' <- wf-pres-es-mod Dwe Dtg Dls Dlu Dld Dtg+ Dls+ Dld+ Dwe2 (Dld3 : ls-disjoint R G) Dld4 Dld5 <- can-ls-union _ _ (Dlu3 : ls-union R G R+G) <- ls-union-assoc Dlu Dlu2 Dlu3 (Dlu4 : ls-union R+G X R+G+X) <- wf-cln-evalc-imp-wf-val Devalc (wf-evalc_ Dld5 Dld4 Dls Dld3 Dtg Dwe2) Dce Dlu3 Dlu4 Dwv' Dlse' . - : wf-cln-evals-imp-wf-val (evals-memo-miss Devals) (wf-evals_ Dld Dtg (wf-es-memo Dwe)) (cln-evals-miss Dce) Dlu %% Dwv' Dlse' <- wf-cln-evals-imp-wf-val Devals (wf-evals_ Dld Dtg Dwe) Dce Dlu Dwv' Dlse' . - : wf-cln-evals-imp-wf-val (evals-app Devals) (wf-evals_ Dld Dtg (wf-es-app Dlu3 Dwv2 Dwv1)) (cln-evals-app Dce) (Dlu : ls-union R G R+G) %% Dwv' Dlse' <- wf-pres-es-app (wf-es-app Dlu3 Dwv2 Dwv1) Dld Dwe2 (Dlse2 : ls-subeq R' R) Dld2 <- can-ls-union _ _ (Dlu2 : ls-union R' G R'+G) <- wf-cln-evals-imp-wf-val Devals (wf-evals_ Dld2 Dtg Dwe2) Dce Dlu2 Dwv' (Dlse7 : ls-subeq R'' R'+G) <- ls-subeq-refl _ (Dlse3 : ls-subeq G G) <- ls-union-monotone Dlu2 Dlse2 Dlse3 Dlu (Dlse8 : ls-subeq R'+G R+G) <- ls-subeq-trans Dlse7 Dlse8 (Dlse' : ls-subeq R'' R+G) . - : wf-cln-evals-imp-wf-val (evals-let (Dld+ : ls-disjoint G1' G2') Dtg2+ Dtg1+ Devals2 Devals1) (wf-evals_ (Dld2 : ls-disjoint R1+R2 G1+G2) (trs-gen-let (Dlu1 : ls-union G1 G2 G1+G2) Dtg2 Dtg1) (wf-es-let (Dlu2 : ls-union R1 R2 R1+R2) Dwe2 Dwe1)) (cln-evals-let Dce2 Dce1) (Dlu : ls-union R1+R2 G1+G2 R1+R2+G1+G2) %% Dwv' Dlse' <- wf-pres-es-let-1 Dlu2 Dlu1 Dld2 (Dld4 : ls-disjoint R1 G1) <- can-ls-union _ _ (Dlu3 : ls-union R1 G1 R1+G1) <- wf-cln-evals-imp-wf-val Devals1 (wf-evals_ Dld4 Dtg1 Dwe1) Dce1 Dlu3 Dwv1 (Dlse1 : ls-subeq R1+G1' R1+G1) <- evals-imp-st-sqsubeq-ex-trs-gen Devals1 Dtg1 (Dssee : st-sqsubeq-ex _ G1 _) <- wf-pres-es-let-2 Dlu2 Dwe2 Dlu1 Dtg2 Dtg1 Dld2 Dtg1+ Dtg2+ Dld+ Dssee Dwv1 Dlu3 Dlse1 Dwe4 (Dlu4 : ls-union R2 R1+G1' R2+R1+G1') (Dlse7 : ls-subeq R2+R1+G1'' R2+R1+G1') (Dld : ls-disjoint G1 G2) (Dld7 : ls-disjoint R2+R1+G1'' G2) <- can-ls-union _ _ (Dlu6 : ls-union R2+R1+G1'' G2 R2+R1+G1''+G2) <- wf-cln-evals-imp-wf-val Devals2 (wf-evals_ Dld7 Dtg2 Dwe4) Dce2 Dlu6 Dwv' (Dlse8 : ls-subeq R' R2+R1+G1''+G2) <- ls-union-imp-subeq Dlu (Dlse22 : ls-subeq R1+R2 R1+R2+G1+G2) (Dlse23 : ls-subeq G1+G2 R1+R2+G1+G2) <- ls-union-imp-subeq Dlu1 (Dlse4 : ls-subeq G1 G1+G2) (Dlse6 : ls-subeq G2 G1+G2) <- ls-union-imp-subeq Dlu2 (Dlse3 : ls-subeq R1 R1+R2) (Dlse5 : ls-subeq R2 R1+R2) <- ls-subeq-trans Dlse3 Dlse22 (Dlse16 : ls-subeq R1 R1+R2+G1+G2) <- ls-subeq-trans Dlse4 Dlse23 (Dlse17 : ls-subeq G1 R1+R2+G1+G2) <- ls-subeq-trans Dlse6 Dlse23 (Dlse11 : ls-subeq G2 R1+R2+G1+G2) <- ls-subeq-union Dlse16 Dlse17 Dlu3 (Dlse15 : ls-subeq R1+G1 R1+R2+G1+G2) <- ls-subeq-trans Dlse1 Dlse15 (Dlse14 : ls-subeq R1+G1' R1+R2+G1+G2) <- ls-subeq-trans Dlse5 Dlse22 (Dlse13 : ls-subeq R2 R1+R2+G1+G2) <- ls-subeq-union Dlse13 Dlse14 Dlu4 (Dlse12 : ls-subeq R2+R1+G1' R1+R2+G1+G2) <- ls-subeq-trans Dlse7 Dlse12 (Dlse10 : ls-subeq R2+R1+G1'' R1+R2+G1+G2) <- ls-subeq-union Dlse10 Dlse11 Dlu6 (Dlse9 : ls-subeq R2+R1+G1''+G2 R1+R2+G1+G2) <- ls-subeq-trans Dlse8 Dlse9 (Dlse' : ls-subeq R' R1+R2+G1+G2) . - : wf-cln-evals-imp-wf-val (evals-letp Devals) (wf-evals_ Dld Dtg (wf-es-letp Dlu2 Dwe3 Dwv1)) (cln-evals-letp Dce) (Dlu : ls-union R G R+G) %% Dwv' Dlse' <- wf-pres-es-letp (wf-es-letp Dlu2 Dwe3 Dwv1) Dld Dwe2 (Dlse5 : ls-subeq R' R) (Dld2 : ls-disjoint R' G) <- can-ls-union _ _ (Dlu4 : ls-union R' G R'+G) <- wf-cln-evals-imp-wf-val Devals (wf-evals_ Dld2 Dtg Dwe2) Dce Dlu4 Dwv' (Dlse3 : ls-subeq R'' R'+G) <- ls-subeq-refl _ (Dlse6 : ls-subeq G G) <- ls-union-monotone Dlu4 Dlse5 Dlse6 Dlu (Dlse16 : ls-subeq R'+G R+G) <- ls-subeq-trans Dlse3 Dlse16 (Dlse' : ls-subeq R'' R+G) . - : wf-cln-evals-imp-wf-val (evals-case-inl Devals) (wf-evals_ Dld Dtg (wf-es-case Dlu2 Dlu1 Dwe2 Dwe1 (wf-val-inl Dwv0))) (cln-evals-inl Dce) (Dlu : ls-union R G R+G) %% Dwv' Dlse' <- wf-pres-es-case-inl (wf-es-case Dlu2 Dlu1 Dwe2 Dwe1 (wf-val-inl Dwv0)) Dld Dwe3 (Dlse3 : ls-subeq R' R) (Dld2 : ls-disjoint R' G) <- can-ls-union _ _ (Dlu3 : ls-union R' G R'+G) <- wf-cln-evals-imp-wf-val Devals (wf-evals_ Dld2 Dtg Dwe3) Dce Dlu3 Dwv' (Dlse1 : ls-subeq R'' R'+G) <- ls-subeq-refl _ (Dlse4 : ls-subeq G G) <- ls-union-monotone Dlu3 Dlse3 Dlse4 Dlu (Dlse12 : ls-subeq R'+G R+G) <- ls-subeq-trans Dlse1 Dlse12 (Dlse' : ls-subeq R'' R+G) . - : wf-cln-evals-imp-wf-val (evals-case-inr Devals) (wf-evals_ Dld Dtg (wf-es-case Dlu2 Dlu1 Dwe2 Dwe1 (wf-val-inr Dwv0))) (cln-evals-inr Dce) (Dlu : ls-union R G R+G) %% Dwv' Dlse' <- wf-pres-es-case-inr (wf-es-case Dlu2 Dlu1 Dwe2 Dwe1 (wf-val-inr Dwv0)) Dld Dwe3 (Dlse3 : ls-subeq R' R) (Dld2 : ls-disjoint R' G) <- can-ls-union _ _ (Dlu3 : ls-union R' G R'+G) <- wf-cln-evals-imp-wf-val Devals (wf-evals_ Dld2 Dtg Dwe3) Dce Dlu3 Dwv' (Dlse1 : ls-subeq R'' R'+G) <- ls-subeq-refl _ (Dlse4 : ls-subeq G G) <- ls-union-monotone Dlu3 Dlse3 Dlse4 Dlu (Dlse12 : ls-subeq R'+G R+G) <- ls-subeq-trans Dlse1 Dlse12 (Dlse' : ls-subeq R'' R+G) . - : wf-cln-evalc-imp-wf-val (evalc-write Dstu) (wf-evalc_ (Dld2 : ls-disjoint X G) (Dld1 : ls-disjoint X R) (Dls : ls-sing L X) (Dld : ls-disjoint R G) Dtg (wf-ec-wr Dwv)) _ (Dlu1 : ls-union R G R+G) (Dlu2 : ls-union R+G X R+G+X) %% (wf-val-loc Dlu' Dls Dwv' Dstl') Dlse' <- st-update-imp-lookup Dstu Dstl' <- st-update-imp-st-sqsubeq-ex Dstu Dls Dssee <- ls-disjoint-commutes Dld1 (Dld3 : ls-disjoint R X) <- wf-val-resp-st-sqsubeq-ex-disjoint Dwv Dssee Dld3 Dwv' <- can-ls-union _ _ (Dlu' : ls-union R X R+X) <- ls-union-imp-subeq Dlu1 (Dlse1 : ls-subeq R R+G) _ <- ls-union-imp-subeq Dlu2 (Dlse2 : ls-subeq R+G R+G+X) (Dlse3 : ls-subeq X R+G+X) <- ls-subeq-trans Dlse1 Dlse2 (Dlse4 : ls-subeq R R+G+X) <- ls-subeq-union Dlse4 Dlse3 Dlu' (Dlse' : ls-subeq R+X R+G+X) . - : wf-cln-evalc-imp-wf-val (evalc-read Devalc (Dstl+ : st-lookup S L' V+)) (wf-evalc_ (Dld2 : ls-disjoint X G) (Dld1 : ls-disjoint X RV+X'+RB) (Dls : ls-sing L X) (Dld : ls-disjoint RV+X'+RB G) (trc-gen-rd Dtg) (wf-ec-read (Dlu1 : ls-union RV+X' RB RV+X'+RB) Dwe (wf-val-loc (Dlu2 : ls-union RV X' RV+X') (Dls2 : ls-sing L' X') Dwv Dstl))) (cln-evalc-read Dce) (Dlu3 : ls-union RV+X'+RB G RV+X'+RB+G) (Dlu4 : ls-union RV+X'+RB+G X RV+X'+RB+G+X) %% Dwv' Dlse' <- wf-pres-ec-read (wf-val-loc Dlu2 Dls2 Dwv Dstl) Dwe Dlu1 Dld Dld1 Dstl+ Dwe2 (Dlse4 : ls-subeq R' RV+X'+RB) Dld3 Dld4 <- can-ls-union _ _ (Dlu5 : ls-union R' G R'+G) <- can-ls-union _ _ (Dlu6 : ls-union R'+G X R'+G+X) <- wf-cln-evalc-imp-wf-val Devalc (wf-evalc_ Dld2 Dld4 Dls Dld3 Dtg Dwe2) Dce Dlu5 Dlu6 Dwv' (Dlse2 : ls-subeq R'' R'+G+X) <- ls-union-imp-subeq Dlu3 (Dlse10 : ls-subeq RV+X'+RB RV+X'+RB+G) (Dlse11 : ls-subeq G RV+X'+RB+G) <- ls-union-imp-subeq Dlu4 (Dlse12 : ls-subeq RV+X'+RB+G RV+X'+RB+G+X) (Dlse6 : ls-subeq X RV+X'+RB+G+X) <- ls-subeq-trans Dlse10 Dlse12 (Dlse9 : ls-subeq RV+X'+RB RV+X'+RB+G+X) <- ls-subeq-trans Dlse4 Dlse9 (Dlse7 : ls-subeq R' RV+X'+RB+G+X) <- ls-subeq-trans Dlse11 Dlse12 (Dlse8 : ls-subeq G RV+X'+RB+G+X) <- ls-subeq-union Dlse7 Dlse8 Dlu5 (Dlse5 : ls-subeq R'+G RV+X'+RB+G+X) <- ls-subeq-union Dlse5 Dlse6 Dlu6 (Dlse3 : ls-subeq R'+G+X RV+X'+RB+G+X) <- ls-subeq-trans Dlse2 Dlse3 (Dlse' : ls-subeq R'' RV+X'+RB+G+X) . - : wf-cln-evalc-imp-wf-val (evalc-memo-miss Devalc) (wf-evalc_ Dld2 Dld1 Dls Dld Dtg (wf-ec-memo Dwe)) (cln-evalc-miss Dce) Dlu1 Dlu2 %% Dwv' Dlse' <- wf-cln-evalc-imp-wf-val Devalc (wf-evalc_ Dld2 Dld1 Dls Dld Dtg Dwe) Dce Dlu1 Dlu2 Dwv' Dlse' . - : wf-cln-evalc-imp-wf-val (evalc-app Devalc) (wf-evalc_ (Dld2 : ls-disjoint X G) (Dld1 : ls-disjoint X R) Dls (Dld : ls-disjoint R G) Dtg (wf-ec-app Dlu Dwv2 Dwv1)) (cln-evalc-app Dce) (Dlu1 : ls-union R G R+G) (Dlu2 : ls-union R+G X R+G+X) %% Dwv' Dlse' <- wf-pres-ec-app (wf-ec-app Dlu Dwv2 Dwv1) Dld Dld1 Dwe2 (Dlse3 : ls-subeq R' R) Dld3 Dld4 <- can-ls-union _ _ (Dlu3 : ls-union R' G R'+G) <- can-ls-union _ _ (Dlu4 : ls-union R'+G X R'+G+X) <- wf-cln-evalc-imp-wf-val Devalc (wf-evalc_ Dld2 Dld4 Dls Dld3 Dtg Dwe2) Dce Dlu3 Dlu4 Dwv' (Dlse7 : ls-subeq R'' R'+G+X) <- ls-union-imp-subeq Dlu1 (Dlse9 : ls-subeq R R+G) (Dlse10 : ls-subeq G R+G) <- ls-union-imp-subeq Dlu2 (Dlse11 : ls-subeq R+G R+G+X) (Dlse12 : ls-subeq X R+G+X) <- ls-subeq-trans Dlse9 Dlse11 (Dlse15 : ls-subeq R R+G+X) <- ls-subeq-trans Dlse3 Dlse15 (Dlse14 : ls-subeq R' R+G+X) <- ls-subeq-trans Dlse10 Dlse11 (Dlse16 : ls-subeq G R+G+X) <- ls-subeq-union Dlse14 Dlse16 Dlu3 (Dlse13 : ls-subeq R'+G R+G+X) <- ls-subeq-union Dlse13 Dlse12 Dlu4 (Dlse8 : ls-subeq R'+G+X R+G+X) <- ls-subeq-trans Dlse7 Dlse8 (Dlse' : ls-subeq R'' R+G+X) . - : wf-cln-evalc-imp-wf-val (evalc-let Dld3+ Dtg2+ Dtg1+ Devalc2 Devals1) (wf-evalc_ (Dld2 : ls-disjoint X G1+G2) (Dld1 : ls-disjoint X R1+R2) Dls (Dld : ls-disjoint R1+R2 G1+G2) (trc-gen-let (Dlu1 : ls-union G1 G2 G1+G2) Dtg2 Dtg1) (wf-ec-let (Dlu2 : ls-union R1 R2 R1+R2) Dwe2 Dwe1)) (cln-evalc-let Dce2 Dce1) (Dlu3 : ls-union R1+R2 G1+G2 R1+R2+G1+G2) (Dlu4 : ls-union R1+R2+G1+G2 X R1+R2+G1+G2+X) %% Dwv' Dlse' <- wf-pres-es-let-1 Dlu2 Dlu1 Dld (Dld7 : ls-disjoint R1 G1) <- can-ls-union _ _ (Dlu5 : ls-union R1 G1 R1+G1) <- wf-cln-evals-imp-wf-val Devals1 (wf-evals_ Dld7 Dtg1 Dwe1) Dce1 Dlu5 Dwv1 (Dlse1 : ls-subeq R' R1+G1) <- evals-imp-st-sqsubeq-ex-trs-gen Devals1 Dtg1 (Dssee : st-sqsubeq-ex _ G1 _) <- wf-pres-ec-let-2 Dlu2 Dwe2 Dlu1 Dtg2 Dtg1 Dld Dld1 Dld2 Dtg1+ Dtg2+ Dld3+ Dssee Dwv1 Dlu5 Dlse1 Dwe4 (Dlu6 : ls-union R2 R' R2+R') (Dlse7 : ls-subeq R'' R2+R') (Dld3 : ls-disjoint G1 G2) (Dld4 : ls-disjoint R'' G2) Dld5 Dld6 <- can-ls-union _ _ (Dlu7 : ls-union R'' G2 R''+G2) <- can-ls-union _ _ (Dlu8 : ls-union R''+G2 X R''+G2+X) <- wf-cln-evalc-imp-wf-val Devalc2 (wf-evalc_ Dld6 Dld5 Dls Dld4 Dtg2 Dwe4) Dce2 Dlu7 Dlu8 Dwv' (Dlse8 : ls-subeq R''' R''+G2+X) <- ls-union-imp-subeq Dlu3 (Dlse22 : ls-subeq R1+R2 R1+R2+G1+G2) (Dlse23 : ls-subeq G1+G2 R1+R2+G1+G2) <- ls-union-imp-subeq Dlu1 (Dlse4 : ls-subeq G1 G1+G2) (Dlse6 : ls-subeq G2 G1+G2) <- ls-union-imp-subeq Dlu2 (Dlse3 : ls-subeq R1 R1+R2) (Dlse5 : ls-subeq R2 R1+R2) <- ls-subeq-trans Dlse3 Dlse22 (Dlse16 : ls-subeq R1 R1+R2+G1+G2) <- ls-subeq-trans Dlse4 Dlse23 (Dlse17 : ls-subeq G1 R1+R2+G1+G2) <- ls-subeq-trans Dlse6 Dlse23 (Dlse11 : ls-subeq G2 R1+R2+G1+G2) <- ls-subeq-union Dlse16 Dlse17 Dlu5 (Dlse15 : ls-subeq R1+G1 R1+R2+G1+G2) <- ls-subeq-trans Dlse1 Dlse15 (Dlse14 : ls-subeq R' R1+R2+G1+G2) <- ls-subeq-trans Dlse5 Dlse22 (Dlse13 : ls-subeq R2 R1+R2+G1+G2) <- ls-subeq-union Dlse13 Dlse14 Dlu6 (Dlse12 : ls-subeq R2+R' R1+R2+G1+G2) <- ls-subeq-trans Dlse7 Dlse12 (Dlse10 : ls-subeq R'' R1+R2+G1+G2) <- ls-subeq-union Dlse10 Dlse11 Dlu7 (Dlse9 : ls-subeq R''+G2 R1+R2+G1+G2) <- ls-subeq-refl _ (Dlse20 : ls-subeq X X) <- ls-union-monotone Dlu8 Dlse9 Dlse20 Dlu4 (Dlse19 : ls-subeq R''+G2+X R1+R2+G1+G2+X) <- ls-subeq-trans Dlse8 Dlse19 (Dlse' : ls-subeq R''' R1+R2+G1+G2+X) . - : wf-cln-evalc-imp-wf-val (evalc-letp Devalc) (wf-evalc_ Dld12 Dld11 Dls Dld Dtg (wf-ec-letp Dlu Dwe3 Dwv1)) (cln-evalc-letp Dce) (Dlu3 : ls-union R G R+G) (Dlu4 : ls-union R+G X R+G+X) %% Dwv' Dlse' <- wf-pres-ec-letp (wf-ec-letp Dlu Dwe3 Dwv1) Dld Dld11 Dwe2 (Dlse5 : ls-subeq R' R) Dld2 Dld13 <- can-ls-union _ _ (Dlu2 : ls-union R' G R'+G) <- can-ls-union _ _ (Dlu5 : ls-union R'+G X R'+G+X) <- wf-cln-evalc-imp-wf-val Devalc (wf-evalc_ Dld12 Dld13 Dls Dld2 Dtg Dwe2) Dce Dlu2 Dlu5 Dwv' (Dlse2 : ls-subeq R'' R'+G+X) <- ls-subeq-refl _ (Dlse18 : ls-subeq G G) <- ls-union-monotone Dlu2 Dlse5 Dlse18 Dlu3 (Dlse17 : ls-subeq R'+G R+G) <- ls-subeq-refl _ (Dlse19 : ls-subeq X X) <- ls-union-monotone Dlu5 Dlse17 Dlse19 Dlu4 (Dlse16 : ls-subeq R'+G+X R+G+X) <- ls-subeq-trans Dlse2 Dlse16 (Dlse' : ls-subeq R'' R+G+X) . - : wf-cln-evalc-imp-wf-val (evalc-case-inl Devalc) (wf-evalc_ Dld12 Dld11 Dls Dld Dtg (wf-ec-case Dlu Dlu1 Dwe2 Dwe1 (wf-val-inl Dwv0))) (cln-evalc-inl Dce) (Dlu3 : ls-union R G R+G) (Dlu4 : ls-union R+G X R+G+X) %% Dwv' Dlse' <- wf-pres-ec-case-inl (wf-ec-case Dlu Dlu1 Dwe2 Dwe1 (wf-val-inl Dwv0)) Dld Dld11 Dwe3 (Dlse3 : ls-subeq R' R) Dld2 Dld13 <- can-ls-union _ _ (Dlu2 : ls-union R' G R'+G) <- can-ls-union _ _ (Dlu5 : ls-union R'+G X R'+G+X) <- wf-cln-evalc-imp-wf-val Devalc (wf-evalc_ Dld12 Dld13 Dls Dld2 Dtg Dwe3) Dce Dlu2 Dlu5 Dwv' (Dlse2 : ls-subeq R'' R'+G+X) <- ls-subeq-refl _ (Dlse18 : ls-subeq G G) <- ls-union-monotone Dlu2 Dlse3 Dlse18 Dlu3 (Dlse17 : ls-subeq R'+G R+G) <- ls-subeq-refl _ (Dlse19 : ls-subeq X X) <- ls-union-monotone Dlu5 Dlse17 Dlse19 Dlu4 (Dlse16 : ls-subeq R'+G+X R+G+X) <- ls-subeq-trans Dlse2 Dlse16 (Dlse' : ls-subeq R'' R+G+X) . - : wf-cln-evalc-imp-wf-val (evalc-case-inr Devalc) (wf-evalc_ Dld12 Dld11 Dls Dld Dtg (wf-ec-case Dlu Dlu1 Dwe2 Dwe1 (wf-val-inr Dwv0))) (cln-evalc-inr Dce) (Dlu3 : ls-union R G R+G) (Dlu4 : ls-union R+G X R+G+X) %% Dwv' Dlse' <- wf-pres-ec-case-inr (wf-ec-case Dlu Dlu1 Dwe2 Dwe1 (wf-val-inr Dwv0)) Dld Dld11 Dwe3 (Dlse3 : ls-subeq R' R) Dld2 Dld13 <- can-ls-union _ _ (Dlu2 : ls-union R' G R'+G) <- can-ls-union _ _ (Dlu5 : ls-union R'+G X R'+G+X) <- wf-cln-evalc-imp-wf-val Devalc (wf-evalc_ Dld12 Dld13 Dls Dld2 Dtg Dwe3) Dce Dlu2 Dlu5 Dwv' (Dlse2 : ls-subeq R'' R'+G+X) <- ls-subeq-refl _ (Dlse18 : ls-subeq G G) <- ls-union-monotone Dlu2 Dlse3 Dlse18 Dlu3 (Dlse17 : ls-subeq R'+G R+G) <- ls-subeq-refl _ (Dlse19 : ls-subeq X X) <- ls-union-monotone Dlu5 Dlse17 Dlse19 Dlu4 (Dlse16 : ls-subeq R'+G+X R+G+X) <- ls-subeq-trans Dlse2 Dlse16 (Dlse' : ls-subeq R'' R+G+X) . %worlds () (wf-cln-evals-imp-wf-val _ _ _ _ _ _) (wf-cln-evalc-imp-wf-val _ _ _ _ _ _ _). %total (D1 D2) (wf-cln-evals-imp-wf-val D1 _ _ _ _ _) (wf-cln-evalc-imp-wf-val D2 _ _ _ _ _ _). %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% metric.elf %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% The metric on evaluation derivations. Our particular choice here %% (counting only eval) doesn't matter--measuring the size of the %% derivation would do as well--but conveys what it is that we get %% rid of in memo-elimination: irrelevant evaluations. evals-met : evals _ _ _ _ _ -> nat -> type. evalc-met : evalc _ _ _ _ _ -> nat -> type. cps-met : cps _ _ _ _ -> nat -> type. cpc-met : cpc _ _ _ _ _ -> nat -> type. evals-met-val : evals-met evals-val z. evals-met-plus : evals-met (evals-plus _) z. evals-met-mod : evals-met (evals-mod _ _ _ Devalc) (s N) <- evalc-met Devalc N. evals-met-miss : evals-met (evals-memo-miss Devals) (s N) <- evals-met Devals N. evals-met-hit : evals-met (evals-memo-hit Dcps Devals Dwfs) (s N3) <- evals-met Devals N1 <- cps-met Dcps N2 <- sum N1 N2 N3. evals-met-app : evals-met (evals-app Devals) (s N) <- evals-met Devals N. evals-met-let : evals-met (evals-let _ _ _ Devals2 Devals1) (s N3) <- evals-met Devals1 N1 <- evals-met Devals2 N2 <- sum N1 N2 N3. evals-met-letp : evals-met (evals-letp Devals) (s N) <- evals-met Devals N. evals-met-inl : evals-met (evals-case-inl Devals) (s N) <- evals-met Devals N. evals-met-inr : evals-met (evals-case-inr Devals) (s N) <- evals-met Devals N. evalc-met-wr : evalc-met (evalc-write _) z. evalc-met-read : evalc-met (evalc-read Devalc _) (s N) <- evalc-met Devalc N. evalc-met-miss : evalc-met (evalc-memo-miss Devalc) (s N) <- evalc-met Devalc N. evalc-met-hit : evalc-met (evalc-memo-hit Dcpc Devalc _) (s N3) <- evalc-met Devalc N1 <- cpc-met Dcpc N2 <- sum N1 N2 N3. evalc-met-app : evalc-met (evalc-app Devalc) (s N) <- evalc-met Devalc N. evalc-met-let : evalc-met (evalc-let _ _ _ Devalc Devals) (s N3) <- evals-met Devals N1 <- evalc-met Devalc N2 <- sum N1 N2 N3. evalc-met-letp : evalc-met (evalc-letp Devalc) (s N) <- evalc-met Devalc N. evalc-met-inl : evalc-met (evalc-case-inl Devalc) (s N) <- evalc-met Devalc N. evalc-met-inr : evalc-met (evalc-case-inr Devalc) (s N) <- evalc-met Devalc N. cps-met-nil : cps-met cps-nil z. cps-met-mod : cps-met (cps-mod _ _ _ Dcpc) N <- cpc-met Dcpc N. cps-met-let : cps-met (cps-let _ _ _ Dcps2 Dcps1) N3 <- cps-met Dcps1 N1 <- cps-met Dcps2 N2 <- sum N1 N2 N3. cpc-met-wr : cpc-met (cpc-write _) z. cpc-met-let : cpc-met (cpc-let _ _ _ Dcpc2 Dcps1) N3 <- cps-met Dcps1 N1 <- cpc-met Dcpc2 N2 <- sum N1 N2 N3. cpc-met-r/noch : cpc-met (cpc-read/noch Dcpc _) N <- cpc-met Dcpc N. cpc-met-r/ch : cpc-met (cpc-read/ch Devalc _ _) N <- evalc-met Devalc N. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% metric-lemmas.thm %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% can-evals-met : {Devals} evals-met Devals N -> type. can-evalc-met : {Devalc} evalc-met Devalc N -> type. can-cps-met : {Dcps} cps-met Dcps N -> type. can-cpc-met : {Dcpc} cpc-met Dcpc N -> type. %mode can-evals-met +X1 -X2. %mode can-evalc-met +X1 -X2. %mode can-cps-met +X1 -X2. %mode can-cpc-met +X1 -X2. - : can-evals-met evals-val evals-met-val. - : can-evals-met (evals-plus _) evals-met-plus. - : can-evals-met (evals-mod _ _ _ Devalc) (evals-met-mod Dem) <- can-evalc-met Devalc Dem. - : can-evals-met (evals-memo-miss Devals) (evals-met-miss Dem) <- can-evals-met Devals Dem. - : can-evals-met (evals-memo-hit Dcps Devals _) (evals-met-hit Dsum Dcm Dem) <- can-evals-met Devals Dem <- can-cps-met Dcps Dcm <- can-sum _ _ Dsum. - : can-evals-met (evals-app Devals) (evals-met-app Dem) <- can-evals-met Devals Dem. - : can-evals-met (evals-let _ _ _ Devals2 Devals1) (evals-met-let Dsum Dem2 Dem1) <- can-evals-met Devals1 Dem1 <- can-evals-met Devals2 Dem2 <- can-sum _ _ Dsum. - : can-evals-met (evals-letp Devals) (evals-met-letp Dem) <- can-evals-met Devals Dem. - : can-evals-met (evals-case-inl Devals) (evals-met-inl Dem) <- can-evals-met Devals Dem. - : can-evals-met (evals-case-inr Devals) (evals-met-inr Dem) <- can-evals-met Devals Dem. - : can-evalc-met (evalc-write _) evalc-met-wr. - : can-evalc-met (evalc-read Devalc _) (evalc-met-read Dem) <- can-evalc-met Devalc Dem. - : can-evalc-met (evalc-memo-miss Devalc) (evalc-met-miss Dem) <- can-evalc-met Devalc Dem. - : can-evalc-met (evalc-memo-hit Dcpc Devalc _) (evalc-met-hit Dsum Dcm Dem) <- can-evalc-met Devalc Dem <- can-cpc-met Dcpc Dcm <- can-sum _ _ Dsum. - : can-evalc-met (evalc-app Devalc) (evalc-met-app Dem) <- can-evalc-met Devalc Dem. - : can-evalc-met (evalc-let _ _ _ Devalc2 Devals1) (evalc-met-let Dsum Dem2 Dem1) <- can-evals-met Devals1 Dem1 <- can-evalc-met Devalc2 Dem2 <- can-sum _ _ Dsum. - : can-evalc-met (evalc-letp Devalc) (evalc-met-letp Dem) <- can-evalc-met Devalc Dem. - : can-evalc-met (evalc-case-inl Devalc) (evalc-met-inl Dem) <- can-evalc-met Devalc Dem. - : can-evalc-met (evalc-case-inr Devalc) (evalc-met-inr Dem) <- can-evalc-met Devalc Dem. - : can-cps-met cps-nil cps-met-nil. - : can-cps-met (cps-mod _ _ _ Dcpc) (cps-met-mod Dcm) <- can-cpc-met Dcpc Dcm. - : can-cps-met (cps-let _ _ _ Dcps2 Dcps1) (cps-met-let Dsum Dcm2 Dcm1) <- can-cps-met Dcps1 Dcm1 <- can-cps-met Dcps2 Dcm2 <- can-sum _ _ Dsum. - : can-cpc-met (cpc-write _) cpc-met-wr. - : can-cpc-met (cpc-let _ _ _ Dcpc2 Dcps1) (cpc-met-let Dsum Dcm2 Dcm1) <- can-cps-met Dcps1 Dcm1 <- can-cpc-met Dcpc2 Dcm2 <- can-sum _ _ Dsum. - : can-cpc-met (cpc-read/noch Dcpc _) (cpc-met-r/noch Dcm) <- can-cpc-met Dcpc Dcm. - : can-cpc-met (cpc-read/ch Devalc _ _) (cpc-met-r/ch Dem) <- can-evalc-met Devalc Dem. %worlds () (can-evals-met _ _) (can-evalc-met _ _) (can-cps-met _ _) (can-cpc-met _ _). %total (D1 D2 D3 D4) (can-evals-met D1 _) (can-evalc-met D2 _) (can-cps-met D3 _) (can-cpc-met D4 _). %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% memo-elim.thm %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% Memo-elimination lemmas. We state these slightly differently from %% the paper--we factor out wf-cln-evals-imp-wf-val, while the paper %% combines them. evals-imp-cln-evals : {N} {Devals : evals S Es V S' Ts} evals-met Devals N -> wf-evals Es' R G Devals -> %% {Devals' : evals S Es V S' Ts} evals-met Devals' N' -> leq N' N -> cln-evals Devals' -> type. %mode evals-imp-cln-evals +X1 +X2 +X3 +X4 -X5 -X6 -X7 -X8. evalc-imp-cln-evalc : {N} {Devalc: evalc S L Ec S' Tc} evalc-met Devalc N -> wf-evalc Ec' R G X Devalc -> %% {Devalc' : evalc S L Ec S' Tc} evalc-met Devalc' N' -> leq N' N -> cln-evalc Devalc' -> type. %mode evalc-imp-cln-evalc +X1 +X2 +X3 +X4 -X5 -X6 -X7 -X8. evals-cps-imp-cln-evals : {N} {Devals : evals S1 Es V S1' Ts1} evals-met Devals Nevals -> wf-evals Es1' R1 G1 Devals -> {Dcps : cps S Ts1 S' Ts} cps-met Dcps Ncps -> sum Nevals Ncps N -> wf-es Es S Es' R -> trs-gen Ts G -> ls-disjoint R G -> %% {Devals' : evals S Es V S' Ts} evals-met Devals' N' -> leq N' N -> cln-evals Devals' -> type. %mode evals-cps-imp-cln-evals +X1 +X2 +X3 +X4 +X5 +X6 +X7 +X8 +X9 +X10 -X11 -X12 -X13 -X14. evalc-cpc-imp-cln-evalc : {N} {Devalc : evalc S1 L Ec S1' Tc1} evalc-met Devalc Nevalc -> wf-evalc Ec1' R1 G1 X1 Devalc -> {Dcpc : cpc S L Tc1 S' Tc} cpc-met Dcpc Ncpc -> sum Nevalc Ncpc N -> wf-ec Ec S Ec' R -> trc-gen Tc G -> ls-disjoint R G -> ls-sing L X -> ls-disjoint X R -> ls-disjoint X G -> %% {Devalc' : evalc S L Ec S' Tc} evalc-met Devalc' N' -> leq N' N -> cln-evalc Devalc' -> type. %mode evalc-cpc-imp-cln-evalc +X1 +X2 +X3 +X4 +X5 +X6 +X7 +X8 +X9 +X10 +X11 +X12 +X13 -X14 -X15 -X16 -X17. %% cases of evals-imp-cln-evals - : evals-imp-cln-evals _ evals-val _ (wf-evals_ _ _ (wf-es-val Dwv)) %% evals-val evals-met-val leq-z cln-evals-val . - : evals-imp-cln-evals _ (evals-plus Dsum) _ _ %% (evals-plus Dsum) evals-met-plus leq-z cln-evals-plus . - : evals-imp-cln-evals _ (evals-mod (Dld+ : ls-disjoint X+ G+) (Dls+ : ls-sing L X+) Dtg+ Devalc) (evals-met-mod Dem) (wf-evals_ (Dld : ls-disjoint R G+X) (trs-gen-mod (Dlu : ls-union G X G+X) (Dls : ls-sing L X) Dtg) Dwe) %% (evals-mod Dld+ Dls+ Dtg+ Devalc') (evals-met-mod Dem') (leq-s Dleq') (cln-evals-mod Dce') <- wf-pres-es-mod Dwe Dtg Dls Dlu Dld Dtg+ Dls+ Dld+ Dwe2 (Dld3 : ls-disjoint R G) Dld4 Dld5 <- evalc-imp-cln-evalc _ Devalc Dem (wf-evalc_ Dld5 Dld4 Dls Dld3 Dtg Dwe2) Devalc' Dem' Dleq' Dce' . - : evals-imp-cln-evals _ (evals-memo-miss Devals) (evals-met-miss Dem) (wf-evals_ Dld Dtg (wf-es-memo Dwe)) %% (evals-memo-miss Devals') (evals-met-miss Dem') (leq-s Dleq') (cln-evals-miss Dce') <- evals-imp-cln-evals _ Devals Dem (wf-evals_ Dld Dtg Dwe) Devals' Dem' Dleq' Dce' . - : evals-imp-cln-evals _ (evals-memo-hit Dcps Devals Dwfe) (evals-met-hit Dsum Dcm Dem) (wf-evals_ Dld Dtg (wf-es-memo Dwe)) %% (evals-memo-miss Devals') (evals-met-miss Dem') (leq-s Dleq') (cln-evals-miss Dce') <- evals-cps-imp-cln-evals _ Devals Dem Dwfe Dcps Dcm Dsum Dwe Dtg Dld Devals' Dem' Dleq' Dce' . - : evals-imp-cln-evals _ (evals-app Devals) (evals-met-app Dem) (wf-evals_ Dld Dtg (wf-es-app Dlu3 Dwv2 Dwv1)) %% (evals-app Devals') (evals-met-app Dem') (leq-s Dleq') (cln-evals-app Dce') <- wf-pres-es-app (wf-es-app Dlu3 Dwv2 Dwv1) Dld Dwe2 (Dlse2 : ls-subeq R' R) Dld2 <- evals-imp-cln-evals _ Devals Dem (wf-evals_ Dld2 Dtg Dwe2) Devals' Dem' Dleq' Dce' . - : evals-imp-cln-evals _ (evals-let (Dld+ : ls-disjoint G1' G2') Dtg2+ Dtg1+ Devals2 Devals1) (evals-met-let Dsum Dem2 Dem1) (wf-evals_ (Dld2 : ls-disjoint R1+R2 G1+G2) (trs-gen-let (Dlu1 : ls-union G1 G2 G1+G2) Dtg2 Dtg1) (wf-es-let (Dlu2 : ls-union R1 R2 R1+R2) Dwe2 Dwe1)) %% (evals-let Dld Dtg2 Dtg1 Devals2' Devals1') (evals-met-let Dsum' Dem2' Dem1') (leq-s Dleq') (cln-evals-let Dce2' Dce1') <- wf-pres-es-let-1 Dlu2 Dlu1 Dld2 (Dld4 : ls-disjoint R1 G1) <- sum-imp-leq Dsum Dleq1 Dleq2 <- leq-reduces _ _ Dleq1 <- evals-imp-cln-evals _ Devals1 Dem1 (wf-evals_ Dld4 Dtg1 Dwe1) Devals1' Dem1' Dleq1' Dce1' <- can-ls-union _ _ (Dlu3 : ls-union R1 G1 R1+G1) <- wf-cln-evals-imp-wf-val Devals1' (wf-evals_ Dld4 Dtg1 Dwe1) Dce1' Dlu3 Dwv1 Dlse1 <- evals-imp-st-sqsubeq-ex-trs-gen Devals1 Dtg1 (Dssee : st-sqsubeq-ex _ G1 _) <- wf-pres-es-let-2 Dlu2 Dwe2 Dlu1 Dtg2 Dtg1 Dld2 Dtg1+ Dtg2+ Dld+ Dssee Dwv1 Dlu3 Dlse1 Dwe4 (Dlu4 : ls-union R2 R1+G1' R2+R1+G1') (Dlse7 : ls-subeq R2+R1+G1'' R2+R1+G1') (Dld : ls-disjoint G1 G2) (Dld7 : ls-disjoint R2+R1+G1'' G2) <- leq-reduces _ _ Dleq2 <- evals-imp-cln-evals _ Devals2 Dem2 (wf-evals_ Dld7 Dtg2 Dwe4) Devals2' Dem2' Dleq2' Dce2' <- can-sum _ _ Dsum' <- sum-monotone Dleq1' Dleq2' Dsum' Dsum Dleq' . - : evals-imp-cln-evals _ (evals-letp Devals) (evals-met-letp Dem) (wf-evals_ Dld Dtg (wf-es-letp Dlu2 Dwe3 Dwv1)) %% (evals-letp Devals') (evals-met-letp Dem') (leq-s Dleq') (cln-evals-letp Dce') <- wf-pres-es-letp (wf-es-letp Dlu2 Dwe3 Dwv1) Dld Dwe2 (Dlse5 : ls-subeq R' R) (Dld2 : ls-disjoint R' G) <- evals-imp-cln-evals _ Devals Dem (wf-evals_ Dld2 Dtg Dwe2) Devals' Dem' Dleq' Dce' . - : evals-imp-cln-evals _ (evals-case-inl Devals) (evals-met-inl Dem) (wf-evals_ Dld Dtg (wf-es-case Dlu2 Dlu1 Dwe2 Dwe1 (wf-val-inl Dwv0))) %% (evals-case-inl Devals') (evals-met-inl Dem') (leq-s Dleq') (cln-evals-inl Dce') <- wf-pres-es-case-inl (wf-es-case Dlu2 Dlu1 Dwe2 Dwe1 (wf-val-inl Dwv0)) Dld Dwe3 (Dlse3 : ls-subeq R' R) (Dld2 : ls-disjoint R' G) <- evals-imp-cln-evals _ Devals Dem (wf-evals_ Dld2 Dtg Dwe3) Devals' Dem' Dleq' Dce' . - : evals-imp-cln-evals _ (evals-case-inr Devals) (evals-met-inr Dem) (wf-evals_ Dld Dtg (wf-es-case Dlu2 Dlu1 Dwe2 Dwe1 (wf-val-inr Dwv0))) %% (evals-case-inr Devals') (evals-met-inr Dem') (leq-s Dleq') (cln-evals-inr Dce') <- wf-pres-es-case-inr (wf-es-case Dlu2 Dlu1 Dwe2 Dwe1 (wf-val-inr Dwv0)) Dld Dwe3 (Dlse3 : ls-subeq R' R) (Dld2 : ls-disjoint R' G) <- evals-imp-cln-evals _ Devals Dem (wf-evals_ Dld2 Dtg Dwe3) Devals' Dem' Dleq' Dce' . %% cases of evalc-imp-cln-evalc - : evalc-imp-cln-evalc _ (evalc-write Dstu) _ _ %% (evalc-write Dstu) evalc-met-wr leq-z cln-evalc-write . - : evalc-imp-cln-evalc _ (evalc-read Devalc (Dstl+ : st-lookup S L' V+)) (evalc-met-read Dem) (wf-evalc_ (Dld2 : ls-disjoint X G) (Dld1 : ls-disjoint X RV+X'+RB) (Dls : ls-sing L X) (Dld : ls-disjoint RV+X'+RB G) (trc-gen-rd Dtg) (wf-ec-read (Dlu1 : ls-union RV+X' RB RV+X'+RB) Dwe (wf-val-loc (Dlu2 : ls-union RV X' RV+X') (Dls2 : ls-sing L' X') Dwv Dstl))) %% (evalc-read Devalc' Dstl+) (evalc-met-read Dem') (leq-s Dleq') (cln-evalc-read Dce') <- wf-pres-ec-read (wf-val-loc Dlu2 Dls2 Dwv Dstl) Dwe Dlu1 Dld Dld1 Dstl+ Dwe2 (Dlse4 : ls-subeq R' RV+X'+RB) Dld3 Dld4 <- evalc-imp-cln-evalc _ Devalc Dem (wf-evalc_ Dld2 Dld4 Dls Dld3 Dtg Dwe2) Devalc' Dem' Dleq' Dce' . - : evalc-imp-cln-evalc _ (evalc-memo-miss Devalc) (evalc-met-miss Dem) (wf-evalc_ Dld2 Dld1 Dls Dld Dtg (wf-ec-memo Dwe)) %% (evalc-memo-miss Devalc') (evalc-met-miss Dem') (leq-s Dleq') (cln-evalc-miss Dce') <- evalc-imp-cln-evalc _ Devalc Dem (wf-evalc_ Dld2 Dld1 Dls Dld Dtg Dwe) Devalc' Dem' Dleq' Dce' . - : evalc-imp-cln-evalc _ (evalc-memo-hit Dcpc Devalc Dwfe) (evalc-met-hit Dsum Dcm Dem) (wf-evalc_ Dld2 Dld1 Dls Dld Dtg (wf-ec-memo Dwe)) %% (evalc-memo-miss Devalc') (evalc-met-miss Dem') (leq-s Dleq') (cln-evalc-miss Dce') <- evalc-cpc-imp-cln-evalc _ Devalc Dem Dwfe Dcpc Dcm Dsum Dwe Dtg Dld Dls Dld1 Dld2 Devalc' Dem' Dleq' Dce' . - : evalc-imp-cln-evalc _ (evalc-app Devalc) (evalc-met-app Dem) (wf-evalc_ (Dld2 : ls-disjoint X G) (Dld1 : ls-disjoint X R) Dls (Dld : ls-disjoint R G) Dtg Dwe) %% (evalc-app Devalc') (evalc-met-app Dem') (leq-s Dleq') (cln-evalc-app Dce') <- wf-pres-ec-app Dwe Dld Dld1 Dwe2 (Dlse3 : ls-subeq R' R) Dld3 Dld4 <- evalc-imp-cln-evalc _ Devalc Dem (wf-evalc_ Dld2 Dld4 Dls Dld3 Dtg Dwe2) Devalc' Dem' Dleq' Dce' . - : evalc-imp-cln-evalc _ (evalc-let Dld3+ Dtg2+ Dtg1+ Devalc2 Devals1) (evalc-met-let Dsum Dem2 Dem1) (wf-evalc_ (Dld2 : ls-disjoint X G1+G2) (Dld1 : ls-disjoint X R1+R2) Dls (Dld : ls-disjoint R1+R2 G1+G2) (trc-gen-let (Dlu1 : ls-union G1 G2 G1+G2) Dtg2 Dtg1) (wf-ec-let (Dlu2 : ls-union R1 R2 R1+R2) Dwe2 Dwe1)) %% (evalc-let Dld3 Dtg2 Dtg1 Devalc2' Devals1') (evalc-met-let Dsum' Dem2' Dem1') (leq-s Dleq') (cln-evalc-let Dce2' Dce1') <- wf-pres-es-let-1 Dlu2 Dlu1 Dld (Dld7 : ls-disjoint R1 G1) <- sum-imp-leq Dsum Dleq1 Dleq2 <- leq-reduces _ _ Dleq1 <- evals-imp-cln-evals _ Devals1 Dem1 (wf-evals_ Dld7 Dtg1 Dwe1) Devals1' Dem1' Dleq1' Dce1' <- can-ls-union _ _ (Dlu5 : ls-union R1 G1 R1+G1) <- wf-cln-evals-imp-wf-val Devals1' (wf-evals_ Dld7 Dtg1 Dwe1) Dce1' Dlu5 Dwv1 (Dlse1 : ls-subeq R' R1+G1) <- evals-imp-st-sqsubeq-ex-trs-gen Devals1 Dtg1 (Dssee : st-sqsubeq-ex _ G1 _) <- wf-pres-ec-let-2 Dlu2 Dwe2 Dlu1 Dtg2 Dtg1 Dld Dld1 Dld2 Dtg1+ Dtg2+ Dld3+ Dssee Dwv1 Dlu5 Dlse1 Dwe4 (Dlu6 : ls-union R2 R' R2+R') (Dlse7 : ls-subeq R'' R2+R') (Dld3 : ls-disjoint G1 G2) (Dld4 : ls-disjoint R'' G2) Dld5 Dld6 <- leq-reduces _ _ Dleq2 <- evalc-imp-cln-evalc _ Devalc2 Dem2 (wf-evalc_ Dld6 Dld5 Dls Dld4 Dtg2 Dwe4) Devalc2' Dem2' Dleq2' Dce2' <- can-sum _ _ Dsum' <- sum-monotone Dleq1' Dleq2' Dsum' Dsum Dleq' . - : evalc-imp-cln-evalc _ (evalc-letp Devalc) (evalc-met-letp Dem) (wf-evalc_ Dld12 Dld11 Dls Dld Dtg Dwe) %% (evalc-letp Devalc') (evalc-met-letp Dem') (leq-s Dleq') (cln-evalc-letp Dce') <- wf-pres-ec-letp Dwe Dld Dld11 Dwe2 (Dlse5 : ls-subeq R' R) Dld2 Dld13 <- evalc-imp-cln-evalc _ Devalc Dem (wf-evalc_ Dld12 Dld13 Dls Dld2 Dtg Dwe2) Devalc' Dem' Dleq' Dce' . - : evalc-imp-cln-evalc _ (evalc-case-inl Devalc) (evalc-met-inl Dem) (wf-evalc_ Dld12 Dld11 Dls Dld Dtg Dwe) %% (evalc-case-inl Devalc') (evalc-met-inl Dem') (leq-s Dleq') (cln-evalc-inl Dce') <- wf-pres-ec-case-inl Dwe Dld Dld11 Dwe3 (Dlse3 : ls-subeq R' R) Dld2 Dld13 <- evalc-imp-cln-evalc _ Devalc Dem (wf-evalc_ Dld12 Dld13 Dls Dld2 Dtg Dwe3) Devalc' Dem' Dleq' Dce' . - : evalc-imp-cln-evalc _ (evalc-case-inr Devalc) (evalc-met-inr Dem) (wf-evalc_ Dld12 Dld11 Dls Dld Dtg Dwe) %% (evalc-case-inr Devalc') (evalc-met-inr Dem') (leq-s Dleq') (cln-evalc-inr Dce') <- wf-pres-ec-case-inr Dwe Dld Dld11 Dwe3 (Dlse3 : ls-subeq R' R) Dld2 Dld13 <- evalc-imp-cln-evalc _ Devalc Dem (wf-evalc_ Dld12 Dld13 Dls Dld2 Dtg Dwe3) Devalc' Dem' Dleq' Dce' . %% cases of evals-cps-imp-cln-evals - : evals-cps-imp-cln-evals _ evals-val evals-met-val _ cps-nil cps-met-nil sum-z _ trs-gen-nil _ %% evals-val evals-met-val leq-z cln-evals-val . - : evals-cps-imp-cln-evals _ (evals-plus Dsum) evals-met-plus _ cps-nil cps-met-nil sum-z _ trs-gen-nil _ %% (evals-plus Dsum) evals-met-plus leq-z cln-evals-plus . - : evals-cps-imp-cln-evals _ (evals-mod (Dld0+ : ls-disjoint X0+ G0+) (Dls0+ : ls-sing L X0+) Dtg0+ Devalc) (evals-met-mod Dem) (wf-evals_ (Dld0 : ls-disjoint R0 G0+X0) (trs-gen-mod (Dlu0 : ls-union G0 X0 G0+X0) (Dls0 : ls-sing L X0) Dtg0) Dwe0) (cps-mod (Dld+ : ls-disjoint X+ G+) (Dls+ : ls-sing L X+) Dtg+ Dcpc) (cps-met-mod Dcm) (sum-s Dsum) Dwe (trs-gen-mod (Dlu : ls-union G X G+X) (Dls : ls-sing L X) Dtg) (Dld : ls-disjoint R G+X) %% (evals-mod Dld+ Dls+ Dtg+ Devalc') (evals-met-mod Dem') (leq-s Dleq') (cln-evals-mod Dce') <- wf-pres-es-mod Dwe0 Dtg0 Dls0 Dlu0 Dld0 Dtg0+ Dls0+ Dld0+ Dwe2 Dld3 Dld4 Dld5 <- wf-pres-es-mod Dwe Dtg Dls Dlu Dld Dtg+ Dls+ Dld+ Dwe3 Dld6 Dld7 Dld8 <- evalc-cpc-imp-cln-evalc _ Devalc Dem (wf-evalc_ Dld5 Dld4 Dls0 Dld3 Dtg0 Dwe2) Dcpc Dcm Dsum Dwe3 Dtg Dld6 Dls Dld7 Dld8 Devalc' Dem' Dleq' Dce' . - : evals-cps-imp-cln-evals _ (evals-memo-miss Devals) (evals-met-miss Dem) (wf-evals_ Dld Dtg (wf-es-memo Dwe)) Dcps Dcm (sum-s Dsum) (wf-es-memo Dwe2) Dtg2 Dld2 %% (evals-memo-miss Devals') (evals-met-miss Dem') (leq-s Dleq') (cln-evals-miss Dce') <- evals-cps-imp-cln-evals _ Devals Dem (wf-evals_ Dld Dtg Dwe) Dcps Dcm Dsum Dwe2 Dtg2 Dld2 Devals' Dem' Dleq' Dce' . - : evals-cps-imp-cln-evals _ (evals-memo-hit Dcps0 Devals Dwfe) (evals-met-hit (Dsum0 : sum N1 N2 N1+N2) Dcm0 Dem) (wf-evals_ (Dld0 : ls-disjoint R0 G0) Dtg0 (wf-es-memo Dwe0)) Dcps Dcm (sum-s (Dsum : sum N1+N2 N3 N1+N2+N3)) (wf-es-memo Dwe) Dtg Dld %% (evals-memo-miss Devals') (evals-met-miss Dem') (leq-s Dleq') (cln-evals-miss Dce') <- sum-imp-leq Dsum (Dleq6 : leq N1+N2 N1+N2+N3) _ <- leq-reduces _ _ Dleq6 <- evals-cps-imp-cln-evals _ Devals Dem Dwfe Dcps0 Dcm0 Dsum0 Dwe0 Dtg0 Dld0 Devals2 Dem2 (Dleq2 : leq N4 N1+N2) _ <- can-sum _ _ (Dsum3 : sum N4 N3 N4+N3) <- leq-refl _ Dleq5 <- sum-monotone Dleq2 Dleq5 Dsum3 Dsum (Dleq4 : leq N4+N3 N1+N2+N3) <- leq-reduces _ _ Dleq4 <- evals-cps-imp-cln-evals _ Devals2 Dem2 (wf-evals_ Dld0 Dtg0 Dwe0) Dcps Dcm Dsum3 Dwe Dtg Dld Devals' Dem' (Dleq3 : leq N5 N4+N3) Dce' <- leq-trans Dleq3 Dleq4 (Dleq' : leq N5 N1+N2+N3) . - : evals-cps-imp-cln-evals _ (evals-app Devals) (evals-met-app Dem) (wf-evals_ Dld0 Dtg0 (wf-es-app Dlu3 Dwv2 Dwv1)) Dcps Dcm (sum-s Dsum) Dwe Dtg Dld %% (evals-app Devals') (evals-met-app Dem') (leq-s Dleq') (cln-evals-app Dce') <- wf-pres-es-app (wf-es-app Dlu3 Dwv2 Dwv1) Dld0 Dwe2 _ Dld1 <- wf-pres-es-app Dwe Dld Dwe4 (Dlse2 : ls-subeq R' R) Dld2 <- evals-cps-imp-cln-evals _ Devals Dem (wf-evals_ Dld1 Dtg0 Dwe2) Dcps Dcm Dsum Dwe4 Dtg Dld2 Devals' Dem' Dleq' Dce' . - : evals-cps-imp-cln-evals _ (evals-let (Dld0+ : ls-disjoint G01+ G02+) Dtg02+ Dtg01+ Devals02 Devals01) (evals-met-let (Dsum0 : sum N01 N02 N01+N02) Dem02 Dem01) (wf-evals_ (Dld02 : ls-disjoint R01+R02 G01+G02) (trs-gen-let (Dlu01 : ls-union G01 G02 G01+G02) Dtg02 Dtg01) (wf-es-let (Dlu02 : ls-union R01 R02 R01+R02) Dwe02 Dwe01)) (cps-let (Dld+ : ls-disjoint G1+ G2+) Dtg2+ Dtg1+ Dcps2 Dcps1) (cps-met-let (Dsum2 : sum N1 N2 N1+N2) Dcm2 Dcm1) (sum-s (Dsum : sum N01+N02 N1+N2 N01+N02+N1+N2)) (wf-es-let (Dlu2 : ls-union R1 R2 R1+R2) Dwe2 Dwe1) (trs-gen-let (Dlu1 : ls-union G1 G2 G1+G2) Dtg2 Dtg1) (Dld2 : ls-disjoint R1+R2 G1+G2) %% (evals-let Dld Dtg2 Dtg1 Devals2' Devals1') (evals-met-let Dsum3 Dem2' Dem1') (leq-s Dleq') (cln-evals-let Dce2' Dce1') % establish well-formedness of first part of let <- wf-pres-es-let-1 Dlu02 Dlu01 Dld02 (Dld3 : ls-disjoint R01 G01) <- wf-pres-es-let-1 Dlu2 Dlu1 Dld2 (Dld4 : ls-disjoint R1 G1) % then call lemma recursively <- can-sum _ _ (Dsum4 : sum N01 N1 N01+N1) <- sum-imp-leq Dsum0 (Dleq1 : leq N01 N01+N02) (Dleq2 : leq N02 N01+N02) <- sum-imp-leq Dsum2 (Dleq3 : leq N1 N1+N2) (Dleq4 : leq N2 N1+N2) <- sum-monotone Dleq1 Dleq3 Dsum4 Dsum (Dleq5 : leq N01+N1 N01+N02+N1+N2) <- leq-reduces _ _ Dleq5 <- evals-cps-imp-cln-evals _ Devals01 Dem01 (wf-evals_ Dld3 Dtg01 Dwe01) Dcps1 Dcm1 Dsum4 Dwe1 Dtg1 Dld4 Devals1' Dem1' (Dleq1' : leq N1' N01+N1) Dce1' <- can-ls-union _ _ (Dlu3 : ls-union R1 G1 R1+G1) <- wf-cln-evals-imp-wf-val Devals1' (wf-evals_ Dld4 Dtg1 Dwe1) Dce1' Dlu3 Dwv1 (Dlse2 : ls-subeq R1+G1' R1+G1) % establish well-formedness of second part of old evaluation <- evals-imp-st-sqsubeq-ex-trs-gen Devals01 Dtg01 (Dssee0 : st-sqsubeq-ex _ G01 _) <- sum-imp-leq Dsum (Dleq7 : leq N01+N02 N01+N02+N1+N2) _ <- leq-trans Dleq1 Dleq7 (Dleq8 : leq N01 N01+N02+N1+N2) <- leq-reduces _ _ Dleq8 %{ here we call memo-elimination only so we have a clean evaluation to pass to wf-cln-evals-imp-wf-val; see comment there. }% <- evals-imp-cln-evals _ Devals01 Dem01 (wf-evals_ Dld3 Dtg01 Dwe01) Devals01' _ _ Dce01' <- can-ls-union _ _ (Dlu5 : ls-union R01 G01 R01+G01) <- wf-cln-evals-imp-wf-val Devals01' (wf-evals_ Dld3 Dtg01 Dwe01) Dce01' Dlu5 Dwv3 (Dlse12 : ls-subeq R01+G01' R01+G01) <- wf-pres-es-let-2 Dlu02 Dwe02 Dlu01 Dtg02 Dtg01 Dld02 Dtg01+ Dtg02+ Dld0+ Dssee0 Dwv3 Dlu5 Dlse12 Dwe4 _ _ _ (Dld6 : ls-disjoint R02+R01+G01'' G02) % establish well-formedness of second part of old evaluation + change propagation <- cps-imp-st-sqsubeq-ex-trs-gen Dcps1 Dtg1 (Dssee : st-sqsubeq-ex _ G1 _) <- wf-pres-es-let-2 Dlu2 Dwe2 Dlu1 Dtg2 Dtg1 Dld2 Dtg1+ Dtg2+ Dld+ Dssee Dwv1 Dlu3 Dlse2 Dwe6 (Dlu8 : ls-union R2 R1+G1' R2+R1+G1') (Dlse24 : ls-subeq R2+R1+G1'' R2+R1+G1') (Dld : ls-disjoint G1 G2) (Dld8 : ls-disjoint R2+R1+G1'' G2) % then call lemma recursively <- can-sum _ _ (Dsum5 : sum N02 N2 N02+N2) <- sum-monotone Dleq2 Dleq4 Dsum5 Dsum (Dleq6 : leq N02+N2 N01+N02+N1+N2) <- leq-reduces _ _ Dleq6 <- evals-cps-imp-cln-evals _ Devals02 Dem02 (wf-evals_ Dld6 Dtg02 Dwe4) Dcps2 Dcm2 Dsum5 Dwe6 Dtg2 Dld8 Devals2' Dem2' (Dleq2' : leq N2' N02+N2) Dce2' <- can-sum _ _ (Dsum3 : sum N1' N2' N1'+N2') <- sum-subsums Dsum0 Dsum2 Dsum Dsum4 Dsum5 (Dsum6 : sum _ _ _) <- sum-monotone Dleq1' Dleq2' Dsum3 Dsum6 Dleq' . - : evals-cps-imp-cln-evals _ (evals-letp Devals) (evals-met-letp Dem) (wf-evals_ Dld0 Dtg0 (wf-es-letp Dlu2 Dwe3 Dwv1)) Dcps Dcm (sum-s Dsum) Dwe Dtg Dld %% (evals-letp Devals') (evals-met-letp Dem') (leq-s Dleq') (cln-evals-letp Dce') <- wf-pres-es-letp (wf-es-letp Dlu2 Dwe3 Dwv1) Dld0 Dwe2 _ Dld1 <- wf-pres-es-letp Dwe Dld Dwe4 (Dlse27 : ls-subeq R' R) Dld2 <- evals-cps-imp-cln-evals _ Devals Dem (wf-evals_ Dld1 Dtg0 Dwe2) Dcps Dcm Dsum Dwe4 Dtg Dld2 Devals' Dem' Dleq' Dce' . - : evals-cps-imp-cln-evals _ (evals-case-inl Devals) (evals-met-inl Dem) (wf-evals_ Dld0 Dtg0 (wf-es-case Dlu2 Dlu1 Dwe2 Dwe1 (wf-val-inl Dwv0))) Dcps Dcm (sum-s Dsum) Dwe Dtg (Dld : ls-disjoint R G) %% (evals-case-inl Devals') (evals-met-inl Dem') (leq-s Dleq') (cln-evals-inl Dce') <- wf-pres-es-case-inl (wf-es-case Dlu2 Dlu1 Dwe2 Dwe1 (wf-val-inl Dwv0)) Dld0 Dwe3 _ Dld1 <- wf-pres-es-case-inl Dwe Dld Dwe4 (Dlse21 : ls-subeq R' R) Dld2 <- evals-cps-imp-cln-evals _ Devals Dem (wf-evals_ Dld1 Dtg0 Dwe3) Dcps Dcm Dsum Dwe4 Dtg Dld2 Devals' Dem' Dleq' Dce' . - : evals-cps-imp-cln-evals _ (evals-case-inr Devals) (evals-met-inr Dem) (wf-evals_ Dld0 Dtg0 (wf-es-case Dlu2 Dlu1 Dwe2 Dwe1 (wf-val-inr Dwv0))) Dcps Dcm (sum-s Dsum) Dwe Dtg (Dld : ls-disjoint R G) %% (evals-case-inr Devals') (evals-met-inr Dem') (leq-s Dleq') (cln-evals-inr Dce') <- wf-pres-es-case-inr (wf-es-case Dlu2 Dlu1 Dwe2 Dwe1 (wf-val-inr Dwv0)) Dld0 Dwe3 _ Dld1 <- wf-pres-es-case-inr Dwe Dld Dwe4 (Dlse21 : ls-subeq R' R) Dld2 <- evals-cps-imp-cln-evals _ Devals Dem (wf-evals_ Dld1 Dtg0 Dwe3) Dcps Dcm Dsum Dwe4 Dtg Dld2 Devals' Dem' Dleq' Dce' . %{ Twelf chooses a splitting order which leads to some impossible cases, so we have to take care of them. It's possible that we can influence the splitting order to avoid this by reordering the arguments, but at this point it's more straightforward to just handle the spurious cases. }% cps-let-mod-false : cps _ (trs-let _ _) _ (trs-mod _ _) -> %% false -> type. %mode cps-let-mod-false +X1 -X2. %worlds () (cps-let-mod-false _ _). %total {} (cps-let-mod-false _ _). evals-let-cps-mod-false : evals _ (es-let _ _) _ _ Ts -> cps _ Ts _ (trs-mod _ _) -> %% false -> type. %mode evals-let-cps-mod-false +X1 +X2 -X3. - : evals-let-cps-mod-false (evals-let _ _ _ _ _) Dcps Dfalse <- cps-let-mod-false Dcps Dfalse. %worlds () (evals-let-cps-mod-false _ _ _). %total {} (evals-let-cps-mod-false _ _ _). cps-mod-let-false : cps _ (trs-mod _ _) _ (trs-let _ _) -> %% false -> type. %mode cps-mod-let-false +X1 -X2. %worlds () (cps-mod-let-false _ _). %total {} (cps-mod-let-false _ _). evals-mod-cps-let-false : evals _ (es-mod _) _ _ Ts -> cps _ Ts _ (trs-let _ _) -> %% false -> type. %mode evals-mod-cps-let-false +X1 +X2 -X3. - : evals-mod-cps-let-false (evals-mod _ _ _ _) Dcps Dfalse <- cps-mod-let-false Dcps Dfalse. %worlds () (evals-mod-cps-let-false _ _ _). %total {} (evals-mod-cps-let-false _ _ _). false-imp-cln-evals : {N}{S}{Es}{V}{S'}{Ts} false -> %% {Devals' : evals S Es V S' Ts} evals-met Devals' N' -> leq N' N -> cln-evals Devals' -> type. %mode false-imp-cln-evals +X1 +X2 +X3 +X4 +X5 +X6 +X7 -X8 -X9 -X10 -X11. %worlds () (false-imp-cln-evals _ _ _ _ _ _ _ _ _ _ _). %total {} (false-imp-cln-evals _ _ _ _ _ _ _ _ _ _ _). - : evals-cps-imp-cln-evals _ Devals _ _ Dcps _ _ (wf-es-let _ _ _) (trs-gen-mod _ _ _) _ %% D1 D2 D3 D4 <- evals-let-cps-mod-false Devals Dcps Dfalse <- false-imp-cln-evals _ _ _ _ _ _ Dfalse D1 D2 D3 D4 . - : evals-cps-imp-cln-evals _ Devals _ _ Dcps _ _ (wf-es-mod _) (trs-gen-let _ _ _) _ %% D1 D2 D3 D4 <- evals-mod-cps-let-false Devals Dcps Dfalse <- false-imp-cln-evals _ _ _ _ _ _ Dfalse D1 D2 D3 D4 . %% cases of