diff options
| author | Chantal Keller <Chantal.Keller@lri.fr> | 2022-02-18 17:10:13 +0100 |
|---|---|---|
| committer | Chantal Keller <Chantal.Keller@lri.fr> | 2022-02-18 17:10:13 +0100 |
| commit | 7ce6bf4f7740de4c69877ec9179520bcaa0d014c (patch) | |
| tree | b23536f71053862df11ccbcf34683f7a58641e41 | |
| parent | f01ad53d1cda7cf519eae137faa87ac47e8b3ab1 (diff) | |
| download | smtcoq-7ce6bf4f7740de4c69877ec9179520bcaa0d014c.tar.gz smtcoq-7ce6bf4f7740de4c69877ec9179520bcaa0d014c.zip | |
Removed deprecated features
| -rw-r--r-- | src/Misc.v | 208 | ||||
| -rw-r--r-- | src/PArray/PArray.v | 40 | ||||
| -rw-r--r-- | src/SMT_terms.v | 68 | ||||
| -rw-r--r-- | src/State.v | 50 | ||||
| -rw-r--r-- | src/Trace.v | 14 | ||||
| -rw-r--r-- | src/array/Array_checker.v | 58 | ||||
| -rw-r--r-- | src/bva/BVList.v | 2 | ||||
| -rw-r--r-- | src/bva/Bva_checker.v | 302 | ||||
| -rw-r--r-- | src/classes/SMT_classes_instances.v | 16 | ||||
| -rw-r--r-- | src/cnf/Cnf.v | 64 | ||||
| -rw-r--r-- | src/euf/Euf.v | 38 | ||||
| -rw-r--r-- | src/lia/Lia.v | 30 | ||||
| -rw-r--r-- | src/spl/Assumptions.v | 8 | ||||
| -rw-r--r-- | src/spl/Operators.v | 88 | ||||
| -rw-r--r-- | src/spl/Syntactic.v | 12 |
15 files changed, 499 insertions, 499 deletions
@@ -25,7 +25,7 @@ Proof. intros [ | ]; reflexivity. Qed. (** Lemmas about Int63 *) -Lemma reflect_eqb : forall i j, reflect (i = j)%Z (i == j). +Lemma reflect_eqb : forall i j, reflect (i = j)%Z (i =? j). Proof. intros; apply iff_reflect. symmetry;apply eqb_spec. @@ -43,7 +43,7 @@ Proof. Qed. Lemma le_eq : forall i j, - (j <= i) = true -> (j + 1 <= i) = false -> i = j. + (j <=? i) = true -> (j + 1 <=? i) = false -> i = j. Proof. intros i j; rewrite leb_spec; destruct (dec_Zle [|j+1|] [|i|]) as [H|H]. rewrite <- leb_spec in H; rewrite H; discriminate. @@ -59,18 +59,18 @@ Proof. rewrite H2, Z_mod_same_full in H; elim H; destruct (to_Z_bounded i) as [H3 _]; assumption. Qed. -Lemma leb_0 : forall x, 0 <= x = true. +Lemma leb_0 : forall x, 0 <=? x = true. Proof. intros x;rewrite leb_spec;destruct (to_Z_bounded x);trivial. Qed. -Lemma leb_refl : forall n, n <= n = true. +Lemma leb_refl : forall n, n <=? n = true. Proof. intros n;rewrite leb_spec;apply Z.le_refl. Qed. Lemma lt_eq : forall i j, - (i < j + 1) = true -> (i < j) = false -> i = j. + (i <? j + 1) = true -> (i <? j) = false -> i = j. Proof. intros i j. rewrite ltb_spec. destruct (dec_Zlt [|i|] [|j|]) as [H|H]. rewrite <- ltb_spec in H; rewrite H; discriminate. @@ -86,7 +86,7 @@ Proof. rewrite H2, Z_mod_same_full in H1; elimtype False. destruct (to_Z_bounded i) as [H3 _]. lia. Qed. -Lemma not_0_ltb : forall x, x <> 0 <-> 0 < x = true. +Lemma not_0_ltb : forall x, x <> 0 <-> 0 <? x = true. Proof. intros x;rewrite ltb_spec, to_Z_0;assert (W:=to_Z_bounded x);split. intros Hd;assert ([|x|] <> 0)%Z;[ | lia]. @@ -95,34 +95,34 @@ Proof. assert ([|x|] = 0)%Z;[ rewrite Heq, to_Z_0;trivial | lia]. Qed. -Lemma ltb_0 : forall x, ~ (x < 0 = true). +Lemma ltb_0 : forall x, ~ (x <? 0 = true). Proof. intros x;rewrite ltb_spec, to_Z_0;destruct (to_Z_bounded x);lia. Qed. -Lemma not_ltb_refl : forall i, ~(i < i = true). +Lemma not_ltb_refl : forall i, ~(i <? i = true). Proof. intros;rewrite ltb_spec;lia. Qed. -Lemma ltb_trans : forall x y z, x < y = true -> y < z = true -> x < z = true. +Lemma ltb_trans : forall x y z, x <? y = true -> y <? z = true -> x <? z = true. Proof. intros x y z;rewrite !ltb_spec;apply Z.lt_trans. Qed. -Lemma leb_ltb_eqb : forall x y, ((x <= y) = (x < y) || (x == y)). +Lemma leb_ltb_eqb : forall x y, ((x <=? y) = (x <? y) || (x =? y)). Proof. intros. apply eq_true_iff_eq. rewrite leb_spec, orb_true_iff, ltb_spec, eqb_spec, <- to_Z_eq;lia. Qed. -Lemma leb_ltb_trans : forall x y z, x <= y = true -> y < z = true -> x < z = true. +Lemma leb_ltb_trans : forall x y z, x <=? y = true -> y <? z = true -> x <? z = true. Proof. intros x y z;rewrite leb_spec, !ltb_spec;apply Z.le_lt_trans. Qed. -Lemma to_Z_add_1 : forall x y, x < y = true -> [|x+1|] = ([|x|] + 1)%Z. +Lemma to_Z_add_1 : forall x y, x <? y = true -> [|x+1|] = ([|x|] + 1)%Z. Proof. intros x y;assert (W:= to_Z_bounded x);assert (W0:= to_Z_bounded y); rewrite ltb_spec;intros;rewrite add_spec, to_Z_1, Z.mod_small;lia. @@ -133,12 +133,12 @@ Proof. intros; assert (Bx := to_Z_bounded x); rewrite add_spec, to_Z_1, Z.mod_small; lia. Qed. -Lemma leb_not_gtb : forall n m, m <= n = true -> ~(n < m = true). +Lemma leb_not_gtb : forall n m, m <=? n = true -> ~(n <? m = true). Proof. intros n m; rewrite ltb_spec, leb_spec;lia. Qed. -Lemma leb_negb_gtb : forall x y, x <= y = negb (y < x). +Lemma leb_negb_gtb : forall x y, x <=? y = negb (y <? x). Proof. intros x y;apply Bool.eq_true_iff_eq;split;intros. apply Bool.eq_true_not_negb;apply leb_not_gtb;trivial. @@ -146,18 +146,18 @@ Proof. rewrite leb_spec; rewrite ltb_spec in H;lia. Qed. -Lemma ltb_negb_geb : forall x y, x < y = negb (y <= x). +Lemma ltb_negb_geb : forall x y, x <? y = negb (y <=? x). Proof. intros;rewrite leb_negb_gtb, Bool.negb_involutive;trivial. Qed. -Lemma to_Z_sub_gt : forall x y, y <= x = true -> [|x - y|] = ([|x|] - [|y|])%Z. +Lemma to_Z_sub_gt : forall x y, y <=? x = true -> [|x - y|] = ([|x|] - [|y|])%Z. Proof. intros x y;assert (W:= to_Z_bounded x);assert (W0:= to_Z_bounded y); rewrite leb_spec;intros;rewrite sub_spec, Zmod_small;lia. Qed. -Lemma to_Z_sub_1 : forall x y, y < x = true -> ([| x - 1|] = [|x|] - 1)%Z. +Lemma to_Z_sub_1 : forall x y, y <? x = true -> ([| x - 1|] = [|x|] - 1)%Z. Proof. intros;apply to_Z_sub_gt. generalize (leb_ltb_trans _ _ _ (leb_0 y) H). @@ -174,14 +174,14 @@ Proof. intros; apply (to_Z_sub_1 _ 0); rewrite ltb_spec; assumption. Qed. -Lemma ltb_leb_sub1 : forall x i, x <> 0 -> (i < x = true <-> i <= x - 1 = true). +Lemma ltb_leb_sub1 : forall x i, x <> 0 -> (i <? x = true <-> i <=? x - 1 = true). Proof. intros x i Hdiff. rewrite ltb_spec, leb_spec, to_Z_sub_1_diff;trivial. split;auto with zarith. Qed. -Lemma minus_1_lt i : (i == 0) = false -> i - 1 < i = true. +Lemma minus_1_lt i : (i =? 0) = false -> i - 1 <? i = true. Proof. intro Hl. rewrite ltb_spec, (to_Z_sub_1 _ 0). - lia. @@ -203,7 +203,7 @@ Lemma lxor_lsr i1 i2 i: (i1 lxor i2) >> i = (i1 >> i) lxor (i2 >> i). Proof. apply bit_ext; intros n. rewrite lxor_spec, !bit_lsr, lxor_spec. - case (_ <= _); auto. + case (_ <=? _); auto. Qed. Lemma bit_or_split i : i = (i>>1)<<1 lor bit i 0. @@ -215,21 +215,21 @@ Proof. case (Zle_lt_or_eq _ _ Hi). 2: replace 0%Z with [|0|]; auto; rewrite to_Z_eq. 2: intros H; rewrite <-H. - 2: replace (0 < 1) with true; auto. + 2: replace (0 <? 1) with true; auto. intros H; clear Hi. - case_eq (n == 0). + case_eq (n =? 0). rewrite eqb_spec; intros H1; generalize H; rewrite H1; discriminate. intros _; rewrite orb_false_r. - case_eq (n < 1). + case_eq (n <? 1). rewrite ltb_spec, to_Z_1; intros HH; contradict HH; auto with zarith. intros _. - generalize (@bit_M i n); case (_ <= _). + generalize (@bit_M i n); case (_ <=? _). intros H1; rewrite H1; auto. intros _. case (to_Z_bounded n); intros H1n H2n. assert (F1: [|n - 1|] = ([|n|] - 1)%Z). rewrite sub_spec, Zmod_small; rewrite to_Z_1; auto with zarith. - generalize (add_le_r 1 (n - 1)); case (_ <= _); rewrite F1, to_Z_1; intros HH. + generalize (add_le_r 1 (n - 1)); case (_ <=? _); rewrite F1, to_Z_1; intros HH. replace (1 + (n -1)) with n. change (bit i n = bit i n). reflexivity. apply to_Z_inj; rewrite add_spec, F1, Zmod_small; rewrite to_Z_1; auto with zarith. @@ -253,10 +253,10 @@ Proof. assert (H1 : n = (n-1)+1). apply to_Z_inj;rewrite add_spec, W3. rewrite Zmod_small;rewrite to_Z_1; lia. - case_eq ((n-1) < digits); intro l. + case_eq ((n-1) <? digits); intro l. rewrite ltb_spec in l. rewrite H1, <- !bit_half, H; trivial; rewrite ltb_spec; trivial. - assert ((digits <= n) = true). + assert ((digits <=? n) = true). rewrite <- Bool.not_true_iff_false, ltb_spec in l; rewrite leb_spec;lia. rewrite !bit_M;trivial. Qed. @@ -295,7 +295,7 @@ Qed. Lemma int_ind : forall (P : int -> Prop), P 0 -> - (forall i, (i < max_int) = true -> P i -> P (i + 1)) -> + (forall i, (i <? max_int) = true -> P i -> P (i + 1)) -> forall i, P i. Proof. intros P HP0 Hrec i. @@ -327,9 +327,9 @@ Proof. Qed. Lemma int_ind_bounded : forall (P : int -> Prop) min max, - min <= max = true -> + min <=? max = true -> P min -> - (forall i, min <= i = true -> i < max = true -> P i -> P (i + 1)) -> + (forall i, min <=? i = true -> i <? max = true -> P i -> P (i + 1)) -> P max. Proof. intros P min max Hle Hmin Hrec. @@ -364,7 +364,7 @@ rewrite <- to_Z_eq. rewrite sub_spec, to_Z_1. rewrite 2!bit_0_spec. rewrite sub_spec, to_Z_1. -case_eq (i == 0). +case_eq (i =? 0). rewrite eqb_spec; intro Hi; rewrite Hi; reflexivity. rewrite <- not_true_iff_false, eqb_spec, <- to_Z_eq, to_Z_0. generalize (to_Z_bounded i). @@ -442,7 +442,7 @@ Fixpoint iter_int63_aux (n : nat) (i : int) (A : Type) (f : A -> A) : A -> A := match n with | O => fun x => x | S n => - if i == 0 then fun x => x + if i =? 0 then fun x => x else let g := iter_int63_aux n (i >> 1) A f in fun x => if bit i 0 then f (g (g x)) else g (g x) end. @@ -460,7 +460,7 @@ rewrite <- to_Z_eq, to_Z_0. generalize (to_Z_bounded i); lia. reflexivity. intros i a Hi; simpl. -case (i == 0); [ reflexivity | ]. +case (i =? 0); [ reflexivity | ]. rewrite IHn; [ | apply pow2_lsr; assumption]. rewrite IHn; [ | apply pow2_lsr; assumption]. case (bit i 0); reflexivity. @@ -484,20 +484,20 @@ intros n i A f; revert i; induction n; intros i a Hi. lia. } simpl. -replace (i == 0) with false. +replace (i =? 0) with false. { rewrite bit_sub1_0, sub1_lsr. { case_eq (bit i 0); simpl. { intros _. - case_eq (i == 1). + case_eq (i =? 1). { rewrite eqb_spec; intro H; rewrite H in *; clear i H. case n; reflexivity. } rewrite <- not_true_iff_false, eqb_spec, <- to_Z_eq, to_Z_1; intro Hi1. - replace (i - 1 == 0) with false. + replace (i - 1 =? 0) with false. { reflexivity. } @@ -505,14 +505,14 @@ replace (i == 0) with false. rewrite <- not_true_iff_false, eqb_spec, <- to_Z_eq, to_Z_sub_1_0, to_Z_0; lia. } intro Hibit. - case_eq (i == 1). + case_eq (i =? 1). { rewrite eqb_spec; intro H; rewrite H in *; clear i H; discriminate. } rewrite <- not_true_iff_false, eqb_spec, <- to_Z_eq, to_Z_1; intro Hi1. - replace (i - 1 == 0) with false. + replace (i - 1 =? 0) with false. { - case_eq (i == 2). + case_eq (i =? 2). { rewrite eqb_spec; intro H; rewrite H in *; clear i H. destruct n; [ lia | ]. @@ -559,7 +559,7 @@ symmetry. rewrite <- not_true_iff_false, eqb_spec, <- to_Z_eq, to_Z_0; lia. Qed. -Lemma iter_int63_S : forall i A f a, 0 < i = true -> iter_int63 i A f a = f (iter_int63 (i - 1) A f a). +Lemma iter_int63_S : forall i A f a, 0 <? i = true -> iter_int63 i A f a = f (iter_int63 (i - 1) A f a). Proof. intros i A f a. rewrite ltb_spec, to_Z_0; intro Hi. @@ -575,7 +575,7 @@ Definition foldi (from to : int) (a : A) : A := - if to <= from then + if to <=? from then a else let (_,r) := iter_int63 (to - from) _ (fun (jy: (int * A)%type) => @@ -583,14 +583,14 @@ Definition foldi ) (from, a) in r. Lemma foldi_ge : forall A f from to (a:A), - to <= from = true -> foldi f from to a = a. + to <=? from = true -> foldi f from to a = a. Proof. intros A f from to a; unfold foldi. intro H; rewrite H; reflexivity. Qed. Lemma foldi_lt_l : forall A f from to (a:A), - from < to = true -> foldi f from to a = foldi f (from + 1) to (f from a). + from <? to = true -> foldi f from to a = foldi f (from + 1) to (f from a). Proof. intros A f from to a Hfromto. pose proof (to_Z_bounded from) as Hfrom. @@ -599,7 +599,7 @@ unfold foldi. rewrite leb_negb_gtb. rewrite Hfromto; simpl. rewrite ltb_spec in Hfromto. -case_eq (to <= from + 1). +case_eq (to <=? from + 1). rewrite leb_spec, to_Z_add_1_wB; [ | lia ]. intro Htofrom. assert (H : to = from + 1). @@ -620,7 +620,7 @@ rewrite ltb_spec, to_Z_0, sub_spec, Zmod_small; lia. Qed. Lemma foldi_lt_r : forall A f from to (a:A), - from < to = true -> foldi f from to a = f (to - 1) (foldi f from (to - 1) a). + from <? to = true -> foldi f from to a = f (to - 1) (foldi f from (to - 1) a). Proof. intros A f from to a; rewrite ltb_spec; intro Hlt. assert (Bfrom := to_Z_bounded from); assert (Bto := to_Z_bounded to). @@ -641,8 +641,8 @@ Proof. Qed. Lemma foldi_ind : forall A (P : int -> A -> Prop) f from to a, - from <= to = true -> P from a -> - (forall i a, from <= i = true -> i < to = true -> P i a -> P (i + 1) (f i a)) -> + from <=? to = true -> P from a -> + (forall i a, from <=? i = true -> i <? to = true -> P i a -> P (i + 1) (f i a)) -> P to (foldi f from to a). Proof. intros A P f from to a Hle Hfrom IH. @@ -657,8 +657,8 @@ Proof. Qed. Lemma foldi_ind2 : forall A B (P : int -> A -> B -> Prop) f1 f2 from to a1 a2, - from <= to = true -> P from a1 a2 -> - (forall i a1 a2, from <= i = true -> i < to = true -> P i a1 a2 -> P (i + 1) (f1 i a1) (f2 i a2)) -> + from <=? to = true -> P from a1 a2 -> + (forall i a1 a2, from <=? i = true -> i <? to = true -> P i a1 a2 -> P (i + 1) (f1 i a1) (f2 i a2)) -> P to (foldi f1 from to a1) (foldi f2 from to a2). Proof. intros A B P f1 f2 from to a1 a2 Hle Hfrom IH. @@ -673,7 +673,7 @@ Proof. Qed. Lemma foldi_eq_compat : forall A (f1 f2:int -> A -> A) min max a, - (forall i a, min <= i = true -> i < max = true -> f1 i a = f2 i a) -> + (forall i a, min <=? i = true -> i <? max = true -> f1 i a = f2 i a) -> foldi f1 min max a = foldi f2 min max a. Proof. intros A f1 f2 min max a Hf. @@ -702,7 +702,7 @@ Proof. Qed. Lemma to_list_In : forall {A} (t: array A) i, - i < length t = true -> In (t.[i]) (to_list t). + i <? length t = true -> In (t.[i]) (to_list t). intros A t i; assert (Bt := to_Z_bounded (length t)); assert (Bi := to_Z_bounded i); rewrite ltb_spec; unfold to_list. rewrite <- in_rev. apply foldi_ind. @@ -719,13 +719,13 @@ Lemma to_list_In : forall {A} (t: array A) i, Qed. Lemma to_list_In_eq : forall {A} (t: array A) i x, - i < length t = true -> x = t.[i] -> In x (to_list t). + i <? length t = true -> x = t.[i] -> In x (to_list t). Proof. intros A t i x Hi ->. now apply to_list_In. Qed. Lemma In_to_list : forall {A} (t: array A) x, - In x (to_list t) -> exists i, i < length t = true /\ x = t.[i]. + In x (to_list t) -> exists i, i <? length t = true /\ x = t.[i]. Proof. intros A t x; assert (Bt := to_Z_bounded (length t)); unfold to_list. rewrite <- in_rev. @@ -786,7 +786,7 @@ Proof. Qed. Lemma get_amapi : forall {A B} (f:int -> A -> B) t i, - i < length t = true -> (amapi f t).[i] = f i (t.[i]). + i <? length t = true -> (amapi f t).[i] = f i (t.[i]). Proof. intros A B f t. assert (Bt := to_Z_bounded (length t)). @@ -806,13 +806,13 @@ Proof. Qed. Lemma get_amap : forall {A B} (f:A -> B) t i, - i < length t = true -> (amap f t).[i] = f (t.[i]). + i <? length t = true -> (amap f t).[i] = f (t.[i]). Proof. intros; unfold amap; apply get_amapi; assumption. Qed. Lemma get_amapi_outofbound : forall {A B} (f:int -> A -> B) t i, - i < length t = false -> (amapi f t).[i] = f (length t) (default t). + i <? length t = false -> (amapi f t).[i] = f (length t) (default t). Proof. intros A B f t i H1; rewrite get_outofbound. apply default_amapi. @@ -820,7 +820,7 @@ Proof. Qed. Lemma get_amap_outofbound : forall {A B} (f:A -> B) t i, - i < length t = false -> (amap f t).[i] = f (default t). + i <? length t = false -> (amap f t).[i] = f (default t). Proof. intros; unfold amap; apply get_amapi_outofbound; assumption. Qed. @@ -845,7 +845,7 @@ Qed. (** Some properties about afold_left *) Definition afold_left A default (OP : A -> A -> A) (V : array A) := - if length V == 0 then default + if length V =? 0 then default else foldi (fun i a => OP a (V.[i])) 1 (length V) (V.[0]). Lemma afold_left_spec : forall A args op (e : A), @@ -863,7 +863,7 @@ Lemma afold_left_spec : forall A args op (e : A), Lemma afold_left_eq : forall A OP (def : A) V1 V2, length V1 = length V2 -> - (forall i, i < length V1 = true -> V1.[i] = V2.[i]) -> + (forall i, i <? length V1 = true -> V1.[i] = V2.[i]) -> afold_left _ def OP V1 = afold_left _ def OP V2. Proof. intros A OP def V1 V2 Heqlength HeqV. @@ -885,8 +885,8 @@ Qed. Lemma afold_left_ind : forall A OP def V (P : int -> A -> Prop), (length V = 0 -> P 0 def) -> - (0 < length V = true -> P 1 (V.[0])) -> - (forall a i, 0 < i = true -> i < length V = true -> P i a -> P (i + 1) (OP a (V.[i]))) -> + (0 <? length V = true -> P 1 (V.[0])) -> + (forall a i, 0 <? i = true -> i <? length V = true -> P i a -> P (i + 1) (OP a (V.[i]))) -> P (length V) (afold_left A def OP V). Proof. intros A OP def V P HP0 HP1 HPOP. @@ -905,7 +905,7 @@ Qed. (** Some properties about afold_right *) Definition afold_right A default (OP : A -> A -> A) (V : array A) := - if length V == 0 then default + if length V =? 0 then default else foldi (fun i => OP (V.[length V - 1 - i])) 1 (length V) (V.[length V - 1]). Lemma afold_right_spec : forall A args op (e : A), @@ -927,7 +927,7 @@ Lemma afold_right_spec : forall A args op (e : A), Lemma afold_right_eq : forall A OP (def : A) V1 V2, length V1 = length V2 -> - (forall i, i < length V1 = true -> V1.[i] = V2.[i]) -> + (forall i, i <? length V1 = true -> V1.[i] = V2.[i]) -> afold_right _ def OP V1 = afold_right _ def OP V2. Proof. intros A OP def V1 V2 Heqlength HeqV. @@ -948,8 +948,8 @@ Qed. Lemma afold_right_ind : forall A OP def V (P : int -> A -> Prop), (length V = 0 -> P 0 def) -> - (0 < length V = true -> P (length V - 1) (V.[length V - 1])) -> - (forall a i, 0 < i = true -> i < length V = true -> P i a -> P (i - 1) (OP (V.[i - 1]) a)) -> + (0 <? length V = true -> P (length V - 1) (V.[length V - 1])) -> + (forall a i, 0 <? i = true -> i <? length V = true -> P i a -> P (i - 1) (OP (V.[i - 1]) a)) -> P 0 (afold_right A def OP V). Proof. intros A OP def V P HP0 HP1 HPOP. @@ -972,7 +972,7 @@ Qed. (* Case andb *) Lemma afold_left_andb_false : forall i a, - i < length a = true -> + i <? length a = true -> a .[ i] = false -> afold_left bool true andb a = false. Proof. @@ -991,7 +991,7 @@ Qed. Lemma afold_left_andb_false_inv : forall a, afold_left bool true andb a = false -> - exists i, (i < length a = true) /\ (a .[ i] = false). + exists i, (i <? length a = true) /\ (a .[ i] = false). Proof. intro a; assert (Ba := to_Z_bounded (length a)). rewrite afold_left_spec by apply andb_true_l; apply foldi_ind. @@ -1008,7 +1008,7 @@ Proof. Qed. Lemma afold_left_andb_true : forall a, - (forall i, i < length a = true -> a.[i] = true) -> + (forall i, i <? length a = true -> a.[i] = true) -> afold_left bool true andb a = true. Proof. intros a H. @@ -1020,7 +1020,7 @@ Qed. Lemma afold_left_andb_true_inv : forall a, afold_left bool true andb a = true -> - forall i, i < length a = true -> a.[i] = true. + forall i, i <? length a = true -> a.[i] = true. Proof. intros a H i; assert (Ba := to_Z_bounded (length a)); assert (Bi := to_Z_bounded i). revert H; rewrite afold_left_spec by apply andb_true_l; apply foldi_ind. @@ -1052,7 +1052,7 @@ Qed. (* Case orb *) Lemma afold_left_orb_true : forall i a, - i < length a = true -> + i <? length a = true -> a .[ i] = true -> afold_left bool false orb a = true. Proof. @@ -1071,7 +1071,7 @@ Qed. Lemma afold_left_orb_true_inv : forall a, afold_left bool false orb a = true -> - exists i, i < length a = true /\ a .[ i] = true. + exists i, i <? length a = true /\ a .[ i] = true. Proof. intro a; assert (Ba := to_Z_bounded (length a)). rewrite afold_left_spec by apply andb_true_l; apply foldi_ind. @@ -1088,7 +1088,7 @@ Proof. Qed. Lemma afold_left_orb_false : forall a, - (forall i, i < length a = true -> a.[i] = false) -> + (forall i, i <? length a = true -> a.[i] = false) -> afold_left bool false orb a = false. Proof. intros a H. @@ -1100,7 +1100,7 @@ Qed. Lemma afold_left_orb_false_inv : forall a, afold_left bool false orb a = false -> - forall i, i < length a = true -> a.[i] = false. + forall i, i <? length a = true -> a.[i] = false. Proof. intros a H i; assert (Ba := to_Z_bounded (length a)); assert (Bi := to_Z_bounded i). revert H; rewrite afold_left_spec by apply andb_true_l; apply foldi_ind. @@ -1132,8 +1132,8 @@ Qed. (* Case implb *) Lemma afold_right_implb_false : forall a, - 0 < length a = true /\ - (forall i, i < length a - 1 = true -> a .[ i] = true) /\ + 0 <? length a = true /\ + (forall i, i <? length a - 1 = true -> a .[ i] = true) /\ a.[length a - 1] = false -> afold_right bool true implb a = false. Proof. @@ -1150,8 +1150,8 @@ Qed. Lemma afold_right_implb_false_inv : forall a, afold_right bool true implb a = false -> - 0 < length a = true /\ - (forall i, i < length a - 1 = true -> a .[ i] = true) /\ + 0 <? length a = true /\ + (forall i, i <? length a - 1 = true -> a .[ i] = true) /\ a.[length a - 1] = false. Proof. intros a H; assert (Ba := to_Z_bounded (length a)); split; [ | split ]. @@ -1185,7 +1185,7 @@ Proof. Qed. Lemma afold_right_implb_true_aux : forall a, - (exists i, i < length a - 1 = true /\ a.[i] = false) -> + (exists i, i <? length a - 1 = true /\ a.[i] = false) -> afold_right bool true implb a = true. Proof. intros a [ i [ Hi Hai ] ]. @@ -1206,8 +1206,8 @@ Proof. Qed. Lemma afold_right_implb_true : forall a, - length a = 0 \/ (exists i, i < length a - 1 = true /\ a.[i] = false) \/ - (forall i, i < length a = true -> a.[i] = true) -> + length a = 0 \/ (exists i, i <? length a - 1 = true /\ a.[i] = false) \/ + (forall i, i <? length a = true -> a.[i] = true) -> afold_right bool true implb a = true. Proof. intro a; assert (Ba := to_Z_bounded (length a)); case (reflect_eqb (length a) 0). @@ -1216,7 +1216,7 @@ Proof. intros [H1|[H1|H1]]. elim (Hneq H1). apply afold_right_implb_true_aux; auto. - assert (Heq : length a == 0 = false) by (rewrite <- not_true_iff_false, eqb_spec; exact Hneq). + assert (Heq : length a =? 0 = false) by (rewrite <- not_true_iff_false, eqb_spec; exact Hneq). unfold afold_right; rewrite Heq. revert Hneq; rewrite <- to_Z_eq, to_Z_0; intro Hneq. apply (foldi_ind _ (fun i a => a = true)). @@ -1230,12 +1230,12 @@ Qed. Lemma afold_right_implb_true_inv : forall a, afold_right bool true implb a = true -> - length a = 0 \/ (exists i, i < length a - 1 = true /\ a.[i] = false) \/ - (forall i, i < length a = true -> a.[i] = true). + length a = 0 \/ (exists i, i <? length a - 1 = true /\ a.[i] = false) \/ + (forall i, i <? length a = true -> a.[i] = true). Proof. intros a H; cut (length a = 0 - \/ (exists i, 0 <= i = true /\ i < length a - 1 = true /\ a.[i] = false) - \/ (forall i, 0 <= i = true -> i < length a = true -> a.[i] = true)). + \/ (exists i, 0 <=? i = true /\ i <? length a - 1 = true /\ a.[i] = false) + \/ (forall i, 0 <=? i = true -> i <? length a = true -> a.[i] = true)). clear H; intro H; destruct H as [ H | H ]. left; tauto. destruct H as [ H | H ]. @@ -1276,18 +1276,18 @@ Qed. (* Other cases *) Lemma afold_left_length_2 : forall A default OP t, - (length t == 2) = true -> + (length t =? 2) = true -> afold_left A default OP t = OP (t.[0]) (t.[1]). Proof. - intros A default OP t H; unfold afold_left; rewrite eqb_spec in H; rewrite H; change (2 == 0) with false; reflexivity. + intros A default OP t H; unfold afold_left; rewrite eqb_spec in H; rewrite H; change (2 =? 0) with false; reflexivity. Qed. Lemma afold_right_length_2 : forall A default OP t, - (length t == 2) = true -> + (length t =? 2) = true -> afold_right A default OP t = OP (t.[0]) (t.[1]). Proof. - intros A default OP t H; unfold afold_right; rewrite eqb_spec in H; rewrite H; change (2 == 0) with false; reflexivity. + intros A default OP t H; unfold afold_right; rewrite eqb_spec in H; rewrite H; change (2 =? 0) with false; reflexivity. Qed. @@ -1305,77 +1305,77 @@ Ltac tac_right := Lemma afold_left_xorb_false1 : forall t, - (PArray.length t == 2) = true -> + (PArray.length t =? 2) = true -> t .[ 0] = false -> t .[ 1] = false -> afold_left bool false xorb t = false. Proof. tac_left. Qed. Lemma afold_left_xorb_false2 : forall t, - (PArray.length t == 2) = true -> + (PArray.length t =? 2) = true -> t .[ 0] = true -> t .[ 1] = true -> afold_left bool false xorb t = false. Proof. tac_left. Qed. Lemma afold_left_xorb_true1 : forall t, - (PArray.length t == 2) = true -> + (PArray.length t =? 2) = true -> t .[ 0] = false -> t .[ 1] = true -> afold_left bool false xorb t = true. Proof. tac_left. Qed. Lemma afold_left_xorb_true2 : forall t, - (PArray.length t == 2) = true -> + (PArray.length t =? 2) = true -> t .[ 0] = true -> t .[ 1] = false -> afold_left bool false xorb t = true. Proof. tac_left. Qed. (* Lemma afold_right_implb_false : forall t f, *) -(* (PArray.length t == 2) = true -> *) +(* (PArray.length t =? 2) = true -> *) (* f (t .[ 0]) = true -> f (t .[ 1]) = false -> *) (* afold_right bool int true implb f t = false. *) (* Proof. tac_right. Qed. *) (* Lemma afold_right_implb_true1 : forall t f, *) -(* (PArray.length t == 2) = true -> *) +(* (PArray.length t =? 2) = true -> *) (* f (t .[ 0]) = false -> *) (* afold_right bool int true implb f t = true. *) (* Proof. tac_right. Qed. *) (* Lemma afold_right_implb_true2 : forall t f, *) -(* (PArray.length t == 2) = true -> *) +(* (PArray.length t =? 2) = true -> *) (* f (t.[1]) = true -> *) (* afold_right bool int true implb f t = true. *) (* Proof. tac_right. Qed. *) Lemma afold_left_eqb_false1 : forall t, - (PArray.length t == 2) = true -> + (PArray.length t =? 2) = true -> t .[ 0] = false -> t .[ 1] = true -> afold_left bool true eqb t = false. Proof. tac_left. Qed. Lemma afold_left_eqb_false2 : forall t, - (PArray.length t == 2) = true -> + (PArray.length t =? 2) = true -> t .[ 0] = true -> t .[ 1] = false -> afold_left bool true eqb t = false. Proof. tac_left. Qed. Lemma afold_left_eqb_true1 : forall t, - (PArray.length t == 2) = true -> + (PArray.length t =? 2) = true -> t .[ 0] = true -> t .[ 1] = true -> afold_left bool true eqb t = true. Proof. tac_left. Qed. Lemma afold_left_eqb_true2 : forall t, - (PArray.length t == 2) = true -> + (PArray.length t =? 2) = true -> t .[ 0] = false -> t .