evalc-cpc-imp-cln-evalc - : evalc-cpc-imp-cln-evalc _ (evalc-write _) _ _ (cpc-write Dstu) _ _ _ _ _ _ _ _ %% (evalc-write Dstu) evalc-met-wr leq-z cln-evalc-write . - : evalc-cpc-imp-cln-evalc _ (evalc-read Devalc0 (Dstl0+ : st-lookup S0 L' V0+)) (evalc-met-read Dem) (wf-evalc_ (Dld02 : ls-disjoint X0 G0) (Dld01 : ls-disjoint X0 RV0+X0'+RB0) (Dls0 : ls-sing L X0) (Dld0 : ls-disjoint RV0+X0'+RB0 G0) (trc-gen-rd Dtg0) (wf-ec-read (Dlu01 : ls-union RV0+X0' RB0 RV0+X0'+RB0) Dwe0 (wf-val-loc (Dlu02 : ls-union RV0 X0' RV0+X0') (Dls02 : ls-sing L' X0') Dwv0 Dstl0))) (cpc-read/noch Dcpc (Dstl+ : st-lookup S L' V0+)) (cpc-met-r/noch Dcm) (sum-s Dsum) (wf-ec-read (Dlu1 : ls-union RV+X' RB RV+X'+RB) Dwe (wf-val-loc (Dlu2 : ls-union RV X' RV+X') (Dls2 : ls-sing L' X') Dwv Dstl)) (trc-gen-rd Dtg) (Dld : ls-disjoint RV+X'+RB G) (Dls : ls-sing L X) (Dld1 : ls-disjoint X RV+X'+RB) (Dld2 : ls-disjoint X G) %% (evalc-read Devalc' Dstl+) (evalc-met-read Dem') (leq-s Dleq') (cln-evalc-read Dce') <- wf-pres-ec-read (wf-val-loc Dlu02 Dls02 Dwv0 Dstl0) Dwe0 Dlu01 Dld0 Dld01 Dstl0+ Dwe1 _ Dld3 Dld4 <- wf-pres-ec-read (wf-val-loc Dlu2 Dls2 Dwv Dstl) Dwe Dlu1 Dld Dld1 Dstl+ Dwe2 (Dlse4 : ls-subeq R' RV+X'+RB) Dld5 Dld6 <- evalc-cpc-imp-cln-evalc _ Devalc0 Dem (wf-evalc_ Dld02 Dld4 Dls0 Dld3 Dtg0 Dwe1) Dcpc Dcm Dsum Dwe2 Dtg Dld5 Dls Dld6 Dld2 Devalc' Dem' Dleq' Dce' . - : evalc-cpc-imp-cln-evalc _ (evalc-memo-miss Devalc) (evalc-met-miss Dem) (wf-evalc_ Dld02 Dld01 Dls0 (Dld0 : ls-disjoint R0 G0) Dtg0 (wf-ec-memo Dwe0)) Dcpc Dcm (sum-s Dsum) (wf-ec-memo Dwe) Dtg (Dld : ls-disjoint R G) Dls (Dld1 : ls-disjoint X R) (Dld2 : ls-disjoint X G) %% (evalc-memo-miss Devalc') (evalc-met-miss Dem') (leq-s Dleq') (cln-evalc-miss Dce') <- evalc-cpc-imp-cln-evalc _ Devalc Dem (wf-evalc_ Dld02 Dld01 Dls0 Dld0 Dtg0 Dwe0) Dcpc Dcm Dsum Dwe Dtg Dld Dls Dld1 Dld2 Devalc' Dem' Dleq' Dce' . - : evalc-cpc-imp-cln-evalc _ (evalc-memo-hit Dcpc0 Devalc Dwfe) (evalc-met-hit (Dsum0 : sum N1 N2 N1+N2) Dcm0 Dem) (wf-evalc_ Dld02 Dld01 Dls0 (Dld0 : ls-disjoint R0 G0) Dtg0 (wf-ec-memo Dwe0)) Dcpc Dcm (sum-s (Dsum : sum N1+N2 N3 N1+N2+N3)) (wf-ec-memo Dwe) Dtg (Dld : ls-disjoint R G) Dls (Dld1 : ls-disjoint X R) (Dld2 : ls-disjoint X G) %% (evalc-memo-miss Devalc') (evalc-met-miss Dem') (leq-s Dleq') (cln-evalc-miss Dce') <- sum-imp-leq Dsum (Dleq3 : leq N1+N2 N1+N2+N3) _ <- leq-reduces _ _ Dleq3 <- evalc-cpc-imp-cln-evalc _ Devalc Dem Dwfe Dcpc0 Dcm0 Dsum0 Dwe0 Dtg0 Dld0 Dls0 Dld01 Dld02 Devalc2 Dem2 (Dleq2 : leq N4 N1+N2) _ <- can-sum _ _ (Dsum2 : sum N4 N3 N4+N3) <- leq-refl _ Dleq4 <- sum-monotone Dleq2 Dleq4 Dsum2 Dsum (Dleq5 : leq N4+N3 N1+N2+N3) <- leq-reduces _ _ Dleq5 <- evalc-cpc-imp-cln-evalc _ Devalc2 Dem2 (wf-evalc_ Dld02 Dld01 Dls0 Dld0 Dtg0 Dwe0) Dcpc Dcm Dsum2 Dwe Dtg Dld Dls Dld1 Dld2 Devalc' Dem' (Dleq6 : leq N5 N4+N3) Dce' <- leq-trans Dleq6 Dleq5 (Dleq' : leq N5 N1+N2+N3) . - : evalc-cpc-imp-cln-evalc _ (evalc-app Devalc) (evalc-met-app Dem) (wf-evalc_ Dld02 Dld01 Dls0 Dld0 Dtg0 (wf-ec-app Dlu Dwv2 Dwv1)) Dcpc Dcm (sum-s Dsum) Dwe Dtg (Dld : ls-disjoint R G) Dls (Dld1 : ls-disjoint X R) (Dld2 : ls-disjoint X G) %% (evalc-app Devalc') (evalc-met-app Dem') (leq-s Dleq') (cln-evalc-app Dce') <- wf-pres-ec-app (wf-ec-app Dlu Dwv2 Dwv1) Dld0 Dld01 Dwe1 _ Dld3 Dld4 <- wf-pres-ec-app Dwe Dld Dld1 Dwe2 (Dlse3 : ls-subeq R' R) Dld5 Dld6 <- evalc-cpc-imp-cln-evalc _ Devalc Dem (wf-evalc_ Dld02 Dld4 Dls0 Dld3 Dtg0 Dwe1) Dcpc Dcm Dsum Dwe2 Dtg Dld5 Dls Dld6 Dld2 Devalc' Dem' Dleq' Dce' . - : evalc-cpc-imp-cln-evalc _ (evalc-let (Dld03+ : ls-disjoint G01+ G02+) Dtg02+ Dtg01+ Devalc02 Devals01) (evalc-met-let (Dsum0 : sum N01 N02 N01+N02) Dem02 Dem01) (wf-evalc_ Dld02 Dld01 Dls0 (Dld0 : ls-disjoint R01+R02 G01+G02) (trc-gen-let (Dlu01 : ls-union G01 G02 G01+G02) Dtg02 Dtg01) (wf-ec-let (Dlu02 : ls-union R01 R02 R01+R02) Dwe02 Dwe01)) (cpc-let (Dld3+ : ls-disjoint G1+ G2+) Dtg2+ Dtg1+ Dcpc2 Dcps1) (cpc-met-let (Dsum2 : sum N1 N2 N1+N2) Dcm2 Dcm1) (sum-s (Dsum : sum N01+N02 N1+N2 N01+N02+N1+N2)) (wf-ec-let (Dlu2 : ls-union R1 R2 R1+R2) Dwe2 Dwe1) (trc-gen-let (Dlu1 : ls-union G1 G2 G1+G2) Dtg2 Dtg1) (Dld : ls-disjoint R1+R2 G1+G2) Dls (Dld1 : ls-disjoint X R1+R2) (Dld2 : ls-disjoint X G1+G2) %% (evalc-let Dld3 Dtg2 Dtg1 Devalc2' Devals1') (evalc-met-let Dsum3 Dem2' Dem1') (leq-s Dleq') (cln-evalc-let Dce2' Dce1') % well-formedness of first part of let <- wf-pres-es-let-1 Dlu02 Dlu01 Dld0 (Dld4 : ls-disjoint R01 G01) <- wf-pres-es-let-1 Dlu2 Dlu1 Dld (Dld5 : ls-disjoint R1 G1) % call lemma <- can-sum _ _ (Dsum4 : sum N01 N1 N01+N1) <- sum-imp-leq Dsum0 (Dleq1 : leq N01 N01+N02) (Dleq2 : leq N02 N01+N02) <- sum-imp-leq Dsum2 (Dleq3 : leq N1 N1+N2) (Dleq4 : leq N2 N1+N2) <- sum-monotone Dleq1 Dleq3 Dsum4 Dsum (Dleq5 : leq N01+N1 N01+N02+N1+N2) <- leq-reduces _ _ Dleq5 <- evals-cps-imp-cln-evals _ Devals01 Dem01 (wf-evals_ Dld4 Dtg01 Dwe01) Dcps1 Dcm1 Dsum4 Dwe1 Dtg1 Dld5 Devals1' Dem1' (Dleq1' : leq N1' N01+N1) Dce1' <- can-ls-union _ _ (Dlu5 : ls-union R1 G1 R1+G1) <- wf-cln-evals-imp-wf-val Devals1' (wf-evals_ Dld5 Dtg1 Dwe1) Dce1' Dlu5 Dwv1 (Dlse2 : ls-subeq R' R1+G1) % well-formedness of second part of old evaluation <- evals-imp-st-sqsubeq-ex-trs-gen Devals01 Dtg01 (Dssee0 : st-sqsubeq-ex _ G01 _) <- sum-imp-leq Dsum (Dleq7 : leq N01+N02 N01+N02+N1+N2) _ <- leq-trans Dleq1 Dleq7 (Dleq8 : leq N01 N01+N02+N1+N2) <- leq-reduces _ _ Dleq8 %{ same as above }% <- evals-imp-cln-evals _ Devals01 Dem01 (wf-evals_ Dld4 Dtg01 Dwe01) Devals01' _ _ Dce01' <- can-ls-union _ _ (Dlu6 : ls-union R01 G01 R01+G01) <- wf-cln-evals-imp-wf-val Devals01' (wf-evals_ Dld4 Dtg01 Dwe01) Dce01' Dlu6 Dwv3 (Dlse12 : ls-subeq R01+G01' R01+G01) <- wf-pres-ec-let-2 Dlu02 Dwe02 Dlu01 Dtg02 Dtg01 Dld0 Dld01 Dld02 Dtg01+ Dtg02+ Dld03+ Dssee0 Dwv3 Dlu6 Dlse12 Dwe4 _ _ _ (Dld6 : ls-disjoint R02+R01+G01'' G02) Dld7 Dld8 % well-formedness of second part of evaluation (old + change prop) <- cps-imp-st-sqsubeq-ex-trs-gen Dcps1 Dtg1 (Dssee : st-sqsubeq-ex _ G1 _) <- wf-pres-ec-let-2 Dlu2 Dwe2 Dlu1 Dtg2 Dtg1 Dld Dld1 Dld2 Dtg1+ Dtg2+ Dld3+ Dssee Dwv1 Dlu5 Dlse2 Dwe6 (Dlu7 : ls-union R2 R' R2+R') (Dlse24 : ls-subeq R'' R2+R') (Dld3 : ls-disjoint G1 G2) (Dld9 : ls-disjoint R'' G2) Dld10 Dld11 % call lemma <- can-sum _ _ (Dsum5 : sum N02 N2 N02+N2) <- sum-monotone Dleq2 Dleq4 Dsum5 Dsum (Dleq6 : leq N02+N2 N01+N02+N1+N2) <- leq-reduces _ _ Dleq6 <- evalc-cpc-imp-cln-evalc _ Devalc02 Dem02 (wf-evalc_ Dld8 Dld7 Dls0 Dld6 Dtg02 Dwe4) Dcpc2 Dcm2 Dsum5 Dwe6 Dtg2 Dld9 Dls Dld10 Dld11 Devalc2' Dem2' (Dleq2' : leq N2' N02+N2) Dce2' <- can-sum _ _ (Dsum3 : sum N1' N2' N1'+N2') <- sum-subsums Dsum0 Dsum2 Dsum Dsum4 Dsum5 (Dsum6 : sum _ _ _) <- sum-monotone Dleq1' Dleq2' Dsum3 Dsum6 Dleq' . - : evalc-cpc-imp-cln-evalc _ (evalc-letp Devalc) (evalc-met-letp Dem) (wf-evalc_ Dld02 Dld01 Dls0 Dld0 Dtg0 (wf-ec-letp Dlu Dwe3 Dwv1)) Dcpc Dcm (sum-s Dsum) Dwe Dtg (Dld : ls-disjoint R G) Dls (Dld1 : ls-disjoint X R) (Dld2 : ls-disjoint X G) %% (evalc-letp Devalc') (evalc-met-letp Dem') (leq-s Dleq') (cln-evalc-letp Dce') <- wf-pres-ec-letp (wf-ec-letp Dlu Dwe3 Dwv1) Dld0 Dld01 Dwe2 _ Dld3 Dld4 <- wf-pres-ec-letp Dwe Dld Dld1 Dwe4 Dlse3 Dld5 Dld6 <- evalc-cpc-imp-cln-evalc _ Devalc Dem (wf-evalc_ Dld02 Dld4 Dls0 Dld3 Dtg0 Dwe2) Dcpc Dcm Dsum Dwe4 Dtg Dld5 Dls Dld6 Dld2 Devalc' Dem' Dleq' Dce' . - : evalc-cpc-imp-cln-evalc _ (evalc-case-inl Devalc) (evalc-met-inl Dem) (wf-evalc_ Dld02 Dld01 Dls0 Dld0 Dtg0 (wf-ec-case Dlu Dlu1 Dwe2 Dwe1 (wf-val-inl Dwv0))) Dcpc Dcm (sum-s Dsum) Dwe Dtg (Dld : ls-disjoint R G) Dls (Dld1 : ls-disjoint X R) (Dld2 : ls-disjoint X G) %% (evalc-case-inl Devalc') (evalc-met-inl Dem') (leq-s Dleq') (cln-evalc-inl Dce') <- wf-pres-ec-case-inl (wf-ec-case Dlu Dlu1 Dwe2 Dwe1 (wf-val-inl Dwv0)) Dld0 Dld01 Dwe3 _ Dld3 Dld4 <- wf-pres-ec-case-inl Dwe Dld Dld1 Dwe4 (Dlse3 : ls-subeq R' R) Dld5 Dld6 <- evalc-cpc-imp-cln-evalc _ Devalc