[ 1] = false -> afold_left bool true eqb t = true. Proof. tac_left. Qed. @@ -1573,7 +1573,7 @@ Definition aexistsbi {A:Type} (f:int->A->bool) (t:array A) := Lemma aexistsbi_false_spec : forall A (f : int -> A -> bool) t, aexistsbi f t = false <-> - forall i, i < length t = true -> f i (t.[i]) = false. + forall i, i <? length t = true -> f i (t.[i]) = false. Proof. intros A f t; unfold aexistsbi. split. @@ -1586,7 +1586,7 @@ Proof. Qed. Lemma aexistsbi_spec : forall A (f : int -> A -> bool) t, - aexistsbi f t = true <-> exists i, i < length t = true /\ f i (t.[i]) = true. + aexistsbi f t = true <-> exists i, i <? length t = true /\ f i (t.[i]) = true. Proof. intros A f t; unfold aexistsbi. split. @@ -1602,7 +1602,7 @@ Definition aforallbi {A:Type} (f:int->A->bool) (t:array A) := afold_left _ true andb (amapi f t). Lemma aforallbi_false_spec : forall A (f : int -> A -> bool) t, - aforallbi f t = false <-> exists i, i < length t = true /\ f i (t.[i]) = false. + aforallbi f t = false <-> exists i, i <? length t = true /\ f i (t.[i]) = false. Proof. intros A f t; unfold aforallbi. split. @@ -1616,7 +1616,7 @@ Qed. Lemma aforallbi_spec : forall A (f : int -> A -> bool) t, aforallbi f t = true <-> - forall i, i < length t = true -> f i (t.[i]) = true. + forall i, i <? length t = true -> f i (t.[i]) = true. Proof. intros A f t; unfold aforallbi. split. diff --git a/src/PArray/PArray.v b/src/PArray/PArray.v index 03f1abd..891db84 100644 --- a/src/PArray/PArray.v +++ b/src/PArray/PArray.v @@ -27,9 +27,9 @@ Module IntOrderedType <: OrderedType. Definition t := int. - Definition eq x y := (x == y) = true. + Definition eq x y := (x =? y) = true. - Definition lt x y := (x < y) = true. + Definition lt x y := (x <? y) = true. Lemma eq_refl x : eq x x. Proof. unfold eq. rewrite eqb_spec. reflexivity. Qed. @@ -48,9 +48,9 @@ Module IntOrderedType <: OrderedType. Definition compare x y : Compare lt eq x y. Proof. - case_eq (x < y); intro e. + case_eq (x <? y); intro e. exact (LT e). - case_eq (x == y); intro e2. + case_eq (x =? y); intro e2. exact (EQ e2). apply GT. unfold lt. rewrite <- Bool.not_false_iff_true, <- Bool.not_true_iff_false, ltb_spec, eqb_spec in *; intro e3. @@ -59,7 +59,7 @@ Module IntOrderedType <: OrderedType. Definition eq_dec x y : { eq x y } + { ~ eq x y }. Proof. - case_eq (x == y); intro e. + case_eq (x =? y); intro e. left; exact e. right. intro H. rewrite H in e. discriminate. Defined. @@ -78,7 +78,7 @@ Definition make {A:Type} (l:int) (d:A) : array A := (Map.empty A, d, l). Definition get {A:Type} (t:array A) (i:int) : A := let (td, l) := t in let (t, d) := td in - if i < l then + if i <? l then match Map.find i t with | Some x => x | None => d @@ -90,7 +90,7 @@ Definition default {A:Type} (t:array A) : A := Definition set {A:Type} (t:array A) (i:int) (a:A) : array A := let (td,l) := t in - if l <= i then + if l <=? i then t else let (t,d) := td in @@ -115,14 +115,14 @@ Definition max_length := max_int. Require FSets.FMapFacts. Module P := FSets.FMapFacts.WProperties_fun IntOrderedType Map. -Lemma get_outofbound : forall A (t:array A) i, (i < length t) = false -> t.[i] = default t. +Lemma get_outofbound : forall A (t:array A) i, (i <? length t) = false -> t.[i] = default t. intros A t i; unfold get. destruct t as ((t, d), l). unfold length; intro Hi; rewrite Hi; clear Hi. reflexivity. Qed. -Lemma get_set_same : forall A t i (a:A), (i < length t) = true -> t.[i<-a].[i] = a. +Lemma get_set_same : forall A t i (a:A), (i <? length t) = true -> t.[i<-a].[i] = a. intros A t i a. destruct t as ((t, d), l). unfold set, get, length. @@ -143,7 +143,7 @@ Lemma get_set_other : forall A t i j (a:A), i <> j -> t.[i<-a].[j] = t.[j]. intros A t i j a Hij. destruct t as ((t, d), l). unfold set, get, length. -case (l <= i). +case (l <=? i). reflexivity. rewrite P.F.add_neq_o. reflexivity. @@ -156,17 +156,17 @@ Lemma default_set : forall A t i (a:A), default (t.[i<-a]) = default t. intros A t i a. destruct t as ((t, d), l). unfold default, set. -case (l <= i); reflexivity. +case (l <=? i); reflexivity. Qed. Lemma get_make : forall A (a:A) size i, (make size a).[i] = a. intros A a size i. unfold make, get. rewrite P.F.empty_o. -case (i < size); reflexivity. +case (i <? size); reflexivity. Qed. -Lemma leb_length : forall A (t:array A), length t <= max_length = true. +Lemma leb_length : forall A (t:array A), length t <=? max_length = true. intros A t. generalize (length t); clear t. intro i. @@ -177,10 +177,10 @@ apply to_Z_bounded. Qed. Lemma length_make : forall A size (a:A), - length (make size a) = if size <= max_length then size else max_length. + length (make size a) = if size <=? max_length then size else max_length. intros A size a. unfold length, make. -replace (size <= max_length) with true. +replace (size <=? max_length) with true. reflexivity. symmetry. rewrite leb_spec. @@ -194,7 +194,7 @@ Lemma length_set : forall A t i (a:A), intros A t i a. destruct t as ((t, d), l). unfold length, set. -case (l <= i); reflexivity. +case (l <=? i); reflexivity. Qed. Lemma get_copy : forall A (t:array A) i, (copy t).[i] = t.[i]. @@ -211,7 +211,7 @@ Qed. (* Axiom array_ext : forall A (t1 t2:array A), length t1 = length t2 -> - (forall i, i < length t1 = true -> t1.[i] = t2.[i]) -> + (forall i, i <? length t1 = true -> t1.[i] = t2.[i]) -> default t1 = default t2 -> t1 = t2. *) @@ -229,7 +229,7 @@ Qed. Lemma get_set_same_default A (t : array A) (i : int) : t.[i <- default t].[i] = default t. unfold default, get, set. destruct t as ((t, d), l). -case_eq (i < l). +case_eq (i <? l). intro H; generalize H. rewrite ltb_spec. rewrite Z.lt_nge. @@ -252,10 +252,10 @@ reflexivity. Qed. Lemma get_not_default_lt A (t:array A) x : - t.[x] <> default t -> (x < length t) = true. + t.[x] <> default t -> (x <? length t) = true. unfold get, default, length. destruct t as ((t, d), l). -case (x < l); tauto. +case (x <? l); tauto. Qed. (* diff --git a/src/SMT_terms.v b/src/SMT_terms.v index 77dc21f..b19f106 100644 --- a/src/SMT_terms.v +++ b/src/SMT_terms.v @@ -108,17 +108,17 @@ Module Form. Definition lt_form i h := match h with | Fatom _ | Ftrue | Ffalse => true - | Fnot2 _ l => Lit.blit l < i + | Fnot2 _ l => Lit.blit l <? i | Fand args | For args | Fimp args => - aforallbi (fun _ l => Lit.blit l < i) args - | Fxor a b | Fiff a b => (Lit.blit a < i) && (Lit.blit b < i) - | Fite a b c => (Lit.blit a < i) && (Lit.blit b < i) && (Lit.blit c < i) - | FbbT _ ls => List.forallb (fun l => Lit.blit l < i) ls + aforallbi (fun _ l => Lit.blit l <? i) args + | Fxor a b | Fiff a b => (Lit.blit a <? i) && (Lit.blit b <? i) + | Fite a b c => (Lit.blit a <? i) && (Lit.blit b <? i) && (Lit.blit c <? i) + | FbbT _ ls => List.forallb (fun l => Lit.blit l <? i) ls end. Lemma lt_form_interp_form_aux : forall f1 f2 i h, - (forall j, j < i -> f1 j = f2 j) -> + (forall j, j <? i -> f1 j = f2 j) -> lt_form i h -> interp_aux f1 h = interp_aux f2 h. Proof. @@ -161,11 +161,11 @@ Module Form. intros;rewrite default_set;trivial. Qed. - Lemma t_interp_wf : forall i, i < PArray.length t_form -> + Lemma t_interp_wf : forall i, i <? PArray.length t_form -> t_interp.[i] = interp_aux (PArray.get t_interp) (t_form.[i]). Proof. set (P' i t := length t = length t_form -> - forall j, j < i -> + forall j, j <? i -> t.[j] = interp_aux (PArray.get t) (t_form.[j])). assert (P' (length t_form) t_interp). unfold is_true, wf in wf_t_i;rewrite aforallbi_spec in wf_t_i. @@ -179,7 +179,7 @@ Module Form. intros;rewrite get_set_other;trivial. intros Heq;elim (not_ltb_refl i);rewrite Heq at 1;trivial. rewrite H2;trivial. - assert (j < i). + assert (j <? i). assert ([|j|] <> [|i|]) by (intros Heq1;elim n;apply to_Z_inj;trivial). generalize H3;unfold is_true;rewrite !ltb_spec, (to_Z_add_1 _ _ H0); auto with zarith. @@ -203,7 +203,7 @@ Module Form. Lemma wf_interp_form_lt : forall t_form, wf t_form -> - forall x, x < PArray.length t_form -> + forall x, x <? PArray.length t_form -> interp_state_var t_form x = interp t_form (t_form.[x]). Proof. unfold interp_state_var;intros. @@ -214,7 +214,7 @@ Module Form. forall t_form, PArray.default t_form = Ftrue -> wf t_form -> forall x, interp_state_var t_form x = interp t_form (t_form.[x]). Proof. - intros t Hd Hwf x;case_eq (x < PArray.length t);intros. + intros t Hd Hwf x;case_eq (x <? PArray.length t);intros. apply wf_interp_form_lt;trivial. unfold interp_state_var;rewrite !PArray.get_outofbound;trivial. rewrite default_t_interp, Hd;trivial. @@ -834,12 +834,12 @@ Module Atom. Definition eqb (t t':atom) := match t,t' with | Acop o, Acop o' => cop_eqb o o' - | Auop o t, Auop o' t' => uop_eqb o o' && (t == t') - | Abop o t1 t2, Abop o' t1' t2' => bop_eqb o o' && (t1 == t1') && (t2 == t2') + | Auop o t, Auop o' t' => uop_eqb o o' && (t =? t') + | Abop o t1 t2, Abop o' t1' t2' => bop_eqb o o' && (t1 =? t1') && (t2 =? t2') | Anop o t, Anop o' t' => nop_eqb o o' && list_beq Int63.eqb t t' | Atop o t1 t2 t3, Atop o' t1' t2' t3' => - top_eqb o o' && (t1 == t1') && (t2 == t2') && (t3 == t3') - | Aapp a la, Aapp b lb => (a == b) && list_beq Int63.eqb la lb + top_eqb o o' && (t1 =? t1') && (t2 =? t2') && (t3 =? t3') + | Aapp a la, Aapp b lb => (a =? b) && list_beq Int63.eqb la lb | _, _ => false end. @@ -2226,15 +2226,15 @@ Qed. Definition lt_atom i a := match a with | Acop _ => true - | Auop _ h => h < i - | Abop _ h1 h2 => (h1 < i) && (h2 < i) - | Atop _ h1 h2 h3 => (h1 < i) && (h2 < i) && (h3 < i) - | Anop _ ha => List.forallb (fun h => h < i) ha - | Aapp f args => List.forallb (fun h => h < i) args + | Auop _ h => h <? i + | Abop _ h1 h2 => (h1 <? i) && (h2 <? i) + | Atop _ h1 h2 h3 => (h1 <? i) && (h2 <? i) && (h3 <? i) + | Anop _ ha => List.forallb (fun h => h <? i) ha + | Aapp f args => List.forallb (fun h => h <? i) args end. Lemma lt_interp_aux : - forall f1 f2 i, (forall j, j < i -> f1 j = f2 j) -> + forall f1 f2 i, (forall j, j <? i -> f1 j = f2 j) -> forall a, lt_atom i a -> interp_aux f1 a = interp_aux f2 a. Proof. @@ -2277,12 +2277,12 @@ Qed. intros;rewrite default_set;trivial. Qed. - Lemma t_interp_wf_lt : forall i, i < PArray.length t_atom -> + Lemma t_interp_wf_lt : forall i, i <? PArray.length t_atom -> t_interp.[i] = interp_aux (PArray.get t_interp) (t_atom.[i]). Proof. assert (Bt := to_Z_bounded (length t_atom)). set (P' i t := length t = length t_atom -> - forall j, j < i -> + forall j, j <? i -> t.[j] = interp_aux (PArray.get t) (t_atom.[j])). assert (P' (length t_atom) t_interp). unfold is_true, wf in wf_t_i;rewrite aforallbi_spec in wf_t_i. @@ -2296,7 +2296,7 @@ Qed. intros;rewrite get_set_other;trivial. intros Heq;elim (not_ltb_refl i);rewrite Heq at 1;trivial. rewrite H2;trivial. - assert (j < i). + assert (j <? i). assert ([|j|] <> [|i|]) by(intros Heq1;elim n;apply to_Z_inj;trivial). generalize H3;unfold is_true;rewrite !ltb_spec, (to_Z_add_1 _ _ H0);auto with zarith. @@ -2313,7 +2313,7 @@ Qed. Lemma t_interp_wf : forall i, t_interp.[i] = interp_aux (PArray.get t_interp) (t_atom.[i]). Proof. - intros i;case_eq (i< PArray.length t_atom);intros. + intros i;case_eq (i <? PArray.length t_atom);intros. apply t_interp_wf_lt;trivial. rewrite !PArray.get_outofbound;trivial. rewrite default_t_atom, default_t_interp;trivial. @@ -2328,10 +2328,10 @@ Qed. Lemma check_aux_interp_aux_lt_aux : forall a h, (forall j : int, - j < h -> + j <? h -> exists v : interp_t (v_type Typ.type interp_t (a .[ j])), a .[ j] = Bval (v_type Typ.type interp_t (a .[ j])) v) -> - forall l, List.forallb (fun h0 : int => h0 < h) l = true -> + forall l, List.forallb (fun h0 : int => h0 <? h) l = true -> forall (f0: tval), exists v : interp_t @@ -2356,9 +2356,9 @@ Qed. exists true; auto. Qed. - Lemma check_aux_interp_aux_lt : forall h, h < length t_atom -> + Lemma check_aux_interp_aux_lt : forall h, h <? length t_atom -> forall a, - (forall j, j < h -> + (forall j, j <? h -> exists v, a.[j] = Bval (v_type _ _ (a.[j])) v) -> exists v, interp_aux (get a) (t_atom.[h]) = Bval (v_type _ _ (interp_aux (get a) (t_atom.[h]))) v. @@ -2485,19 +2485,19 @@ Qed. (k3 (Typ.interp t_i) z)); auto. (* N-ary operators *) - intros [A] l; assert (forall acc, List.forallb (fun h0 : int => h0 < h) l = true -> exists v, match compute_interp (get a) A acc l with | Some l0 => Bval Typ.Tbool (distinct (Typ.i_eqb t_i A) (rev l0)) | None => bvtrue end = Bval (v_type Typ.type interp_t match compute_interp (get a) A acc l with | Some l0 => Bval Typ.Tbool (distinct (Typ.i_eqb t_i A) (rev l0)) | None => bvtrue end) v); auto; induction l as [ |i l IHl]; simpl. + intros [A] l; assert (forall acc, List.forallb (fun h0 : int => h0 <? h) l = true -> exists v, match compute_interp (get a) A acc l with | Some l0 => Bval Typ.Tbool (distinct (Typ.i_eqb t_i A) (rev l0)) | None => bvtrue end = Bval (v_type Typ.type interp_t match compute_interp (get a) A acc l with | Some l0 => Bval Typ.Tbool (distinct (Typ.i_eqb t_i A) (rev l0)) | None => bvtrue end) v); auto; induction l as [ |i l IHl]; simpl. intros acc _; exists (distinct (Typ.i_eqb t_i A) (rev acc)); auto. intro acc; rewrite andb_true_iff; intros [H1 H2]; destruct (IH _ H1) as [va Hva]; rewrite Hva; simpl; case (Typ.cast (v_type Typ.type interp_t (a .[ i])) A); simpl; try (exists true; auto); intro k; destruct (IHl (k interp_t va :: acc) H2) as [vb Hvb]; exists vb; auto. (* Application *) intros i l H; apply (check_aux_interp_aux_lt_aux a h IH l H (t_func.[i])). Qed. - Lemma check_aux_interp_hatom_lt : forall h, h < length t_atom -> + Lemma check_aux_interp_hatom_lt : forall h, h <? length t_atom -> exists v, t_interp.[h] = Bval (get_type h) v. Proof. assert (Bt := to_Z_bounded (length t_atom)). set (P' i t := length t = length t_atom -> - forall j, j < i -> + forall j, j <? i -> exists v, t.[j] = Bval (v_type Typ.type interp_t (t.[j])) v). assert (P' (length t_atom) t_interp). unfold t_interp;apply foldi_ind;unfold P';intros. @@ -2508,7 +2508,7 @@ Qed. rewrite e, PArray.get_set_same. apply check_aux_interp_aux_lt; auto. rewrite H2; auto. - assert (j < i). + assert (j <? i). assert ([|j|] <> [|i|]) by(intros Heq1;elim n;apply to_Z_inj;trivial). generalize H3;unfold is_true;rewrite !ltb_spec, (to_Z_add_1 _ _ H0);auto with zarith. @@ -2519,7 +2519,7 @@ Qed. Lemma check_aux_interp_hatom : forall h, exists v, t_interp.[h] = Bval (get_type h) v. Proof. - intros i;case_eq (i< PArray.length t_atom);intros. + intros i;case_eq (i <? PArray.length t_atom);intros. apply check_aux_interp_hatom_lt;trivial. unfold get_type'; rewrite !PArray.get_outofbound;trivial. rewrite default_t_interp; simpl; exists (1%positive); auto. diff --git a/src/State.v b/src/State.v index 8b899f1..4b4183b 100644 --- a/src/State.v +++ b/src/State.v @@ -80,7 +80,7 @@ Module Lit. Lemma lit_false : _false = lit Var._false. Proof. reflexivity. Qed. - Definition eqb (l l' : _lit) := l == l'. + Definition eqb (l l' : _lit) := l =? l'. (* Register eqb as PrimInline. *) Lemma eqb_spec : forall l l', eqb l l' = true <-> l = l'. @@ -217,7 +217,7 @@ Module Lit. unfold interp, Var.interp;intros rho1 rho2 l Heq;rewrite Heq;trivial. Qed. - Lemma lxor_neg : forall l1 l2, (l1 lxor l2 == 1) = true -> l1 = Lit.neg l2. + Lemma lxor_neg : forall l1 l2, (l1 lxor l2 =? 1) = true -> l1 = Lit.neg l2. Proof. unfold Lit.neg; intros l1 l2;rewrite eqb_spec;intros Heq;rewrite <- Heq. rewrite lxorC, <- lxorA, lxor_nilpotent, lxor0_r;trivial. @@ -228,14 +228,14 @@ End Lit. Lemma compare_spec' : forall x y, match x ?= y with - | Lt => x < y + | Lt => x <? y | Eq => x = y - | Gt => y < x + | Gt => y <? x end. Proof. intros x y;rewrite compare_def_spec;unfold compare_def. - case_eq (x < y);intros;[reflexivity | ]. - case_eq (x == y);intros. + case_eq (x <? y);intros;[reflexivity | ]. + case_eq (x =? y);intros. rewrite <- eqb_spec;trivial. rewrite <- not_true_iff_false in H, H0. unfold is_true in *;rewrite ltb_spec in H |- *;rewrite eqb_spec in H0. @@ -264,7 +264,7 @@ Module C. Fixpoint has_true (c:t) := match c with | nil => false - | l :: c => (l == Lit._true) || has_true c + | l :: c => (l =? Lit._true) || has_true c end. @@ -343,9 +343,9 @@ Module C. | l2::c2' => match compare l1 l2 with | Eq => l1 :: resolve c1 c2' - | Lt => if l1 lxor l2 == 1 then or c1 c2' else l1 :: resolve c1 c2 + | Lt => if l1 lxor l2 =? 1 then or c1 c2' else l1 :: resolve c1 c2 | Gt => - if l1 lxor l2 == 1 then or c1 c2' else l2 :: resolve_aux c2' + if l1 lxor l2 =? 1 then or c1 c2' else l2 :: resolve_aux c2' end end. @@ -359,13 +359,13 @@ Module C. induction c2;simpl;try discriminate. generalize (compare_spec' l1 a);destruct (l1 ?= a);intros;subst;simpl. simpl in Hc1;destruct (Lit.interp rho l1);simpl in *;auto. - generalize (Lit.lxor_neg l1 a);destruct (l1 lxor a == 1);intros. + generalize (Lit.lxor_neg l1 a);destruct (l1 lxor a =? 1);intros. rewrite or_correct. rewrite H1, Lit.interp_neg in Hc1;trivial;destruct (Lit.interp rho a). simpl in Hc1;rewrite Hc1;trivial. simpl in H0;rewrite H0, orb_true_r;trivial. simpl;destruct (Lit.interp rho l1);simpl;auto. - generalize (Lit.lxor_neg l1 a);destruct (l1 lxor a == 1);intros. + generalize (Lit.lxor_neg l1 a);destruct (l1 lxor a =? 1);intros. rewrite or_correct. rewrite H1, Lit.interp_neg in Hc1;trivial;destruct (Lit.interp rho a). simpl in Hc1;rewrite Hc1;trivial. @@ -382,9 +382,9 @@ Module C. | l1::c1, l2::c2' => match compare l1 l2 with | Eq => l1 :: resolve c1 c2' - | Lt => if l1 lxor l2 == 1 then or c1 c2' else l1 :: resolve c1 c2 + | Lt => if l1 lxor l2 =? 1 then or c1 c2' else l1 :: resolve c1 c2 | Gt => - if l1 lxor l2 == 1 then or c1 c2' else l2 :: resolve_aux resolve l1 c1 c2' + if l1 lxor l2 =? 1 then or c1 c2' else l2 :: resolve_aux resolve l1 c1 c2' end end. @@ -397,13 +397,13 @@ Module C. intros Hc1 Hc2. generalize (compare_spec' a i);destruct (a ?= i);intros;subst;simpl. destruct (Lit.interp rho i);simpl in *;auto. - generalize (Lit.lxor_neg a i);destruct (a lxor i == 1);intros. + generalize (Lit.lxor_neg a i);destruct (a lxor i =? 1);intros. rewrite or_correct. rewrite H0, Lit.interp_neg in Hc1;trivial;destruct (Lit.interp rho i). simpl in Hc1;rewrite Hc1;trivial. simpl in Hc2;rewrite Hc2, orb_true_r;trivial. simpl;destruct (Lit.interp rho a);simpl;auto. - generalize (Lit.lxor_neg a i);destruct (a lxor i == 1);intros. + generalize (Lit.lxor_neg a i);destruct (a lxor i =? 1);intros. rewrite or_correct. rewrite H0, Lit.interp_neg in Hc1;trivial;destruct (Lit.interp rho i). simpl in Hc1;rewrite Hc1;trivial. @@ -485,7 +485,7 @@ Module S. Proof. unfold valid, get;simpl;intros. destruct (reflect_eqb id id0);subst. - case_eq (id0 < length s);intros. + case_eq (id0 <? length s);intros. rewrite PArray.get_set_same;trivial. rewrite PArray.get_outofbound. rewrite PArray.default_set. @@ -505,9 +505,9 @@ Module S. | nil => l1:: nil | l2 :: c' => match l1 ?= l2 with - | Lt => if l1 lxor l2 == 1 then C._true else l1 :: c + | Lt => if l1 lxor l2 =? 1 then C._true else l1 :: c | Eq => c - | Gt => if l1 lxor l2 == 1 then C._true else l2 :: insert l1 c' + | Gt => if l1 lxor l2 =? 1 then C._true else l2 :: insert l1 c' end end. @@ -558,10 +558,10 @@ Module S. intros rho Hwf l1;induction c;simpl;trivial. generalize (compare_spec' l1 a);destruct (l1 ?= a);intros;subst;simpl. destruct (Lit.interp rho a);simpl in *;auto. - generalize (Lit.lxor_neg l1 a);destruct (l1 lxor a == 1);intros;trivial. + generalize (Lit.lxor_neg l1 a);destruct (l1 lxor a =? 1);intros;trivial. rewrite C.interp_true;trivial. rewrite H0, Lit.interp_neg;trivial;destruct (Lit.interp rho a);trivial. - generalize (Lit.lxor_neg l1 a);destruct (l1 lxor a == 1);intros. + generalize (Lit.lxor_neg l1 a);destruct (l1 lxor a =? 1);intros. rewrite C.interp_true;trivial. rewrite H0, Lit.interp_neg;trivial;destruct (Lit.interp rho a);trivial. simpl;rewrite orb_assoc,(orb_comm (Lit.interp rho l1)),<-orb_assoc,IHc;trivial. @@ -623,7 +623,7 @@ Module S. Proof. unfold valid, get, set_clause. intros rho s Hrho Hs pos c Hc id. destruct (reflect_eqb pos id);subst. - case_eq (id < length s); intro H. + case_eq (id <? length s); intro H. unfold get;rewrite PArray.get_set_same; trivial. unfold C.valid;rewrite sort_correct;trivial. generalize (Hs id);rewrite !PArray.get_outofbound, PArray.default_set;trivial. @@ -641,7 +641,7 @@ Module S. Proof. unfold valid, get, set_clause_keep. intros rho s Hrho Hs pos c Hc id. destruct (reflect_eqb pos id);subst. - case_eq (id < length s); intro H. + case_eq (id <? length s); intro H. unfold get;rewrite PArray.get_set_same; trivial. unfold C.valid;rewrite sort_keep_correct;trivial. generalize (Hs id);rewrite !PArray.get_outofbound, PArray.default_set;trivial. @@ -655,7 +655,7 @@ Module S. Definition set_resolve (s:t) pos (r:resolution) : t := let len := PArray.length r in - if len == 0 then s + if len =? 0 then s else let c := foldi (fun i c' => (C.resolve (get s (r.[i])) c')) 1 len (get s (r.[0])) in (* S.set_clause *) internal_set s pos c. @@ -683,8 +683,8 @@ Module S. Definition subclause (cl1 cl2 : list _lit) := List.forallb (fun l1 => - (l1 == Lit._false) || (l1 == Lit.neg Lit._true) || - List.existsb (fun l2 => l1 == l2) cl2) cl1. + (l1 =? Lit._false) || (l1 =? Lit.neg Lit._true) || + List.existsb (fun l2 => l1 =? l2) cl2) cl1. Definition check_weaken (s:t) (cid:clause_id) (cl:list _lit) : C.t := if subclause (get s cid) cl then cl else C._true. diff --git a/src/Trace.v b/src/Trace.v index 1849c44..ad4c41e 100644 --- a/src/Trace.v +++ b/src/Trace.v @@ -61,7 +61,7 @@ Section trace. end) s a) (inl s) t in s'. Definition _checker_partial_ (s: S.t) (t: _trace_) (max:int) : S.t := - PArray.fold_left (fun s a => PArray.foldi_left (fun i s' a' => if i < max then check_step s' a' else s') s a) s t. + PArray.fold_left (fun s a => PArray.foldi_left (fun i s' a' => if i <? max then check_step s' a' else s') s a) s t. *) (* Proof of its partial correction: if it returns true, then the @@ -137,7 +137,7 @@ Qed. Lemma valid_spec : forall rho d, valid rho d <-> - (forall i : int, i < length d -> C.interp rho (to_list (d.[i]))). + (forall i : int, i <? length d -> C.interp rho (to_list (d.[i]))). Proof. unfold valid; intros rho d; split; intro H. intros i Hi; case_eq (C.interp rho (to_list (d .[ i]))); try reflexivity. @@ -210,7 +210,7 @@ Module Cnf_Checker. Local Open Scope list_scope. - Local Notation check_flatten t_form := (check_flatten t_form (fun i1 i2 => i1 == i2) (fun _ _ => false)) (only parsing). + Local Notation check_flatten t_form := (check_flatten t_form (fun i1 i2 => i1 =? i2) (fun _ _ => false)) (only parsing). Definition step_checker t_form s (st:step) := match st with @@ -290,7 +290,7 @@ Module Cnf_Checker. Definition checker_eq t_form l1 l2 l (c:certif) := negb (Lit.is_pos l) && match t_form.[Lit.blit l] with - | Form.Fiff l1' l2' => (l1 == l1') && (l2 == l2') + | Form.Fiff l1' l2' => (l1 =? l1') && (l2 =? l2') | _ => false end && checker t_form l c. @@ -504,7 +504,7 @@ Inductive step := Definition add_roots s d used_roots := match used_roots with | Some ur => foldi (fun i s => - let c := if (ur.[i]) < length d then (d.[ur.[i]])::nil else C._true in + let c := if (ur.[i]) <? length d then (d.[ur.[i]])::nil else C._true in S.set_clause s i c) 0 (length ur) s | None => foldi (fun i s => S.set_clause s i (d.[i]::nil)) 0 (length d) s end. @@ -521,7 +521,7 @@ Inductive step := S.valid rho (add_roots s d used_roots). Proof. intros (* t_i t_func t_atom t_form *) rho H1 H2 H10 s d used_roots H3; unfold valid; intro H4; pose (H5 := (afold_left_andb_true_inv _ H4)); unfold add_roots; assert (Valuation.wf rho) by (destruct (Form.check_form_correct (Atom.interp_form_hatom t_i t_func t_atom) (Atom.interp_form_hatom_bv t_i t_func t_atom) _ H1) as [_ H]; auto with smtcoq_core); case used_roots. - intro ur; apply (foldi_ind _ (fun _ a => S.valid rho a)); [ apply leb_0 | | ]; auto with smtcoq_core; intros i a _ H6 Ha; apply S.valid_set_clause; auto with smtcoq_core; case_eq (ur .[ i] < length d). + intro ur; apply (foldi_ind _ (fun _ a => S.valid rho a)); [ apply leb_0 | | ]; auto with smtcoq_core; intros i a _ H6 Ha; apply S.valid_set_clause; auto with smtcoq_core; case_eq (ur .[ i] <? length d). intro; unfold C.valid; simpl; specialize (H5 (ur.[i])); rewrite length_amap, get_amap in H5 by assumption; unfold rho; rewrite H5; auto with smtcoq_core. intros; apply C.interp_true; auto with smtcoq_core. apply (foldi_ind _ (fun _ a => S.valid rho a)); [ apply leb_0 | | ]; auto with smtcoq_core; intros i a _ H6 Ha; apply S.valid_set_clause; auto with smtcoq_core; unfold C.valid; simpl; specialize (H5 i); rewrite length_amap, get_amap in H5 by assumption; unfold rho; rewrite H5; auto with smtcoq_core. @@ -733,7 +733,7 @@ Inductive step := Definition checker_eq (* t_i t_func t_atom t_form *) l1 l2 l (c:certif) := negb (Lit.is_pos l) && match t_form.[Lit.blit l] with - | Form.Fiff l1' l2' => (l1 == l1') && (l2 == l2') + | Form.Fiff l1' l2' => (l1 =? l1') && (l2 =? l2') | _ => false end && let (nclauses,_,_) := c in diff --git a/src/array/Array_checker.v b/src/array/Array_checker.v index 3e403b3..78f7101 100644 --- a/src/array/Array_checker.v +++ b/src/array/Array_checker.v @@ -40,7 +40,7 @@ Section certif. | Atop (TO_store ti2 te2) fa j v2 => if Typ.eqb ti1 ti2 && Typ.eqb te te1 && Typ.eqb te te2 && - (i == j) && (v == v2) + (i =? j) && (v =? v2) then lres::nil else C._true | _ => C._true @@ -57,7 +57,7 @@ Section certif. Definition store_of_me a b := match get_atom b with | Atop (TO_store ti te) a' i _ => - if (a' == a) then Some (ti, te, i) else None + if (a' =? a) then Some (ti, te, i) else None | _ => None end. @@ -77,8 +77,8 @@ Section certif. match store_of_me sa sa2, store_of_me sa2 sa with | Some (ti3, te3, i1), None | None, Some (ti3, te3, i1) => if Typ.eqb ti ti3 && Typ.eqb te te3 && - (((i1 == i) && (j1 == j) && (j2 == j)) || - ((i1 == j) && (j1 == i) && (j2 == i))) then + (((i1 =? i) && (j1 =? j) && (j2 =? j)) || + ((i1 =? j) && (j1 =? i) && (j2 =? i))) then cl else C._true | _, _ => C._true @@ -101,11 +101,11 @@ Section certif. | Abop (BO_select ti1 te1) a' d1, Abop (BO_select ti2 te2) b' d2 => Typ.eqb ti ti1 && Typ.eqb ti ti2 && Typ.eqb te te1 && Typ.eqb te te2 && - (a == a') && (b == b') && (d1 == d2) && + (a =? a') && (b =? b') && (d1 =? d2) && match get_atom d1 with | Abop (BO_diffarray ti3 te3) a3 b3 => Typ.eqb ti ti3 && Typ.eqb te te3 && - (a3 == a) && (b3 == b) + (a3 =? a) && (b3 =? b) | _ => false end | _, _ => false @@ -116,7 +116,7 @@ Section certif. if Lit.is_pos lres then match get_form (Lit.blit lres) with | For args => - if PArray.length args == 2 then + if PArray.length args =? 