Dem (wf-evalc_ Dld02 Dld4 Dls0 Dld3 Dtg0 Dwe3) Dcpc Dcm Dsum Dwe4 Dtg Dld5 Dls Dld6 Dld2 Devalc' Dem' Dleq' Dce' . - : evalc-cpc-imp-cln-evalc _ (evalc-case-inr Devalc) (evalc-met-inr Dem) (wf-evalc_ Dld02 Dld01 Dls0 Dld0 Dtg0 (wf-ec-case Dlu Dlu1 Dwe2 Dwe1 (wf-val-inr Dwv0))) Dcpc Dcm (sum-s Dsum) Dwe Dtg (Dld : ls-disjoint R G) Dls (Dld1 : ls-disjoint X R) (Dld2 : ls-disjoint X G) %% (evalc-case-inr Devalc') (evalc-met-inr Dem') (leq-s Dleq') (cln-evalc-inr Dce') <- wf-pres-ec-case-inr (wf-ec-case Dlu Dlu1 Dwe2 Dwe1 (wf-val-inr Dwv0)) Dld0 Dld01 Dwe3 _ Dld3 Dld4 <- wf-pres-ec-case-inr Dwe Dld Dld1 Dwe4 (Dlse3 : ls-subeq R' R) Dld5 Dld6 <- evalc-cpc-imp-cln-evalc _ Devalc Dem (wf-evalc_ Dld02 Dld4 Dls0 Dld3 Dtg0 Dwe3) Dcpc Dcm Dsum Dwe4 Dtg Dld5 Dls Dld6 Dld2 Devalc' Dem' Dleq' Dce' . %{ Same business with impossible cases. }% cpc-read-let-false : cpc _ _ (trc-rd _ _ _ _) _ (trc-let _ _) -> %% false -> type. %mode cpc-read-let-false +X1 -X2. %worlds () (cpc-read-let-false _ _). %total {} (cpc-read-let-false _ _). evalc-read-cpc-let-false : evalc _ _ (ec-read _ _) _ Tc -> cpc _ _ Tc _ (trc-let _ _) -> %% false -> type. %mode evalc-read-cpc-let-false +X1 +X2 -X3. - : evalc-read-cpc-let-false (evalc-read _ _) Dcpc Dfalse <- cpc-read-let-false Dcpc Dfalse . %worlds () (evalc-read-cpc-let-false _ _ _). %total {} (evalc-read-cpc-let-false _ _ _). cpc-let-read-false : cpc _ _ (trc-let _ _) _ (trc-rd _ _ _ _) -> %% false -> type. %mode cpc-let-read-false +X1 -X2. %worlds () (cpc-let-read-false _ _). %total {} (cpc-let-read-false _ _). evalc-let-cpc-read-false : evalc _ _ (ec-let _ _) _ Tc -> cpc _ _ Tc _ (trc-rd _ _ _ _) -> %% false -> type. %mode evalc-let-cpc-read-false +X1 +X2 -X3. - : evalc-let-cpc-read-false (evalc-let _ _ _ _ _) Dcpc Dfalse <- cpc-let-read-false Dcpc Dfalse . %worlds () (evalc-let-cpc-read-false _ _ _). %total {} (evalc-let-cpc-read-false _ _ _). false-imp-cln-evalc : {N}{S}{L}{Ec}{S'}{Tc} false -> %% {Devalc' : evalc S L Ec S' Tc} evalc-met Devalc' N' -> leq N' N -> cln-evalc Devalc' -> type. %mode false-imp-cln-evalc +X1 +X2 +X3 +X4 +X5 +X6 +X7 -X8 -X10 -X11 -X12. %worlds () (false-imp-cln-evalc _ _ _ _ _ _ _ _ _ _ _). %total {} (false-imp-cln-evalc _ _ _ _ _ _ _ _ _ _ _). - : evalc-cpc-imp-cln-evalc _ Devalc _ _ Dcpc _ _ (wf-ec-read _ _ _) (trc-gen-let _ _ _) _ _ _ _ %% D1 D2 D3 D4 <- evalc-read-cpc-let-false Devalc Dcpc Dfalse <- false-imp-cln-evalc _ _ _ _ _ _ Dfalse D1 D2 D3 D4 . - : evalc-cpc-imp-cln-evalc _ Devalc _ _ Dcpc _ _ (wf-ec-let _ _ _) (trc-gen-rd _) _ _ _ _ %% D1 D2 D3 D4 <- evalc-let-cpc-read-false Devalc Dcpc Dfalse <- false-imp-cln-evalc _ _ _ _ _ _ Dfalse D1 D2 D3 D4 . %% %worlds () (evals-imp-cln-evals _ _ _ _ _ _ _ _) (evalc-imp-cln-evalc _ _ _ _ _ _ _ _) (evals-cps-imp-cln-evals _ _ _ _ _ _ _ _ _ _ _ _ _ _) (evalc-cpc-imp-cln-evalc _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _). %total (D1 D2 D3 D4) (evals-imp-cln-evals D1 _ _ _ _ _ _ _) (evalc-imp-cln-evalc D2 _ _ _ _ _ _ _) (evals-cps-imp-cln-evals D3 _ _ _ _ _ _ _ _ _ _ _ _ _) (evalc-cpc-imp-cln-evalc D4 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _). %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% pure-lemmas.thm %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% evals-pure-resp-eq : evals-pure Es V -> es-eq Es Es' -> val-eq V V' -> evals-pure Es' V' -> type. %mode evals-pure-resp-eq +X1 +X2 +X3 -X4. - : evals-pure-resp-eq Dev es-eq_ val-eq_ Dev. %worlds () (evals-pure-resp-eq _ _ _ _). %total {} (evals-pure-resp-eq _ _ _ _). %reduces D1 = D2 (evals-pure-resp-eq D1 _ _ D2). evalc-pure-resp-eq : evalc-pure Es V -> ec-eq Es Es' -> val-eq V V' -> evalc-pure Es' V' -> type. %mode evalc-pure-resp-eq +X1 +X2 +X3 -X4. - : evalc-pure-resp-eq Dev ec-eq_ val-eq_ Dev. %worlds () (evalc-pure-resp-eq _ _ _ _). %total {} (evalc-pure-resp-eq _ _ _ _). %reduces D1 = D2 (evalc-pure-resp-eq D1 _ _ D2). evals-pure-fun : evals-pure Es V -> evals-pure Es V' -> %% val-eq V V' -> type. %mode evals-pure-fun +X1 +X2 -X3. evalc-pure-fun : evalc-pure Es V -> evalc-pure Es V' -> %% val-eq V V' -> type. %mode evalc-pure-fun +X1 +X2 -X3. - : evals-pure-fun evals-pure-val evals-pure-val val-eq_. - : evals-pure-fun (evals-pure-plus Dsum) (evals-pure-plus Dsum') Deq' <- sum-fun Dsum Dsum' Deq'' <- val-eq-nat Deq'' Deq'. - : evals-pure-fun (evals-pure-mod Devalc) (evals-pure-mod Devalc') Deq' <- evalc-pure-fun Devalc Devalc' Deq'. - : evals-pure-fun (evals-pure-memo Devals) (evals-pure-memo Devals') Deq' <- evals-pure-fun Devals Devals' Deq'. - : evals-pure-fun (evals-pure-app Devals) (evals-pure-app Devals') Deq' <- evals-pure-fun Devals Devals' Deq'. - : evals-pure-fun (evals-pure-let (Devals2 : evals-pure (Es2 V) V2) (Devals1 : evals-pure Es1 V) : evals-pure (es-let Es1 Es2) V2) (evals-pure-let (Devals2' : evals-pure (Es2 V') V2') (Devals1' : evals-pure Es1 V') : evals-pure (es-let Es1 Es2) V2') Deq' <- evals-pure-fun Devals1 Devals1' (Deq1 : val-eq V V') <- es-eq-subst Es2 Deq1 (Deq2 : es-eq (Es2 V) (Es2 V')) <- evals-pure-resp-eq Devals2 Deq2 val-eq_ (Devals2'' : evals-pure (Es2 V') V2) <- evals-pure-fun Devals2'' Devals2' Deq'. - : evals-pure-fun (evals-pure-letp Devals) (evals-pure-letp Devals') Deq' <- evals-pure-fun Devals Devals' Deq'. - : evals-pure-fun (evals-pure-case-inl Devals) (evals-pure-case-inl Devals') Deq' <- evals-pure-fun Devals Devals' Deq'. - : evals-pure-fun (evals-pure-case-inr Devals) (evals-pure-case-inr Devals') Deq' <- evals-pure-fun Devals Devals' Deq'. - : evalc-pure-fun evalc-pure-write evalc-pure-write val-eq_. - : evalc-pure-fun (evalc-pure-read Devalc) (evalc-pure-read Devalc') Deq' <- evalc-pure-fun Devalc Devalc' Deq'. - : evalc-pure-fun (evalc-pure-memo Devalc) (evalc-pure-memo Devalc') Deq' <- evalc-pure-fun Devalc Devalc' Deq'. - : evalc-pure-fun (evalc-pure-app Devalc) (evalc-pure-app Devalc') Deq' <- evalc-pure-fun Devalc Devalc' Deq'. - : evalc-pure-fun (evalc-pure-let (Devalc2 : evalc-pure (Ec2 V) V2) (Devals1 : evals-pure Es1 V) : evalc-pure (ec-let Es1 Ec2) V2) (evalc-pure-let (Devalc2' : evalc-pure (Ec2 V') V2') (Devals1' : evals-pure Es1 V') : evalc-pure (ec-let Es1 Ec2) V2') Deq' <- evals-pure-fun Devals1 Devals1' (Deq1 : val-eq V V') <- ec-eq-subst Ec2 Deq1 (Deq2 : ec-eq (Ec2 V) (Ec2 V')) <- evalc-pure-resp-eq Devalc2 Deq2 val-eq_ (Devalc2'' : evalc-pure (Ec2 V') V2) <- evalc-pure-fun Devalc2'' Devalc2' Deq'. - : evalc-pure-fun (evalc-pure-letp Devalc) (evalc-pure-letp Devalc') Deq' <- evalc-pure-fun Devalc Devalc' Deq'. - : evalc-pure-fun (evalc-pure-case-inl Devalc) (evalc-pure-case-inl Devalc') Deq' <- evalc-pure-fun Devalc Devalc' Deq'. - : evalc-pure-fun (evalc-pure-case-inr Devalc) (evalc-pure-case-inr Devalc') Deq' <- evalc-pure-fun Devalc Devalc' Deq'. %worlds () (evals-pure-fun _ _ _) (evalc-pure-fun _ _ _). %total (D1 D2) (evals-pure-fun D1 _ _) (evalc-pure-fun D2 _ _). %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% purity.thm %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% %% pure.thm %% The correspondence between pure and self-adjusting evaluation. %% evals-imp-pure-evals : {Devals : evals S Es V S' Ts} wf-evals Es' R G Devals -> cln-evals Devals -> %% wf-val V S' V' RV -> evals-pure Es' V' -> type. %mode evals-imp-pure-evals +X1 +X2 +X3 -X4 -X5. evalc-imp-pure-evalc : {Devalc : evalc S L Ec S' Tc} wf-evalc Ec' R G X Devalc -> cln-evalc Devalc -> %% wf-val (val-loc L) S' V' RV -> evalc-pure Ec' V' -> type. %mode evalc-imp-pure-evalc +X1 +X2 +X3 -X4 -X5. - : evals-imp-pure-evals evals-val (wf-evals_ _ _ (wf-es-val Dwv)) _ %% Dwv evals-pure-val . - : evals-imp-pure-evals (evals-plus Dsum) (wf-evals_ _ _ (wf-es-plus _ wf-val-nat wf-val-nat)) _ %% wf-val-nat (evals-pure-plus Dsum) . - : evals-imp-pure-evals (evals-mod Dld+ Dls+ Dtg+ Devalc) (wf-evals_ Dld (trs-gen-mod Dlu Dls Dtg) Dwe) (cln-evals-mod Dce) %% Dwv' (evals-pure-mod Devalc') <- wf-pres-es-mod