2 then let l1 := args.[0] in let l2 := args.[1] in if Lit.is_pos l1 && negb (Lit.is_pos l2) then @@ -213,7 +213,7 @@ Section certif. intros [ ] c1 c2 c3 Heq5. (* roweq *) - case_eq (Typ.eqb t0 t2 && Typ.eqb t t1 && - Typ.eqb t t3 && (b2 == c2) && (a2 == c3)); simpl; intros Heq6; try (now apply C.interp_true). + Typ.eqb t t3 && (b2 =? c2) && (a2 =? c3)); simpl; intros Heq6; try (now apply C.interp_true). unfold C.valid. simpl. rewrite orb_false_r. unfold Lit.interp. rewrite Heq. @@ -235,7 +235,7 @@ Section certif. generalize wt_t_atom. unfold Atom.wt. unfold is_true. rewrite aforallbi_spec;intros. - pose proof (H a). assert (a < PArray.length t_atom). + pose proof (H a). assert (a <? PArray.length t_atom). apply PArray.get_not_default_lt. rewrite def_t_atom. rewrite Heq3. easy. specialize (H0 H1). simpl in H0. rewrite Heq3 in H0. simpl in H0. @@ -269,7 +269,7 @@ Section certif. specialize (Atom.Bval_inj2 t_i (Typ.Tbool) (Typ.i_eqb t_i t v_vala1 v_vala2) (v_vala)). intros. specialize (H5 Htia). - pose proof (H a1). assert (a1 < PArray.length t_atom). + pose proof (H a1). assert (a1 <? PArray.length t_atom). apply PArray.get_not_default_lt. rewrite def_t_atom. rewrite Heq4. easy. specialize (H6 H7). simpl in H6. rewrite Heq4 in H6. simpl in H6. @@ -279,7 +279,7 @@ Section certif. apply Typ.eqb_spec in H6b. apply Typ.eqb_spec in H6c. - pose proof (H b1). assert (b1 < PArray.length t_atom). + pose proof (H b1). assert (b1 <? PArray.length t_atom). apply PArray.get_not_default_lt. rewrite def_t_atom. rewrite Heq5. easy. specialize (H6 H8). simpl in H6. rewrite Heq5 in H6. simpl in H6. @@ -442,13 +442,13 @@ Section certif. generalize wt_t_atom. unfold Atom.wt. unfold is_true. rewrite aforallbi_spec;intros. - assert (H15: b1 < PArray.length t_atom). + assert (H15: b1 <? PArray.length t_atom). apply PArray.get_not_default_lt. rewrite def_t_atom. rewrite Heq7. discriminate. - assert (H20: b2 < PArray.length t_atom). + assert (H20: b2 <? PArray.length t_atom). apply PArray.get_not_default_lt. rewrite def_t_atom. rewrite Heq8. discriminate. - assert (H9: b < PArray.length t_atom). + assert (H9: b <? PArray.length t_atom). apply PArray.get_not_default_lt. rewrite def_t_atom. rewrite Heq6. discriminate. - assert (H3: a < PArray.length t_atom). + assert (H3: a <? PArray.length t_atom). apply PArray.get_not_default_lt. rewrite def_t_atom. rewrite Heq5. discriminate. @@ -594,13 +594,13 @@ Section certif. intro HT1. clear HT1. case_eq (t_atom .[ d1]); try discriminate. intros [ t5 t6 ] e1 e2 e3 Heq10 [[ti3 te3] i1]. - case_eq (e1 == c1); try discriminate. intros Heq11c. + case_eq (e1 =? c1); try discriminate. intros Heq11c. intro HT. injection HT. intros. subst i1 te3 ti3. clear HT. case_eq ( Typ.eqb t t5 && Typ.eqb v_typeb1' t6 && - ((e2 == a1) && (c2 == a2) && (d2 == a2) || (e2 == a2) && (c2 == a1) && (d2 == a1))); + ((e2 =? a1) && (c2 =? a2) && (d2 =? a2) || (e2 =? a2) && (c2 =? a1) && (d2 =? a1))); simpl; intros Heq11; try (now apply C.interp_true). unfold C.valid. simpl. rewrite orb_false_r. @@ -639,7 +639,7 @@ Section certif. unfold Bval in isif. - assert (H25: d1 < PArray.length t_atom). + assert (H25: d1 <? PArray.length t_atom). apply PArray.get_not_default_lt. rewrite def_t_atom. rewrite Heq10. discriminate. apply H2 in H25. rewrite Heq10 in H25. @@ -750,13 +750,13 @@ Section certif. - unfold store_of_me. case_eq (t_atom .[ c1]); try discriminate. intros [ t5 t6 ] e1 e2 e3 Heq10 [[ti3 te3] i1]. - case_eq (e1 == d1); try discriminate. intros Heq11d. + case_eq (e1 =? d1); try discriminate. intros Heq11d. intro HT. injection HT. intros E2 T6 T5 [ ]. subst i1 te3 ti3. clear HT. case_eq ( Typ.eqb t t5 && Typ.eqb v_typeb1' t6 && - ((e2 == a1) && (c2 == a2) && (d2 == a2) || (e2 == a2) && (c2 == a1) && (d2 == a1))); + ((e2 =? a1) && (c2 =? a2) && (d2 =? a2) || (e2 =? a2) && (c2 =? a1) && (d2 =? a1))); simpl; intros Heq11; try (now apply C.interp_true). unfold C.valid. simpl. rewrite orb_false_r. @@ -796,7 +796,7 @@ Section certif. rewrite !Typ.cast_refl in isif. - assert (H25: c1 < PArray.length t_atom). + assert (H25: c1 <? PArray.length t_atom). apply PArray.get_not_default_lt. rewrite def_t_atom. rewrite Heq10. discriminate. apply H2 in H25. rewrite Heq10 in H25. @@ -908,7 +908,7 @@ Section certif. case_eq (Lit.is_pos lres); intro Heq; simpl; try now apply C.interp_true. case_eq (t_form .[ Lit.blit lres]); try (intros; now apply C.interp_true). intros a Heq2. - case_eq (length a == 2); [ intros Heq3 | intros Heq3; now apply C.interp_true]. + case_eq (length a =? 2); [ intros Heq3 | intros Heq3; now apply C.interp_true]. case_eq (Lit.is_pos (a .[ 0]) && negb (Lit.is_pos (a .[ 1]))); [ intros Heq4 | intros Heq4; now apply C.interp_true]. case_eq (t_form .[ Lit.blit (a .[0])]); try (intros; now apply C.interp_true). @@ -935,8 +935,8 @@ Section certif. case_eq (Typ.eqb t0 t7 && Typ.eqb t1 t8); [ intros Heq14'| intro; rewrite !andb_false_r; simpl; now apply C.interp_true]. simpl. - case_eq ((b1 == d1) && (b2 == e1) && (d2 == e2) && ((f1 == b1) && (f2 == b2)) - || (b2 == d1) && (b1 == e1) && (d2 == e2) && ((f1 == b2) && (f2 == b1))); + case_eq ((b1 =? d1) && (b2 =? e1) && (d2 =? e2) && ((f1 =? b1) && (f2 =? b2)) + || (b2 =? d1) && (b1 =? e1) && (d2 =? e2) && ((f1 =? b2) && (f2 =? b1))); [ intros Heq1314 | intro; now apply C.interp_true]. unfold C.valid. simpl. rewrite orb_false_r. @@ -999,7 +999,7 @@ Section certif. rewrite aforallbi_spec;intros. (* b *) - pose proof (H1 b). assert (b < PArray.length t_atom). + pose proof (H1 b). assert (b <? PArray.length t_atom). apply PArray.get_not_default_lt. rewrite def_t_atom. rewrite Heq7. easy. specialize (H2 H3). simpl in H2. rewrite Heq7 in H2. simpl in H2. @@ -1035,7 +1035,7 @@ Section certif. intros. specialize (H7 Htib). (* c *) - pose proof (H1 c). assert (c < PArray.length t_atom). + pose proof (H1 c). assert (c <? PArray.length t_atom). apply PArray.get_not_default_lt. rewrite def_t_atom. rewrite Heq9. easy. specialize (H8 H9). simpl in H8. rewrite Heq9 in H8. simpl in H8. @@ -1070,7 +1070,7 @@ Section certif. intros. specialize (H13 Htic). (* c1 *) - pose proof (H1 c1). assert (c1 < PArray.length t_atom). + pose proof (H1 c1). assert (c1 <? PArray.length t_atom). apply PArray.get_not_default_lt. rewrite def_t_atom. rewrite Heq11. easy. specialize (H14 H15). simpl in H14. rewrite Heq11 in H14. simpl in H14. @@ -1106,7 +1106,7 @@ Section certif. intros. specialize (H18 Htic1'). (* c2 *) - pose proof (H1 c2). assert (c2 < PArray.length t_atom). + pose proof (H1 c2). assert (c2 <? PArray.length t_atom). apply PArray.get_not_default_lt. rewrite def_t_atom. rewrite Heq12. easy. specialize (H19 H20). simpl in H19. rewrite Heq12 in H19. simpl in H19. @@ -1143,7 +1143,7 @@ Section certif. intros. specialize (H23 Htic2'). (* d2 *) - pose proof (H1 d2). assert (d2 < PArray.length t_atom). + pose proof (H1 d2). assert (d2 <? PArray.length t_atom). apply PArray.get_not_default_lt. rewrite def_t_atom. rewrite Heq14. easy. specialize (H24 H25). simpl in H24. rewrite Heq14 in H24. simpl in H24. diff --git a/src/bva/BVList.v b/src/bva/BVList.v index 261f660..dc8660c 100644 --- a/src/bva/BVList.v +++ b/src/bva/BVList.v @@ -668,7 +668,7 @@ Fixpoint mult_bool_step_k_h (a b: list bool) (c: bool) (k: Z) : list bool := Local Open Scope int63_scope. Fixpoint top_k_bools (a: list bool) (k: int) : list bool := - if (k == 0) then nil + if (k =? 0) then nil else match a with | nil => nil | ai :: a' => ai :: top_k_bools a' (k - 1) diff --git a/src/bva/Bva_checker.v b/src/bva/Bva_checker.v index 24917a8..5c14bab 100644 --- a/src/bva/Bva_checker.v +++ b/src/bva/Bva_checker.v @@ -96,7 +96,7 @@ Section Checker. | Auop (UO_BVbitOf N p) a' => (* TODO: Do not need to check [Nat.eqb l (N.to_nat N)] at every iteration *) - if (a == a') (* We bit blast the right bv *) + if (a =? a') (* We bit blast the right bv *) && (Nat.eqb i p) (* We consider bits after bits *) && (Nat.eqb n (N.to_nat N)) (* The bv has indeed type BV n *) then check_bb a bs (S i) n @@ -133,7 +133,7 @@ Section Checker. Fixpoint check_not (bs br : list _lit) := match bs, br with | nil, nil => true - | b::bs, r::br => (r == Lit.neg b) && check_not bs br + | b::bs, r::br => (r =? Lit.neg b) && check_not bs br | _, _ => false end. @@ -146,7 +146,7 @@ Section Checker. | FbbT a bs, FbbT r br => match get_atom r with | Auop (UO_BVnot N) a' => - if (a == a') && check_not bs br && + if (a =? a') && check_not bs br && (N.of_nat (length bs) =? N)%N then lres::nil else C._true @@ -174,25 +174,25 @@ Fixpoint check_symopp (bs1 bs2 bsres : list _lit) (bvop: binop) := match get_form (Lit.blit bres), bvop with | Fand args, BO_BVand n => - ((if PArray.length args == 2 then + ((if PArray.length args =? 2 then let a1 := args.[0] in let a2 := args.[1] in - ((a1 == b1) && (a2 == b2)) || ((a1 == b2) && (a2 == b1)) + ((a1 =? b1) && (a2 =? b2)) || ((a1 =? b2) && (a2 =? b1)) else false), BO_BVand (n-1)) | For args, BO_BVor n => - ((if PArray.length args == 2 then + ((if PArray.length args =? 2 then let a1 := args.[0] in let a2 := args.[1] in - ((a1 == b1) && (a2 == b2)) || ((a1 == b2) && (a2 == b1)) + ((a1 =? b1) && (a2 =? b2)) || ((a1 =? b2) && (a2 =? b1)) else false), BO_BVor (n-1)) | Fxor a1 a2, BO_BVxor n => - (((a1 == b1) && (a2 == b2)) || ((a1 == b2) && (a2 == b1)), + (((a1 =? b1) && (a2 =? b2)) || ((a1 =? b2) && (a2 =? b1)), BO_BVxor (n-1)) | Fiff a1 a2, (BO_eq (Typ.TBV n)) => - (((a1 == b1) && (a2 == b2)) || ((a1 == b2) && (a2 == b1)), + (((a1 =? b1) && (a2 =? b2)) || ((a1 =? b2) && (a2 =? b1)), BO_eq (Typ.TBV n)) | _, _ => (false, bvop) @@ -218,21 +218,21 @@ Fixpoint check_symopp (bs1 bs2 bsres : list _lit) (bvop: binop) := match get_atom a with | Abop (BO_BVand n) a1' a2' => - if (((a1 == a1') && (a2 == a2')) || ((a1 == a2') && (a2 == a1'))) + if (((a1 =? a1') && (a2 =? a2')) || ((a1 =? a2') && (a2 =? a1'))) && (@check_symopp bs1 bs2 bsres (BO_BVand n)) && (N.of_nat (length bs1) =? n)%N then lres::nil else C._true | Abop (BO_BVor n) a1' a2' => - if (((a1 == a1') && (a2 == a2')) || ((a1 == a2') && (a2 == a1'))) + if (((a1 =? a1') && (a2 =? a2')) || ((a1 =? a2') && (a2 =? a1'))) && (check_symopp bs1 bs2 bsres (BO_BVor n)) && (N.of_nat (length bs1) =? n)%N then lres::nil else C._true | Abop (BO_BVxor n) a1' a2' => - if (((a1 == a1') && (a2 == a2')) || ((a1 == a2') && (a2 == a1'))) + if (((a1 =? a1') && (a2 =? a2')) || ((a1 =? a2') && (a2 =? a1'))) && (check_symopp bs1 bs2 bsres (BO_BVxor n)) && (N.of_nat (length bs1) =? n)%N then lres::nil @@ -268,7 +268,7 @@ Fixpoint check_symopp (bs1 bs2 bsres : list _lit) (bvop: binop) := let ires := match get_form (Lit.blit bres) with | Fiff a1 a2 => - ((a1 == b1) && (a2 == b2)) || ((a1 == b2) && (a2 == b1)) + ((a1 =? b1) && (a2 =? b2)) || ((a1 =? b2) && (a2 =? b1)) | _ => false end in if ires then check_eq bs1 bs2 bsres @@ -284,7 +284,7 @@ Fixpoint check_symopp (bs1 bs2 bsres : list _lit) (bvop: binop) := let ires := match get_form (Lit.blit bres) with | Fiff a1 a2 => - ((a1 == b1) && (a2 == b2)) || ((a1 == b2) && (a2 == b1)) + ((a1 =? b1) && (a2 =? b2)) || ((a1 =? b2) && (a2 =? b1)) | _ => false end in if ires then check_eq bs1 bs2 bsres @@ -306,7 +306,7 @@ Fixpoint check_symopp (bs1 bs2 bsres : list _lit) (bvop: binop) := | Fatom a, _ (* | _, Fatom a *) => match get_atom a with | Abop (BO_eq (Typ.TBV n)) a1' a2' => - if (((a1 == a1') && (a2 == a2')) || ((a1 == a2') && (a2 == a1'))) + if (((a1 =? a1') && (a2 =? a2')) || ((a1 =? a2') && (a2 =? a1'))) && (check_eq bs1 bs2 [lbb]) && (N.of_nat (length bs1) =? n)%N then lres::nil @@ -340,12 +340,12 @@ Fixpoint check_symopp (bs1 bs2 bsres : list _lit) (bvop: binop) := Fixpoint eq_carry_lit (carry : carry) (c : _lit) := if Lit.is_pos c then match carry with - | Clit l => l == c + | Clit l => l =? c | Cand c1 c2 => match get_form (Lit.blit c) with | Fand args => - if PArray.length args == 2 then + if PArray.length args =? 2 then (eq_carry_lit c1 (args.[0]) && eq_carry_lit c2 (args.[1])) (* || (eq_carry_lit c1 (args.[1]) && eq_carry_lit c2 (args.[0])) *) else false @@ -363,7 +363,7 @@ Fixpoint check_symopp (bs1 bs2 bsres : list _lit) (bvop: binop) := | Cor c1 c2 => match get_form (Lit.blit c) with | For args => - if PArray.length args == 2 then + if PArray.length args =? 2 then (eq_carry_lit c1 (args.[0]) && eq_carry_lit c2 (args.[1])) (* || (eq_carry_lit c1 (args.[1]) && eq_carry_lit c2 (args.[0])) *) else false @@ -381,7 +381,7 @@ Fixpoint check_symopp (bs1 bs2 bsres : list _lit) (bvop: binop) := else (* c can be negative only when it is literal false *) match carry with - | Clit l => l == c + | Clit l => l =? c | _ => false end. @@ -400,7 +400,7 @@ Fixpoint check_symopp (bs1 bs2 bsres : list _lit) (bvop: binop) := (* This is the way LFSC computes carries *) let carry' := Cor (Cand (Clit b1) (Clit b2)) (Cand (Cxor (Clit b1) (Clit b2)) carry) in - (((a1 == b1) && (a2 == b2)) || ((a1 == b2) && (a2 == b1))) + (((a1 =? b1) && (a2 =? b2)) || ((a1 =? b2) && (a2 =? b1))) && eq_carry_lit carry c && check_add bs1 bs2 bsres carry' | _ => false @@ -422,7 +422,7 @@ Fixpoint check_symopp (bs1 bs2 bsres : list _lit) (bvop: binop) := match get_atom a with | Abop (BO_BVadd n) a1' a2' => - if (((a1 == a1') && (a2 == a2')) || ((a1 == a2') && (a2 == a1'))) + if (((a1 =? a1') && (a2 =? a2')) || ((a1 =? a2') && (a2 =? a1'))) && (check_add bs1 bs2 bsres (Clit Lit._false)) && (N.of_nat (length bs1) =? n)%N then lres::nil @@ -458,7 +458,7 @@ Fixpoint check_symopp (bs1 bs2 bsres : list _lit) (bvop: binop) := | FbbT a bs, FbbT r br => match get_atom r with | Auop (UO_BVneg n) a' => - if (a == a') && check_neg bs br && + if (a =? a') && check_neg bs br && (N.of_nat (length bs) =? n)%N then lres::nil else C._true @@ -545,7 +545,7 @@ Fixpoint check_symopp (bs1 bs2 bsres : list _lit) (bvop: binop) := match get_atom a with | Abop (BO_BVmult n) a1' a2' => - if (((a1 == a1') && (a2 == a2')) (* || ((a1 == a2') && (a2 == a1')) *) ) + if (((a1 =? a1') && (a2 =? a2')) (* || ((a1 =? a2') && (a2 =? a1')) *) ) && (check_mult bs1 bs2 bsres) && (N.of_nat (length bs1) =? n)%N then lres::nil @@ -590,7 +590,7 @@ Fixpoint check_symopp (bs1 bs2 bsres : list _lit) (bvop: binop) := | Fatom a, _ (* | _, Fatom a *) => match get_atom a with | Abop (BO_BVult n) a1' a2' => - if ((a1 == a1') && (a2 == a2')) + if ((a1 =? a1') && (a2 =? a2')) && (check_ult bs1 bs2 lbb) && (N.of_nat (length bs1) =? n)%N && (N.of_nat (length bs2) =? n)%N @@ -636,7 +636,7 @@ Fixpoint check_symopp (bs1 bs2 bsres : list _lit) (bvop: binop) := | Fatom a, _ (* | _, Fatom a *) => match get_atom a with | Abop (BO_BVslt n) a1' a2' => - if ((a1 == a1') && (a2 == a2')) + if ((a1 =? a1') && (a2 =? a2')) && (check_slt bs1 bs2 lbb) && (N.of_nat (length bs1) =? n)%N && (N.of_nat (length bs2) =? n)%N @@ -691,7 +691,7 @@ Fixpoint check_symopp (bs1 bs2 bsres : list _lit) (bvop: binop) := match get_atom a with | Abop (BO_BVconcat n m) a1' a2' => - if (((a1 == a1') && (a2 == a2')) (* || ((a1 == a2') && (a2 == a1')) *) ) + if (((a1 =? a1') && (a2 =? a2')) (* || ((a1 =? a2') && (a2 =? a1')) *) ) && (check_concat bs1 bs2 bsres) && (N.of_nat (length bs1) =? n)%N && (N.of_nat (length bs2) =? m)%N @@ -771,7 +771,7 @@ Fixpoint check_symopp (bs1 bs2 bsres : list _lit) (bvop: binop) := else false. Definition check_extract3 (bs bsres: list _lit) (i j: N) : bool := - forallb2 (fun l1 l2 => l1 == l2) (extract_lit bs (nat_of_N i) (nat_of_N j)) bsres. + forallb2 (fun l1 l2 => l1 =? l2) (extract_lit bs (nat_of_N i) (nat_of_N j)) bsres. (** Checker for bitvector extraction *) @@ -783,7 +783,7 @@ Fixpoint check_symopp (bs1 bs2 bsres : list _lit) (bvop: binop) := | O => match j, bsres with | O, nil => true - | S j', b :: bsres' => (bx == b) && check_extract2 x' bsres' i j' + | S j', b :: bsres' => (bx =? b) && check_extract2 x' bsres' i j' | _, _ => false end | S i' => @@ -804,7 +804,7 @@ Fixpoint check_symopp (bs1 bs2 bsres : list _lit) (bvop: binop) := match get_atom a with | Auop (UO_BVextr i n0 n1) a1' => - if ((a1 == a1') (* || ((a1 == a2') && (a2 == a1')) *) ) + if ((a1 =? a1') (* || ((a1 =? a2') && (a2 =? a1')) *) ) && (check_extract bs bsres i (n0 + i)) && (N.of_nat (length bs) =? n1)%N && (N.leb (n0 + i) n1) @@ -847,7 +847,7 @@ Fixpoint check_symopp (bs1 bs2 bsres : list _lit) (bvop: binop) := match get_atom a with | Auop (UO_BVzextn n i) a1' => - if ((a1 == a1') (* || ((a1 == a2') && (a2 == a1')) *) ) + if ((a1 =? a1') (* || ((a1 =? a2') && (a2 =? a1')) *) ) && (check_zextend bs bsres i) && (N.of_nat (length bs) =? n)%N then lres::nil @@ -889,7 +889,7 @@ Fixpoint check_symopp (bs1 bs2 bsres : list _lit) (bvop: binop) := match get_atom a with | Auop (UO_BVsextn n i) a1' => - if ((a1 == a1') (* || ((a1 == a2') && (a2 == a1')) *) ) + if ((a1 =? a1') (* || ((a1 =? a2') && (a2 =? a1')) *) ) && (check_sextend bs bsres i) && (N.of_nat (length bs) =? n)%N then lres::nil @@ -938,7 +938,7 @@ Definition shl_lit_be (a: list _lit) (b: list bool): list _lit := | Abop (BO_BVshl n) a1' a2' => match (get_atom a2) with | (Acop (CO_BV bv2 n2)) => - if (((a1 == a1') && (a2 == a2')) (* || ((a1 == a2') && (a2 == a1')) *) ) + if (((a1 =? a1') && (a2 =? a2')) (* || ((a1 =? a2') && (a2 =? a1')) *) ) && check_shl bs1 bv2 bsres && (N.of_nat (length bs1) =? n)%N && (N.of_nat (length bv2) =? n)%N @@ -989,7 +989,7 @@ Definition shr_lit_be (a: list _lit) (b: list bool): list _lit := | Abop (BO_BVshr n) a1' a2' => match (get_atom a2) with | (Acop (CO_BV bv2 n2)) => - if (((a1 == a1') && (a2 == a2')) (* || ((a1 == a2') && (a2 == a1')) *) ) + if (((a1 =? a1') && (a2 =? a2')) (* || ((a1 =? a2') && (a2 =? a1')) *) ) && check_shr bs1 bv2 bsres && (N.of_nat (length bs1) =? n)%N && (N.of_nat (length bv2) =? n)%N @@ -1211,7 +1211,7 @@ Proof. (* a *) pose proof (H a). - assert (H1: a < PArray.length t_atom). + assert (H1: a <? PArray.length t_atom). { apply PArray.get_not_default_lt. rewrite def_t_atom. rewrite Heq4, Heq5. easy. } specialize (@H0 H1). rewrite Heq4 in H0. simpl in H0. unfold get_type' in H0. unfold v_type in H0. @@ -1229,7 +1229,7 @@ Proof. (* b *) pose proof (H b). - assert (H4: b < PArray.length t_atom). + assert (H4: b <? PArray.length t_atom). { apply PArray.get_not_default_lt. rewrite def_t_atom. rewrite Heq6, Heq7. easy. } specialize (@H2 H4). rewrite Heq6 in H2. simpl in H2. unfold get_type' in H2. unfold v_type in H2. @@ -1247,7 +1247,7 @@ Proof. (* f *) pose proof (H f). - assert (H7: f < PArray.length t_atom). + assert (H7: f <? PArray.length t_atom). { apply PArray.get_not_default_lt. rewrite def_t_atom. rewrite Heq3. easy. } specialize (@H5 H7). rewrite Heq3 in H5. simpl in H5. unfold get_type' in H5. unfold v_type in H5. @@ -1316,7 +1316,7 @@ Proof. intros a bs. case_eq u; try (intro Heq'; rewrite Heq' in H0; now contradict H0). intros. rewrite H2 in H0. - case_eq ((a == i2) && Nat.eqb i n1 && Nat.eqb n (N.to_nat n0)). intros Hif. + case_eq ((a =? i2) && Nat.eqb i n1 && Nat.eqb n (N.to_nat n0)). intros Hif. rewrite Hif in H0. do 2 rewrite andb_true_iff in Hif. destruct Hif as ((Hif0 & Hif1) & Hif2). specialize (@IHys a (S i) n). @@ -1352,7 +1352,7 @@ Proof. intros a bs. generalize wt_t_atom. unfold Atom.wt. unfold is_true. rewrite aforallbi_spec;intros. - assert (i1 < PArray.length t_atom). + assert (i1 <? PArray.length t_atom). { apply PArray.get_not_default_lt. rewrite Heq2. now rewrite def_t_atom. @@ -1785,7 +1785,7 @@ Proof. intros u a'. case_eq u; try (intros; now apply C.interp_true). intros n Huot Hr. - case_eq ((a == a') + case_eq ((a =? a') && check_not bs br && (N.of_nat (Datatypes.length bs) =? n)%N); try (intros; now apply C.interp_true). @@ -1812,7 +1812,7 @@ Proof. rewrite aforallbi_spec;intros. pose proof (H r). - assert (r < PArray.length t_atom). + assert (r <? PArray.length t_atom). { apply PArray.get_not_default_lt. rewrite def_t_atom. rewrite Hr. easy. } @@ -1914,7 +1914,7 @@ Qed. Lemma eq_head: forall {A: Type} a b (l: list A), (a :: l) = (b :: l) <-> a = b. Proof. intros A a b l; split; [intros H; inversion H|intros ->]; auto. Qed. -Lemma eqb_spec : forall x y, (x == y) = true <-> x = y. +Lemma eqb_spec : forall x y, (x =? y) = true <-> x = y. Proof. split;auto using eqb_correct, eqb_complete. Qed. @@ -1937,9 +1937,9 @@ Proof. intros. simpl in H. case (Lit.is_pos ibsres) in H. case (t_form .[ Lit.blit ibsres]) in H; try (contradict H; easy). - case (PArray.length a == 2) in H. - case ((a .[ 0] == ibs1) && (a .[ 1] == ibs2) - || (a .[ 0] == ibs2) && (a .[ 1] == ibs1)) in H. + case (PArray.length a =? 2) in H. + case ((a .[ 0] =? ibs1) && (a .[ 1] =? ibs2) + || (a .[ 0] =? ibs2) && (a .[ 1] =? ibs1)) in H. exact H. now contradict H. now contradict H. @@ -1947,9 +1947,9 @@ Proof. intros. unfold check_symopp in H. case (Lit.is_pos ibsres) in H. case (t_form .[ Lit.blit ibsres]) in H; try (contradict H; easy). - case (PArray.length a == 2) in H. - case ((a .[ 0] == ibs1) && (a .[ 1] == ibs2) - || (a .[ 0] == ibs2) && (a .[ 1] == ibs1)) in H. + case (PArray.length a =? 2) in H. + case ((a .[ 0] =? ibs1) && (a .[ 1] =? ibs2) + || (a .[ 0] =? ibs2) && (a .[ 1] =? ibs1)) in H. apply H. now contradict H. now contradict H. @@ -1964,9 +1964,9 @@ Proof. intros. simpl in H. case (Lit.is_pos ibsres) in H. case (t_form .[ Lit.blit ibsres]) in H; try (contradict H; easy). - case (PArray.length a == 2) in H. - case ((a .[ 0] == ibs1) && (a .[ 1] == ibs2) - || (a .[ 0] == ibs2) && (a .[ 1] == ibs1)) in H. + case (PArray.length a =? 2) in H. + case ((a .[ 0] =? ibs1) && (a .[ 1] =? ibs2) + || (a .[ 0] =? ibs2) && (a .[ 1] =? ibs1)) in H. exact H. now contradict H. now contradict H. @@ -1974,9 +1974,9 @@ Proof. intros. unfold check_symopp in H. case (Lit.is_pos ibsres) in H. case (t_form .[ Lit.blit ibsres]) in H; try (contradict H; easy). - case (PArray.length a == 2) in H. - case ((a .[ 0] == ibs1) && (a .[ 1] == ibs2) - || (a .[ 0] == ibs2) && (a .[ 1] == ibs1)) in H. + case (PArray.length a =? 2) in H. + case ((a .[ 0] =? ibs1) && (a .[ 1] =? ibs2) + || (a .[ 0] =? ibs2) && (a .[ 1] =? ibs1)) in H. apply H. now contradict H. now contradict H. @@ -1991,14 +1991,14 @@ Proof. intros. simpl in H. case (Lit.is_pos ibsres) in H. case (t_form .[ Lit.blit ibsres]) in H; try (contradict H; easy). - case ((i == ibs1) && (i0 == ibs2) || (i == ibs2) && (i0 == ibs1)) in H. + case ((i =? ibs1) && (i0 =? ibs2) || (i =? ibs2) && (i0 =? ibs1)) in H. exact H. now contradict H. now contradict H. unfold check_symopp in H. case (Lit.is_pos ibsres) in H. case (t_form .[ Lit.blit ibsres]) in H; try (contradict H; easy). - case ((i == ibs1) && (i0 == ibs2) || (i == ibs2) && (i0 == ibs1)) in H. + case ((i =? ibs1) && (i0 =? ibs2) || (i =? ibs2) && (i0 =? ibs1)) in H. apply H. now contradict H. now contradict H. @@ -2041,20 +2041,20 @@ Proof. intro bs1. intros. rewrite H2 in H1. simpl. rewrite afold_left_and. - case_eq (PArray.length a == 2). intros. rewrite H3 in H1. + case_eq (PArray.length a =? 2). intros. rewrite H3 in H1. rewrite eqb_spec in H3. apply to_list_two in H3. (* apply length_to_list in H4. *) unfold forallb. rewrite H3. - case_eq ((a .[ 0] == ibs1) && (a .[ 1] == ibs2)). intros H5. + case_eq ((a .[ 0] =? ibs1) && (a .[ 1] =? ibs2)). intros H5. rewrite andb_true_iff in H5. destruct H5 as (H5 & H6). rewrite eqb_spec in H5, H6. rewrite H5, H6. unfold Lit.interp. rewrite Heq1, Heq2. unfold Var.interp. now rewrite andb_true_r. intros. rewrite H4 in H1. simpl in *. - case_eq ((a .[ 0] == ibs2) && (a .[ 1] == ibs1)). + case_eq ((a .[ 0] =? ibs2) && (a .[ 1] =? ibs1)). intros H5. rewrite andb_true_iff in H5. destruct H5 as (H5 & H6). rewrite eqb_spec in H5, H6. @@ -2100,19 +2100,19 @@ Proof. intro bs1. intros. rewrite H2 in H1. simpl. rewrite afold_left_and. - case_eq (PArray.length a == 2). intros. rewrite H3 in H1. + case_eq (PArray.length a =? 2). intros. rewrite H3 in H1. rewrite eqb_spec in H3. apply to_list_two in H3. unfold forallb. rewrite H3. - case_eq ((a .[ 0] == ibs1) && (a .[ 1] == ibs2)). intros H5. + case_eq ((a .[ 0] =? ibs1) && (a .[ 1] =? ibs2)). intros H5. rewrite andb_true_iff in H5. destruct H5 as (H5 & H6). rewrite eqb_spec in H5, H6. rewrite H5, H6. unfold Lit.interp. rewrite Heq1, Heq2. unfold Var.interp. now rewrite andb_true_r. intros H4. rewrite H4 in H1. simpl in *. - case_eq ((a .[ 0] == ibs2) && (a .[ 1] == ibs1)). intros H5. + case_eq ((a .[ 0] =? ibs2) && (a .[ 1] =? ibs1)). intros H5. rewrite andb_true_iff in H5. destruct H5 as (H6 & H7). rewrite eqb_spec in H6, H7. rewrite H6, H7. rewrite andb_true_r. @@ -2164,19 +2164,19 @@ Proof. intro bs1. intros. rewrite H2 in H1. simpl. rewrite afold_left_and. - case_eq (PArray.length a == 2). intros. rewrite H3 in H1. + case_eq (PArray.length a =? 2). intros. rewrite H3 in H1. rewrite eqb_spec in H3. apply to_list_two in H3. unfold forallb. rewrite H3. - case_eq ((a .[ 0] == ibs1) && (a .[ 1] == ibs2)). intros H5. + case_eq ((a .[ 0] =? ibs1) && (a .[ 1] =? ibs2)). intros H5. rewrite andb_true_iff in H5. destruct H5 as (H5 & H6). rewrite eqb_spec in H5, H6. rewrite H5, H6. unfold Lit.interp. rewrite Heq1, Heq2. unfold Var.interp. now rewrite andb_true_r. intros. rewrite H4 in H1. simpl in *. - case_eq ((a .[ 0] == ibs2) && (a .[ 1] == ibs1)). intros H5. + case_eq ((a .[ 0] =? ibs2) && (a .[ 1] =? ibs1)). intros H5. rewrite andb_true_iff in H5. destruct H5 as (H6 & H7). rewrite eqb_spec in H6, H7. rewrite H6, H7. rewrite andb_true_r. @@ -2226,20 +2226,20 @@ Proof. intro bs1. intros. rewrite H3 in H1. simpl. rewrite afold_left_and. - case_eq (PArray.length a == 2). intros H5. + case_eq (PArray.length a =? 