Dwe Dtg Dls Dlu Dld Dtg+ Dls+ Dld+ Dwe2 (Dld3 : ls-disjoint R G) Dld4 Dld5 <- evalc-imp-pure-evalc Devalc (wf-evalc_ Dld5 Dld4 Dls Dld3 Dtg Dwe2) Dce Dwv' Devalc' . - : evals-imp-pure-evals (evals-memo-miss Devals) (wf-evals_ Dld Dtg (wf-es-memo Dwe)) (cln-evals-miss Dce) %% Dwv' (evals-pure-memo Devals') <- evals-imp-pure-evals Devals (wf-evals_ Dld Dtg Dwe) Dce Dwv' Devals' . - : evals-imp-pure-evals (evals-app Devals) (wf-evals_ Dld Dtg (wf-es-app Dlu Dwv (wf-val-fns Dwe))) (cln-evals-app Dce) %% Dwv' (evals-pure-app Devals') <- wf-pres-es-app (wf-es-app Dlu Dwv (wf-val-fns Dwe)) Dld Dwe2 _ Dld2 <- evals-imp-pure-evals Devals (wf-evals_ Dld2 Dtg Dwe2) Dce Dwv' Devals' . - : evals-imp-pure-evals (evals-let Dld+ Dtg2+ Dtg1+ Devals2 Devals1) (wf-evals_ Dld2 (trs-gen-let Dlu1 Dtg2 Dtg1) (wf-es-let Dlu2 Dwe2 Dwe1)) (cln-evals-let Dce2 Dce1) %% Dwv' (evals-pure-let Devals2' (Devals1' : evals-pure Es1^ V')) <- wf-pres-es-let-1 Dlu2 Dlu1 Dld2 Dld4 <- can-ls-union _ _ Dlu3 <- wf-cln-evals-imp-wf-val Devals1 (wf-evals_ Dld4 Dtg1 Dwe1) Dce1 Dlu3 (Dwv1 : wf-val V S V' R') Dlse1 <- evals-imp-st-sqsubeq-ex-trs-gen Devals1 Dtg1 Dssee <- wf-pres-es-let-2 Dlu2 Dwe2 Dlu1 Dtg2 Dtg1 Dld2 Dtg1+ Dtg2+ Dld+ Dssee Dwv1 Dlu3 Dlse1 Dwe4 Dlu4 Dlse3 Dld5 Dld7 <- evals-imp-pure-evals Devals1 (wf-evals_ Dld4 Dtg1 Dwe1) Dce1 (Dwv1' : wf-val V S V'+ R'+) Devals1'' <- evals-imp-pure-evals Devals2 (wf-evals_ Dld7 Dtg2 Dwe4) Dce2 Dwv' Devals2' <- wf-val-fun Dwv1' Dwv1 val-eq_ Deq <- evals-pure-resp-eq Devals1'' es-eq_ Deq Devals1' . - : evals-imp-pure-evals (evals-letp Devals) (wf-evals_ Dld Dtg (wf-es-letp Dlu Dwe (wf-val-pr Dlu2 Dlv2 Dlv1))) (cln-evals-letp Dce) %% Dwv' (evals-pure-letp Devals') <- wf-pres-es-letp (wf-es-letp Dlu Dwe (wf-val-pr Dlu2 Dlv2 Dlv1)) Dld Dwe2 _ (Dld2 : ls-disjoint R' G) <- evals-imp-pure-evals Devals (wf-evals_ Dld2 Dtg Dwe2) Dce Dwv' Devals' . - : evals-imp-pure-evals (evals-case-inl Devals) (wf-evals_ Dld Dtg (wf-es-case Dlu2 Dlu1 Dwe2 Dwe1 (wf-val-inl Dwv1))) (cln-evals-inl Dce) %% Dwv' (evals-pure-case-inl Devals') <- wf-pres-es-case-inl (wf-es-case Dlu2 Dlu1 Dwe2 Dwe1 (wf-val-inl Dwv1)) Dld Dwe3 (Dlse3 : ls-subeq R' R) (Dld2 : ls-disjoint R' G) <- evals-imp-pure-evals Devals (wf-evals_ Dld2 Dtg Dwe3) Dce Dwv' Devals' . - : evals-imp-pure-evals (evals-case-inr Devals) (wf-evals_ Dld Dtg (wf-es-case Dlu2 Dlu1 Dwe2 Dwe1 (wf-val-inr Dwv1))) (cln-evals-inr Dce) %% Dwv' (evals-pure-case-inr Devals') <- wf-pres-es-case-inr (wf-es-case Dlu2 Dlu1 Dwe2 Dwe1 (wf-val-inr Dwv1)) Dld Dwe3 (Dlse3 : ls-subeq R' R) (Dld2 : ls-disjoint R' G) <- evals-imp-pure-evals Devals (wf-evals_ Dld2 Dtg Dwe3) Dce Dwv' Devals' . - : evalc-imp-pure-evalc (evalc-write Dstu) (wf-evalc_ (Dld2 : ls-disjoint X G) (Dld1 : ls-disjoint X R) (Dls : ls-sing L X) (Dld : ls-disjoint R G) Dtg (wf-ec-wr Dwv)) _ %% (wf-val-loc Dlu' Dls Dwv' Dstl') evalc-pure-write <- st-update-imp-lookup Dstu Dstl' <- st-update-imp-st-sqsubeq-ex Dstu Dls Dssee <- ls-disjoint-commutes Dld1 (Dld3 : ls-disjoint R X) <- wf-val-resp-st-sqsubeq-ex-disjoint Dwv Dssee Dld3 Dwv' <- can-ls-union _ _ (Dlu' : ls-union R X R+X) . - : evalc-imp-pure-evalc (evalc-read Devalc (Dstl+ : st-lookup S L' V+)) (wf-evalc_ (Dld2 : ls-disjoint X G) (Dld1 : ls-disjoint X RV+X'+RB) (Dls : ls-sing L X) (Dld : ls-disjoint RV+X'+RB G) (trc-gen-rd Dtg) (wf-ec-read (Dlu1 : ls-union RV+X' RB RV+X'+RB) Dwe (wf-val-loc (Dlu2 : ls-union RV X' RV+X') (Dls2 : ls-sing L' X') Dwv Dstl))) (cln-evalc-read Dce) %% Dwv' (evalc-pure-read Devalc') <- wf-pres-ec-read (wf-val-loc Dlu2 Dls2 Dwv Dstl) Dwe Dlu1 Dld Dld1 Dstl+ Dwe2 (Dlse4 : ls-subeq R' RV+X'+RB) Dld3 Dld4 <- evalc-imp-pure-evalc Devalc (wf-evalc_ Dld2 Dld4 Dls Dld3 Dtg Dwe2) Dce Dwv' Devalc' . - : evalc-imp-pure-evalc (evalc-memo-miss Devalc) (wf-evalc_ Dld2 Dld1 Dls Dld Dtg (wf-ec-memo Dwe)) (cln-evalc-miss Dce) %% Dwv' (evalc-pure-memo Devalc') <- evalc-imp-pure-evalc Devalc (wf-evalc_ Dld2 Dld1 Dls Dld Dtg Dwe) Dce Dwv' Devalc' . - : evalc-imp-pure-evalc (evalc-app Devalc) (wf-evalc_ Dld2 Dld1 Dls Dld Dtg (wf-ec-app Dlu Dwv (wf-val-fnc Dwe))) (cln-evalc-app Dce) %% Dwv' (evalc-pure-app Devalc') <- wf-pres-ec-app (wf-ec-app Dlu Dwv (wf-val-fnc Dwe)) Dld Dld1 Dwe2 _ Dld3 Dld4 <- evalc-imp-pure-evalc Devalc (wf-evalc_ Dld2 Dld4 Dls Dld3 Dtg Dwe2) Dce Dwv' Devalc' . - : evalc-imp-pure-evalc (evalc-let Dld3+ Dtg2+ Dtg1+ Devalc2 Devals1) (wf-evalc_ Dld2 Dld1 Dls Dld (trc-gen-let Dlu1 Dtg2 Dtg1) (wf-ec-let Dlu2 Dwe2 Dwe1)) (cln-evalc-let Dce2 Dce1) %% Dwv' (evalc-pure-let Devalc2' (Devals1' : evals-pure Es1^ V')) <- wf-pres-es-let-1 Dlu2 Dlu1 Dld Dld7 <- can-ls-union _ _ Dlu5 <- wf-cln-evals-imp-wf-val Devals1 (wf-evals_ Dld7 Dtg1 Dwe1) Dce1 Dlu5 (Dwv1 : wf-val V S V' R') Dlse1 <- evals-imp-st-sqsubeq-ex-trs-gen Devals1 Dtg1 Dssee <- wf-pres-ec-let-2 Dlu2 Dwe2 Dlu1 Dtg2 Dtg1 Dld Dld1 Dld2 Dtg1+ Dtg2+ Dld3+ Dssee Dwv1 Dlu5 Dlse1 Dwe4 Dlu6 Dlse7 Dld3 Dld4 Dld5 Dld6 <- evals-imp-pure-evals Devals1 (wf-evals_ Dld7 Dtg1 Dwe1) Dce1 (Dwv1' : wf-val V S V'+ R'+) Devals1'' <- evalc-imp-pure-evalc Devalc2 (wf-evalc_ Dld6 Dld5 Dls Dld4 Dtg2 Dwe4) Dce2 Dwv' Devalc2' <- wf-val-fun Dwv1' Dwv1 val-eq_ Deq <- evals-pure-resp-eq Devals1'' es-eq_ Deq Devals1' . - : evalc-imp-pure-evalc (evalc-letp Devalc) (wf-evalc_ Dld12 Dld11 Dls Dld Dtg (wf-ec-letp Dlu Dwe (wf-val-pr Dlu2 Dlv2 Dlv1))) (cln-evalc-letp Dce) Dwv %% (evalc-pure-letp Devalc') <- wf-pres-ec-letp (wf-ec-letp Dlu Dwe (wf-val-pr Dlu2 Dlv2 Dlv1)) Dld Dld11 Dwe2 _ Dld2 Dld13 <- evalc-imp-pure-evalc Devalc (wf-evalc_ Dld12 Dld13 Dls Dld2 Dtg Dwe2) Dce Dwv Devalc' . - : evalc-imp-pure-evalc (evalc-case-inl Devalc) (wf-evalc_ Dld12 Dld11 Dls Dld Dtg (wf-ec-case Dlu2 Dlu1 Dwe2 Dwe1 (wf-val-inl Dwv1))) (cln-evalc-inl Dce) Dwv %% (evalc-pure-case-inl Devalc') <- wf-pres-ec-case-inl (wf-ec-case Dlu2 Dlu1 Dwe2 Dwe1 (wf-val-inl Dwv1)) Dld Dld11 Dwe3 _ Dld2 Dld13 <- evalc-imp-pure-evalc Devalc (wf-evalc_ Dld12 Dld13 Dls Dld2 Dtg Dwe3) Dce Dwv Devalc' . - : evalc-imp-pure-evalc (evalc-case-inr Devalc) (wf-evalc_ Dld12 Dld11 Dls Dld Dtg (wf-ec-case Dlu2 Dlu1 Dwe2 Dwe1 (wf-val-inr Dwv1))) (cln-evalc-inr Dce) Dwv %% (evalc-pure-case-inr Devalc') <- wf-pres-ec-case-inr (wf-ec-case Dlu2 Dlu1 Dwe2 Dwe1 (wf-val-inr Dwv1)) Dld Dld11 Dwe3 _ Dld2 Dld13 <- evalc-imp-pure-evalc Devalc (wf-evalc_ Dld12 Dld13 Dls Dld2 Dtg Dwe3) Dce Dwv Devalc' . %worlds () (evals-imp-pure-evals _ _ _ _ _) (evalc-imp-pure-evalc _ _ _ _ _). %total (D1 D2) (evals-imp-pure-evals D1 _ _ _ _) (evalc-imp-pure-evalc D2 _ _ _ _). %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% consistency.thm %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% wf-evals-imp-pure : {Devals : evals _ Es V S' _} wf-evals Es' R G Devals -> %% wf-val V S' V^ RV -> evals-pure Es' V^ -> type. %mode wf-evals-imp-pure +X1 +X2 -X3 -X4. - : wf-evals-imp-pure Devals (wf-evals_ Dld Dtg Dwe) Dwv' Devals' <- can-evals-met Devals Dem <- evals-imp-cln-evals _ Devals Dem (wf-evals_ Dld Dtg Dwe) Devals'' _ _ Dce <- evals-imp-pure-evals Devals'' (wf-evals_ Dld Dtg Dwe) Dce Dwv' Devals'. %worlds () (wf-evals-imp-pure _ _ _ _). %total {} (wf-evals-imp-pure _ _ _ _). wf-evals-consistent: {Devals1 : evals S Es V1 S1' Ts1} wf-evals Es1' R1 G1 Devals1 -> {Devals2 : evals S Es V2 S2' Ts2} wf-evals Es2' R2 G2 Devals2 -> %% wf-val V1 S1' V1^ RV1 -> wf-val V2 S2' V2^ RV2 -> val-eq V1^ V2^ -> type. %mode wf-evals-consistent +X1 +X2 +X3 +X4 -X5 -X6 -X7. - : wf-evals-consistent Devals1 (wf-evals_ Dld1 Dtg1 Dwe1) Devals2 (wf-evals_ Dld2 Dtg2 Dwe2) %% Dwv1' Dwv2' Deq' <- wf-evals-imp-pure Devals1 (wf-evals_ Dld1 Dtg1 Dwe1) Dwv1' Devals1' <- wf-evals-imp-pure Devals2 (wf-evals_ Dld2 Dtg2 Dwe2) Dwv2' Devals2' <- wf-es-fun Dwe1 Dwe2 Deq1 <- evals-pure-resp-eq Devals1' Deq1 val-eq_ Devals1'' <- evals-pure-fun Devals1'' Devals2' Deq'. %worlds () (wf-evals-consistent _ _ _ _ _ _ _). %total {} (wf-evals-consistent _ _ _ _ _ _ _).