2). intros H5. rewrite H5 in H1. rewrite eqb_spec in H5. apply to_list_two in H5. unfold forallb. rewrite H5. - case_eq ((a .[ 0] == ibs1) && (a .[ 1] == ibs2)). intros H6. + case_eq ((a .[ 0] =? ibs1) && (a .[ 1] =? ibs2)). intros H6. rewrite andb_true_iff in H6. destruct H6 as (H6 & H7). rewrite eqb_spec in H6, H7. rewrite H6, H7. unfold Lit.interp. rewrite Heq1, H2. unfold Var.interp. now rewrite andb_true_r. intros H6. rewrite H6 in H1. simpl in *. - case_eq ((a .[ 0] == ibs2) && (a .[ 1] == ibs1)). intros H7. + case_eq ((a .[ 0] =? ibs2) && (a .[ 1] =? ibs1)). intros H7. rewrite andb_true_iff in H7. destruct H7 as (H7 & H8). rewrite eqb_spec in H7, H8. rewrite H7, H8. rewrite andb_true_r. @@ -2310,12 +2310,12 @@ Proof. intro bs1. intros. rewrite H2 in H1. simpl. rewrite afold_left_or. - case_eq (PArray.length a == 2). intros. rewrite H3 in H1. + case_eq (PArray.length a =? 2). intros. rewrite H3 in H1. rewrite eqb_spec in H3. apply to_list_two in H3. unfold forallb. rewrite H3. - case_eq ((a .[ 0] == ibs1) && (a .[ 1] == ibs2)). intros H5. + case_eq ((a .[ 0] =? ibs1) && (a .[ 1] =? ibs2)). intros H5. rewrite andb_true_iff in H5. destruct H5 as (H5 & H6). rewrite eqb_spec in H5, H6. rewrite H5, H6. unfold C.interp. unfold existsb. rewrite orb_false_r. @@ -2325,7 +2325,7 @@ Proof. intro bs1. now unfold Var.interp. intros. rewrite H4 in H1. simpl in *. - case_eq ((a .[ 0] == ibs2) && (a .[ 1] == ibs1)). + case_eq ((a .[ 0] =? ibs2) && (a .[ 1] =? ibs1)). intros H5. rewrite andb_true_iff in H5. destruct H5 as (H5 & H6). rewrite eqb_spec in H5, H6. @@ -2369,21 +2369,21 @@ Proof. intro bs1. intros. rewrite H2 in H1. simpl. rewrite afold_left_or. - case_eq (PArray.length a == 2). intros. rewrite H3 in H1. + case_eq (PArray.length a =? 2). intros. rewrite H3 in H1. rewrite eqb_spec in H3. apply to_list_two in H3. unfold C.interp. unfold existsb. rewrite H3. - case_eq ((a .[ 0] == ibs1) && (a .[ 1] == ibs2)). intros H5. + case_eq ((a .[ 0] =? ibs1) && (a .[ 1] =? ibs2)). intros H5. rewrite andb_true_iff in H5. destruct H5 as (H5 & H6). rewrite eqb_spec in H5, H6. rewrite H5, H6. unfold Lit.interp. rewrite Heq1, Heq2. unfold Var.interp. now rewrite orb_false_r. intros H4. rewrite H4 in H1. simpl in *. - case_eq ((a .[ 0] == ibs2) && (a .[ 1] == ibs1)). intros H5. + case_eq ((a .[ 0] =? ibs2) && (a .[ 1] =? ibs1)). intros H5. rewrite andb_true_iff in H5. destruct H5 as (H6 & H7). rewrite eqb_spec in H6, H7. rewrite H6, H7. rewrite orb_false_r. @@ -2433,12 +2433,12 @@ Proof. intro bs1. intros. rewrite H2 in H1. simpl. rewrite afold_left_or. - case_eq (PArray.length a == 2). intros. rewrite H3 in H1. + case_eq (PArray.length a =? 2). intros. rewrite H3 in H1. rewrite eqb_spec in H3. apply to_list_two in H3. unfold forallb. rewrite H3. - case_eq ((a .[ 0] == ibs1) && (a .[ 1] == ibs2)). intros H5. + case_eq ((a .[ 0] =? ibs1) && (a .[ 1] =? ibs2)). intros H5. rewrite andb_true_iff in H5. destruct H5 as (H5 & H6). rewrite eqb_spec in H5, H6. rewrite H5, H6. unfold C.interp, existsb. @@ -2446,7 +2446,7 @@ Proof. intro bs1. rewrite Heq1, Heq2. unfold Var.interp. now rewrite orb_false_r. intros. rewrite H4 in H1. simpl in *. - case_eq ((a .[ 0] == ibs2) && (a .[ 1] == ibs1)). intros H5. + case_eq ((a .[ 0] =? ibs2) && (a .[ 1] =? ibs1)). intros H5. rewrite andb_true_iff in H5. destruct H5 as (H6 & H7). rewrite eqb_spec in H6, H7. rewrite H6, H7. rewrite orb_false_r. @@ -2494,20 +2494,20 @@ Proof. intro bs1. intros. rewrite H3 in H1. simpl. rewrite afold_left_or. - case_eq (PArray.length a == 2). intros H5. + case_eq (PArray.length a =? 2). intros H5. rewrite H5 in H1. rewrite eqb_spec in H5. apply to_list_two in H5. unfold forallb. rewrite H5. - case_eq ((a .[ 0] == ibs1) && (a .[ 1] == ibs2)). intros H6. + case_eq ((a .[ 0] =? ibs1) && (a .[ 1] =? ibs2)). intros H6. rewrite andb_true_iff in H6. destruct H6 as (H6 & H7). rewrite eqb_spec in H6, H7. rewrite H6, H7. unfold C.interp, Lit.interp, existsb. rewrite Heq1, H2. unfold Var.interp. now rewrite orb_false_r. intros H6. rewrite H6 in H1. simpl in *. - case_eq ((a .[ 0] == ibs2) && (a .[ 1] == ibs1)). intros H7. + case_eq ((a .[ 0] =? ibs2) && (a .[ 1] =? ibs1)). intros H7. rewrite andb_true_iff in H7. destruct H7 as (H7 & H8). rewrite eqb_spec in H7, H8. rewrite H7, H8. rewrite orb_false_r. @@ -2576,7 +2576,7 @@ Proof. intro bs1. try (intros a Heq; rewrite Heq in H1; now contradict H1). try (intros i Heq; rewrite Heq in H1; now contradict H1). intros. rewrite H2 in H1. simpl. - case_eq ((i == ibs1) && (i0 == ibs2)). intros H5. + case_eq ((i =? ibs1) && (i0 =? ibs2)). intros H5. rewrite andb_true_iff in H5. destruct H5 as (H5 & H6). rewrite eqb_spec in H5, H6. rewrite H5, H6. @@ -2585,7 +2585,7 @@ Proof. intro bs1. now unfold Var.interp. intros H4. rewrite H4 in H1. simpl in *. - case_eq ((i == ibs2) && (i0 == ibs1)). + case_eq ((i =? ibs2) && (i0 =? ibs1)). intros H5. rewrite andb_true_iff in H5. destruct H5 as (H5 & H6). rewrite eqb_spec in H5, H6. @@ -2629,14 +2629,14 @@ Proof. intro bs1. try (intros a Heq; rewrite Heq in H1; now contradict H1). intros. rewrite H2 in H1. simpl. - case_eq ((i == ibs1) && (i0 == ibs2)). intros H5. + case_eq ((i =? ibs1) && (i0 =? ibs2)). intros H5. rewrite andb_true_iff in H5. destruct H5 as (H5 & H6). rewrite eqb_spec in H5, H6. rewrite H5, H6. unfold Lit.interp. rewrite Heq1, Heq2. now unfold Var.interp. intros H4. rewrite Heq0, H4 in H1. simpl in *. - case_eq ((i == ibs2) && (i0 == ibs1)). intros H5. + case_eq ((i =? ibs2) && (i0 =? ibs1)). intros H5. rewrite andb_true_iff in H5. destruct H5 as (H6 & H7). rewrite eqb_spec in H6, H7. rewrite H6, H7. @@ -2686,14 +2686,14 @@ Proof. intro bs1. intros. rewrite H2 in H1. simpl. - case_eq ((i == ibs1) && (i0 == ibs2)). intros H5. + case_eq ((i =? ibs1) && (i0 =? ibs2)). intros H5. rewrite andb_true_iff in H5. destruct H5 as (H5 & H6). rewrite eqb_spec in H5, H6. rewrite H5, H6. unfold Lit.interp. rewrite Heq1, Heq2. now unfold Var.interp. intros H4. rewrite Heq0, H4 in H1. simpl in *. - case_eq ((i == ibs2) && (i0 == ibs1)). intros H5. + case_eq ((i =? ibs2) && (i0 =? ibs1)). intros H5. rewrite andb_true_iff in H5. destruct H5 as (H6 & H7). rewrite eqb_spec in H6, H7. rewrite H6, H7. @@ -2740,14 +2740,14 @@ Proof. intro bs1. try (intros a Heq; rewrite Heq in H1; now contradict H1). intros. rewrite H2 in H1. simpl. - case_eq ((i == ibs1) && (i0 == ibs2)). intros H5. + case_eq ((i =? ibs1) && (i0 =? ibs2)). intros H5. rewrite andb_true_iff in H5. destruct H5 as (H5 & H6). rewrite eqb_spec in H5, H6. rewrite H5, H6. unfold Lit.interp. rewrite Heq1, Heq2. now unfold Var.interp. intros H4. rewrite Heq0, H4 in H1. simpl in *. - case_eq ((i == ibs2) && (i0 == ibs1)). intros H5. + case_eq ((i =? ibs2) && (i0 =? ibs1)). intros H5. rewrite andb_true_iff in H5. destruct H5 as (H6 & H7). rewrite eqb_spec in H6, H7. rewrite H6, H7. @@ -2796,8 +2796,8 @@ Proof. simpl in H. case (Lit.is_pos r) in H. case (t_form .[ Lit.blit r]) in H; try easy. - case (PArray.length a == 2) in H; try easy. - case ((a .[ 0] == i) && (a .[ 1] == i0) || (a .[ 0] == i0) && (a .[ 1] == i)) in H; try easy. + case (PArray.length a =? 2) in H; try easy. + case ((a .[ 0] =? i) && (a .[ 1] =? i0) || (a .[ 0] =? i0) && (a .[ 1] =? i)) in H; try easy. specialize (IHrbsres bs1 bs2 (N - 1)%N H). simpl. simpl in n. @@ -2834,8 +2834,8 @@ Proof. simpl in H. case (Lit.is_pos r) in H. case (t_form .[ Lit.blit r]) in H; try easy. - case (PArray.length a == 2) in H; try easy. - case ((a .[ 0] == i) && (a .[ 1] == i0) || (a .[ 0] == i0) && (a .[ 1] == i)) in H; try easy. + case (PArray.length a =? 2) in H; try easy. + case ((a .[ 0] =? i) && (a .[ 1] =? i0) || (a .[ 0] =? i0) && (a .[ 1] =? i)) in H; try easy. specialize (IHrbsres bs1 bs2 (N - 1)%N H). simpl. simpl in n. @@ -2871,8 +2871,8 @@ Proof. intros bs1 bs2 bsres. now contradict H. case (Lit.is_pos xbsres) in *. case (t_form .[ Lit.blit xbsres] ) in *; try now contradict H. - case (PArray.length a == 2) in *. - case ((a .[ 0] == i) && (a .[ 1] == i0) || (a .[ 0] == i0) && (a .[ 1] == i)) in *. + case (PArray.length a =? 2) in *. + case ((a .[ 0] =? i) && (a .[ 1] =? i0) || (a .[ 0] =? i0) && (a .[ 1] =? i)) in *. specialize (IHbsres bs1 bs2 (n-1)%nat). simpl in H0. assert (length bs1 = (n-1)%nat). @@ -2924,8 +2924,8 @@ Proof. simpl in H. case (Lit.is_pos r) in H. case (t_form .[ Lit.blit r]) in H; try easy. - case (PArray.length a == 2) in H; try easy. - case ((a .[ 0] == i) && (a .[ 1] == i0) || (a .[ 0] == i0) && (a .[ 1] == i)) in H; try easy. + case (PArray.length a =? 2) in H; try easy. + case ((a .[ 0] =? i) && (a .[ 1] =? i0) || (a .[ 0] =? i0) && (a .[ 1] =? i)) in H; try easy. specialize (IHrbsres bs1 bs2 (N - 1)%N H). simpl. simpl in n. @@ -2961,8 +2961,8 @@ Proof. simpl in H. case (Lit.is_pos r) in H. case (t_form .[ Lit.blit r]) in H; try easy. - case (PArray.length a == 2) in H; try easy. - case ((a .[ 0] == i) && (a .[ 1] == i0) || (a .[ 0] == i0) && (a .[ 1] == i)) in H; try easy. + case (PArray.length a =? 2) in H; try easy. + case ((a .[ 0] =? i) && (a .[ 1] =? i0) || (a .[ 0] =? i0) && (a .[ 1] =? i)) in H; try easy. specialize (IHrbsres bs1 bs2 (N - 1)%N H). simpl. simpl in n. @@ -2998,8 +2998,8 @@ Proof. intros bs1 bs2 bsres. now contradict H. case (Lit.is_pos xbsres) in *. case (t_form .[ Lit.blit xbsres] ) in *; try now contradict H. - case (PArray.length a == 2) in *. - case ((a .[ 0] == i) && (a .[ 1] == i0) || (a .[ 0] == i0) && (a .[ 1] == i)) in *. + case (PArray.length a =? 2) in *. + case ((a .[ 0] =? i) && (a .[ 1] =? i0) || (a .[ 0] =? i0) && (a .[ 1] =? i)) in *. specialize (IHbsres bs1 bs2 (n-1)%nat). simpl in H0. assert (length bs1 = (n-1)%nat). @@ -3051,7 +3051,7 @@ Proof. simpl in H. case (Lit.is_pos r) in H. case (t_form .[ Lit.blit r]) in H; try easy. - case ((i1 == i) && (i2 == i0) || (i1 == i0) && (i2 == i)) in H; try easy. + case ((i1 =? i) && (i2 =? i0) || (i1 =? i0) && (i2 =? i)) in H; try easy. specialize (IHrbsres bs1 bs2 (N - 1)%N H). simpl. simpl in n. @@ -3088,7 +3088,7 @@ Proof. simpl in H. case (Lit.is_pos r) in H. case (t_form .[ Lit.blit r]) in H; try easy. - case ((i1 == i) && (i2 == i0) || (i1 == i0) && (i2 == i)) in H; try easy. + case ((i1 =? i) && (i2 =? i0) || (i1 =? i0) && (i2 =? i)) in H; try easy. specialize (IHrbsres bs1 bs2 (N - 1)%N H). simpl. simpl in n. @@ -3124,7 +3124,7 @@ Proof. intros bs1 bs2 bsres. now contradict H. case (Lit.is_pos xbsres) in *. case (t_form .[ Lit.blit xbsres] ) in *; try now contradict H. - case ((i1 == i) && (i2 == i0) || (i1 == i0) && (i2 == i)) in *. + case ((i1 =? i) && (i2 =? i0) || (i1 =? i0) && (i2 =? i)) in *. specialize (IHbsres bs1 bs2 (n-1)%nat). simpl in H0. assert (length bs1 = (n-1)%nat). @@ -3204,7 +3204,7 @@ Proof. intros [ | | | | | | | [ A B | A | | | | ]|N|N|N|N|N|N|N|N| | | | ] a1' a2' Heq9; try (intros; now apply C.interp_true). (* BVand *) - - case_eq ((a1 == a1') && (a2 == a2') || (a1 == a2') && (a2 == a1')); + - case_eq ((a1 =? a1') && (a2 =? a2') || (a1 =? a2') && (a2 =? a1')); simpl; intros Heq10; try (now apply C.interp_true). case_eq ( @@ -3227,7 +3227,7 @@ Proof. rewrite aforallbi_spec;intros. pose proof (H a). - assert (a < PArray.length t_atom). + assert (a <? PArray.length t_atom). { apply PArray.get_not_default_lt. rewrite def_t_atom. rewrite Heq9. easy. } specialize (@H0 H1). rewrite Heq9 in H0. simpl in H0. rewrite !andb_true_iff in H0. destruct H0. destruct H0. @@ -3537,7 +3537,7 @@ Proof. exact Heq11. (* BVor *) - - case_eq ((a1 == a1') && (a2 == a2') || (a1 == a2') && (a2 == a1')); + - case_eq ((a1 =? a1') && (a2 =? a2') || (a1 =? a2') && (a2 =? a1')); simpl; intros Heq10; try (now apply C.interp_true). case_eq ( @@ -3560,7 +3560,7 @@ Proof. rewrite aforallbi_spec;intros. pose proof (H a). - assert (a < PArray.length t_atom). + assert (a <? PArray.length t_atom). { apply PArray.get_not_default_lt. rewrite def_t_atom. rewrite Heq9. easy. } specialize (@H0 H1). rewrite Heq9 in H0. simpl in H0. rewrite !andb_true_iff in H0. destruct H0. destruct H0. @@ -3869,7 +3869,7 @@ Proof. exact Heq11. (** BVxor **) - - case_eq ((a1 == a1') && (a2 == a2') || (a1 == a2') && (a2 == a1')); + - case_eq ((a1 =? a1') && (a2 =? a2') || (a1 =? a2') && (a2 =? a1')); simpl; intros Heq10; try (now apply C.interp_true). case_eq ( @@ -3892,7 +3892,7 @@ Proof. rewrite aforallbi_spec;intros. pose proof (H a). - assert (a < PArray.length t_atom). + assert (a <? PArray.length t_atom). { apply PArray.get_not_default_lt. rewrite def_t_atom. rewrite Heq9. easy. } specialize (@H0 H1). rewrite Heq9 in H0. simpl in H0. rewrite !andb_true_iff in H0. destruct H0. destruct H0. @@ -4210,7 +4210,7 @@ Proof. intros. simpl in H. case (Lit.is_pos ibsres) in H. case (t_form .[ Lit.blit ibsres]) in H; try (contradict H; easy). - case ((i == ibs1) && (i0 == ibs2) || (i == ibs2) && (i0 == ibs1)) in H. + case ((i =? ibs1) && (i0 =? ibs2) || (i =? ibs2) && (i0 =? ibs1)) in H. exact H. now contradict H. now contradict H. @@ -4228,7 +4228,7 @@ Proof. intros. case_eq (t_form .[ Lit.blit ibsres]); intros; rewrite H1 in H; try (now contradict H). specialize (@rho_interp ( Lit.blit ibsres)). rewrite H1 in rho_interp. simpl in rho_interp. - case_eq ((i == ibs1) && (i0 == ibs2) || (i == ibs2) && (i0 == ibs1)). + case_eq ((i =? ibs1) && (i0 =? ibs2) || (i =? ibs2) && (i0 =? ibs1)). intros. rewrite orb_true_iff in H2. destruct H2. rewrite andb_true_iff in H2. destruct H2. rewrite eqb_spec in H2, H3. rewrite H2, H3 in rho_interp. @@ -4320,7 +4320,7 @@ Proof. intro bs1. (*++*) rename i into arg1; rename i0 into arg2. unfold Lit.interp at 1, Var.interp at 1. rewrite Hposr1, Hi. repeat (rewrite andb_true_r). - case_eq ((arg1 == x1) && (arg2 == x2) || (arg1 == x2) && (arg2 == x1)). + case_eq ((arg1 =? x1) && (arg2 =? x2) || (arg1 =? x2) && (arg2 =? x1)). (* ** *) intros Hif. rewrite orb_true_iff in Hif. repeat (rewrite andb_true_iff in Hif). @@ -4351,7 +4351,7 @@ Proof. intro bs1. unfold Lit.interp at 1, Var.interp at 1. rewrite Hposa1. rewrite Heqx1x2. - case_eq ((arg1 == x1) && (arg2 == x2) || (arg1 == x2) && (arg2 == x1)). + case_eq ((arg1 =? x1) && (arg2 =? x2) || (arg1 =? x2) && (arg2 =? x1)). (* ** *) intros Hif. rewrite Hif in Hcheck. apply (@IHbs1 _ _ Hlen') in Hcheck. @@ -4375,11 +4375,11 @@ Proof. intro bs1. generalize (rho_interp (Lit.blit r1)); rewrite Hform_r1; simpl; intro Hi. (* ++ *) contradict Hcheck. simpl. - case ((i0 == x1) && (i1 == x2) || (i0 == x2) && (i1 == x1)); easy. + case ((i0 =? x1) && (i1 =? x2) || (i0 =? x2) && (i1 =? x1)); easy. (* ++ *) rename i0 into x1', i1 into x2', i2 into arg1, i3 into arg2. unfold Lit.interp at 1, Var.interp at 1. rewrite Hposr1, Hi. - case_eq ((arg1 == x1) && (arg2 == x2) || (arg1 == x2) && (arg2 == x1)). + case_eq ((arg1 =? x1) && (arg2 =? x2) || (arg1 =? x2) && (arg2 =? x1)). (* ** *) intros Hif. rewrite Hif in Hcheck. apply (@IHbs1 _ _ Hlen') in Hcheck. simpl in Hcheck. rewrite Hcheck. @@ -4424,7 +4424,7 @@ Proof. case (Lit.is_pos i2); try easy. case (t_form .[ Lit.blit i2]); try easy. intros i3 i4. - case ((i3 == a) && (i4 == i) || (i3 == i) && (i4 == a)). + case ((i3 =? a) && (i4 =? i) || (i3 =? i) && (i4 =? a)). apply IHbs1. easy. intros _ _ i2 l0 a0. @@ -4433,7 +4433,7 @@ Proof. case (Lit.is_pos i1); try easy. case (t_form .[ Lit.blit i1]); try easy. intros i3 i4. - case ((i3 == a) && (i4 == i) || (i3 == i) && (i4 == a)). + case ((i3 =? a) && (i4 =? i) || (i3 =? i) && (i4 =? a)). apply IHbs1. easy. intros i2 l0 a0. @@ -4442,7 +4442,7 @@ Proof. case (Lit.is_pos i9); try easy. case (t_form .[ Lit.blit i9]); try easy. intros i3 i4. - case ((i3 == a) && (i4 == i) || (i3 == i) && (i4 == a)). + case ((i3 =? a) && (i4 =? i) || (i3 =? i) && (i4 =? a)). apply IHbs1. easy. intros _ _ i2 l0 a0. @@ -4451,7 +4451,7 @@ Proof. case (Lit.is_pos i9); try easy. case (t_form .[ Lit.blit i9]); try easy. intros i3 i4. - case ((i3 == a) && (i4 == i) || (i3 == i) && (i4 == a)). + case ((i3 =? a) && (i4 =? i) || (i3 =? i) && (i4 =? a)). apply IHbs1. easy. case bs1; try easy; case bs2; easy. @@ -4462,10 +4462,10 @@ Proof. simpl. easy. intros i0 l i1 i2. - case ((i1 == a) && (i2 == i) || (i1 == i) && (i2 == a)); easy. + case ((i1 =? a) && (i2 =? i) || (i1 =? i) && (i2 =? a)); easy. simpl. intros _ l i1 i2. - case ((i1 == a) && (i2 == i) || (i1 == i) && (i2 == a)); easy. + case ((i1 =? a) && (i2 =? i) || (i1 =? i) && (i2 =? a)); easy. easy. case bs1 in *; try easy; case bs2; easy. case bs1 in *; try easy; case bs2; easy. @@ -4473,13 +4473,13 @@ Proof. case bs1 in *; try easy; case bs2; try easy. case (Lit.is_pos r); try easy. case (t_form .[ Lit.blit r]); try easy. - simpl. intros x y. case ((x == a) && (y == i) || (x == i) && (y == a)); easy. + simpl. intros x y. case ((x =? a) && (y =? i) || (x =? i) && (y =? a)); easy. case (Lit.is_pos r); try easy. case (t_form .[ Lit.blit r]); try easy. - simpl. intros x y. case ((x == a) && (y == i) || (x == i) && (y == a)); easy. + simpl. intros x y. case ((x =? a) && (y =? i) || (x =? i) && (y =? a)); easy. case (Lit.is_pos r); try easy. case (t_form .[ Lit.blit r]); try easy. - intros x y. case ((x == a) && (y == i) || (x == i) && (y == a)). + intros x y. case ((x =? a) && (y =? i) || (x =? i) && (y =? a)). intros x2 rbs2 xr rbrs. apply IHbs1. easy. Qed. @@ -4503,7 +4503,7 @@ Lemma valid_check_bbEq pos1 pos2 lres : C.valid rho (check_bbEq pos1 pos2 lres). try (intros; now apply C.interp_true). intros a1' a2' Heq9. - case_eq ((a1 == a1') && (a2 == a2') || (a1 == a2') && (a2 == a1')); + case_eq ((a1 =? a1') && (a2 =? a2') || (a1 =? a2') && (a2 =? a1')); simpl; intros Heq15; try (now apply C.interp_true). case_eq (check_eq bs1 bs2 [bsres] && @@ -4520,7 +4520,7 @@ Lemma valid_check_bbEq pos1 pos2 lres : C.valid rho (check_bbEq pos1 pos2 lres). rewrite aforallbi_spec;intros. pose proof (H a3). - assert (a3 < PArray.length t_atom). + assert (a3 <? PArray.length t_atom). { apply PArray.get_not_default_lt. rewrite def_t_atom. rewrite Heq9. easy. } specialize (@H0 H1). rewrite Heq9 in H0. simpl in H0. rewrite !andb_true_iff in H0. destruct H0. destruct H0. @@ -4887,7 +4887,7 @@ Proof. intro c. case_eq ( Lit.is_pos i). intros Hip0. rewrite Hip0 in H. case_eq (t_form .[ Lit.blit i]); intros; rewrite H2 in H; try now contradict H. - case_eq (PArray.length a == 2). intros Hl. rewrite Hl in H. + case_eq (PArray.length a =? 2). intros Hl. rewrite Hl in H. (* rewrite orb_true_iff in H; do 2 *) rewrite andb_true_iff in H. specialize (@rho_interp ( Lit.blit i)). rewrite H2 in rho_interp. @@ -4935,7 +4935,7 @@ Proof. intro c. case_eq ( Lit.is_pos i). intros Hip0. rewrite Hip0 in H. case_eq (t_form .[ Lit.blit i]); intros; rewrite H2 in H; try now contradict H. - case_eq (PArray.length a == 2). intros Hl. rewrite Hl in H. + case_eq (PArray.length a =? 2). intros Hl. rewrite Hl in H. (* rewrite orb_true_iff in H; do 2 *) rewrite andb_true_iff in H. specialize (@rho_interp ( Lit.blit i)). rewrite H2 in rho_interp. @@ -5158,7 +5158,7 @@ Proof. try (intros; now apply C.interp_true). intros a1' a2' Heq9. - case_eq ((a1 == a1') && (a2 == a2')); simpl; intros Heq15; try (now apply C.interp_true). + case_eq ((a1 =? a1') && (a2 =? a2')); simpl; intros Heq15; try (now apply C.interp_true). case_eq (check_ult bs1 bs2 bsres && (N.of_nat (Datatypes.length bs1) =? N)%N && @@ -5176,7 +5176,7 @@ Proof. rewrite aforallbi_spec;intros. pose proof (H a3). - assert (a3 < PArray.length t_atom). + assert (a3 <? PArray.length t_atom). { apply PArray.get_not_default_lt. rewrite def_t_atom. rewrite Heq9. easy. } specialize (@H0 H1). rewrite Heq9 in H0. simpl in H0. rewrite !andb_true_iff in H0. destruct H0. destruct H0. @@ -5383,7 +5383,7 @@ Proof. intros [ | | | | | | | [ A B | A | | | | ]|N|N|N|N|N|N|N|N| | | | ] a1' a2' Heq9; try (intros; now apply C.interp_true). - case_eq ((a1 == a1') && (a2 == a2')); simpl; intros Heq15; try (now apply C.interp_true). + case_eq ((a1 =? a1') && (a2 =? a2')); simpl; intros Heq15; try (now apply C.interp_true). case_eq (check_slt bs1 bs2 bsres && (N.of_nat (Datatypes.length bs1) =? N)%N && @@ -5401,7 +5401,7 @@ Proof. rewrite aforallbi_spec;intros. pose proof (H a3). - assert (a3 < PArray.length t_atom). + assert (a3 <? PArray.length t_atom). { apply PArray.get_not_default_lt. rewrite def_t_atom. rewrite Heq9. easy. } specialize (@H0 H1). rewrite Heq9 in H0. simpl in H0. rewrite !andb_true_iff in H0. destruct H0. destruct H0. @@ -5795,7 +5795,7 @@ Proof. try (intros; now apply C.interp_true). (* BVadd *) - - case_eq ((a1 == a1') && (a2 == a2') || (a1 == a2') && (a2 == a1')); + - case_eq ((a1 =? a1') && (a2 =? a2') || (a1 =? a2') && (a2 =? a1')); simpl; intros Heq10; try (now apply C.interp_true). case_eq ( check_add bs1 bs2 bsres (Clit Lit._false) && @@ -5813,7 +5813,7 @@ Proof. rewrite aforallbi_spec;intros. pose proof (H a). - assert (a < PArray.length t_atom). + assert (a <? PArray.length t_atom). { apply PArray.get_not_default_lt. rewrite def_t_atom. rewrite Heq9. easy. } specialize (@H0 H1). rewrite Heq9 in H0. simpl in H0. rewrite !andb_true_iff in H0. destruct H0. destruct H0. @@ -6246,7 +6246,7 @@ Proof. case_eq (t_atom .[ a]); try (intros; now apply C.interp_true). intros [ | | | | | | | | | | ] a1' Heq9; try now apply C.interp_true. - case_eq ((a1 == a1') && check_neg bs1 bsres && + case_eq ((a1 =? a1') && check_neg bs1 bsres && (N.of_nat (Datatypes.length bs1) =? n)%N); simpl; intros Heq11; try (now apply C.interp_true). @@ -6261,7 +6261,7 @@ Proof. rewrite aforallbi_spec;intros. pose proof (H a). - assert (a < PArray.length t_atom). + assert (a <? PArray.length t_atom). { apply PArray.get_not_default_lt. rewrite def_t_atom. rewrite Heq9. easy. } specialize (@H0 H1). rewrite Heq9 in H0. simpl in H0. rewrite !andb_true_iff in H0. destruct H0. @@ -6591,7 +6591,7 @@ Proof. case_eq (t_atom .[ a]); try (intros; now apply C.interp_true). intros [ | | | | | | |[ A B | A| | | | ]|N|N|N|N|N|N|N|N| | | | ] a1' a2' Heq9; try (intros; now apply C.interp_true). (* BVmult *) - - case_eq ((a1 == a1') && (a2 == a2') (* || (a1 == a2') && (a2 == a1')*) ); + - case_eq ((a1 =? a1') && (a2 =? a2') (* || (a1 =? a2') && (a2 =? a1')*) ); simpl; intros Heq10; try (now apply C.interp_true). case_eq ( @@ -6611,7 +6611,7 @@ Proof. rewrite aforallbi_spec;intros. pose proof (H a). - assert (a < PArray.length t_atom). + assert (a <? PArray.length t_atom). { apply PArray.get_not_default_lt. rewrite def_t_atom. rewrite Heq9. easy. } specialize (@H0 H1). rewrite Heq9 in H0. simpl in H0. rewrite !andb_true_iff in H0. destruct H0. destruct H0. @@ -6899,7 +6899,7 @@ Proof. case_eq (t_atom .[ a]); try (intros; now apply C.interp_true). intros [ | | | | | | |[ A B | A| | | | ]|N|N|N|N|N|N|N|N| | | | ] a1' a2' Heq9; try (intros; now apply C.interp_true). (* BVconcat *) - - case_eq ((a1 == a1') && (a2 == a2')); simpl; intros Heq10; try (now apply C.interp_true). + - case_eq ((a1 =? a1') && (a2 =? a2')); simpl; intros Heq10; try (now apply C.interp_true). case_eq ( check_concat bs1 bs2 bsres && (N.of_nat (Datatypes.length bs1) =? N)%N && (N.of_nat (Datatypes.length bs2) =? n)%N @@ -6916,7 +6916,7 @@ Proof. rewrite aforallbi_spec;intros. pose proof (H a). - assert (a < PArray.length t_atom). + assert (a <? PArray.length t_atom). { apply PArray.get_not_default_lt. rewrite def_t_atom. rewrite Heq9. easy. } specialize (@H0 H1). rewrite Heq9 in H0. simpl in H0. rewrite !andb_true_iff in H0. destruct H0. destruct H0. @@ -7215,7 +7215,7 @@ Proof. case_eq (t_atom .[ a]); try (intros; now apply C.interp_true). intros [ | | | | | | | | | | ] a1' Heq6; try (intros; now apply C.interp_true). (* BVextract *) - - case_eq ((a1 == a1')); simpl; intros Heq7; try (now apply C.interp_true). + - case_eq ((a1 =? a1')); simpl; intros Heq7; try (now apply C.interp_true). case_eq ( check_extract bs1 bsres i (n0 + i) && (N.of_nat (Datatypes.length bs1) =? n1)%N && (n0 + i <=? n1)%N @@ -7232,7 +7232,7 @@ Proof. rewrite aforallbi_spec;intros. pose proof (H a). - assert (a < PArray.length t_atom). + assert (a <? PArray.length t_atom). { apply PArray.get_not_default_lt. rewrite def_t_atom. rewrite Heq6. easy. } specialize (@H0 H1). rewrite Heq6 in H0. simpl in H0. rewrite !andb_true_iff in H0. destruct H0. @@ -7476,7 +7476,7 @@ Proof. case_eq (t_atom .[ a]); try (intros; now apply C.interp_true). intros [ | | | | | | | | | | ] a1' Heq6; try (intros; now apply C.interp_true). (* BVzextend *) - - case_eq ((a1 == a1')); simpl; intros Heq7; try (now apply C.interp_true). + - case_eq ((a1 =? a1')); simpl; intros Heq7; try (now apply C.interp_true). case_eq ( check_zextend bs1 bsres i && (N.of_nat (Datatypes.length bs1) =? n)%N ); simpl; intros Heq8; try (now apply C.interp_true). @@ -7492,7 +7492,7 @@ Proof. rewrite aforallbi_spec;intros. pose proof (H a). - assert (a < PArray.length t_atom). + assert (a <? PArray.length t_atom). { apply PArray.get_not_default_lt. rewrite def_t_atom. rewrite Heq6. easy. } specialize (@H0 H1). rewrite Heq6 in H0. simpl in H0. rewrite !andb_true_iff in H0. destruct H0. @@ -7722,7 +7722,7 @@ Proof. case_eq (t_atom .[ a]); try (intros; now apply C.interp_true). intros [ | | | | | | | | | | ] a1' Heq6; try (intros; now apply C.interp_true). (* BVsextend *) - - case_eq ((a1 == a1')); simpl; intros Heq7; try (now apply C.interp_true). + - case_eq ((a1 =? a1')); simpl; intros Heq7; try (now apply C.interp_true). case_eq ( check_sextend bs1 bsres i && (N.of_nat (Datatypes.length bs1) =? n)%N ); simpl; intros Heq8; try (now apply C.interp_true). @@ -7738,7 +7738,7 @@ Proof. rewrite aforallbi_spec;intros. pose proof (H a). - assert (a < PArray.length t_atom). + assert (a <? PArray.length t_atom). { apply PArray.get_not_default_lt. rewrite def_t_atom. rewrite Heq6. easy. } specialize (@H0 H1). rewrite Heq6 in H0. simpl in H0. rewrite !andb_true_iff in H0. destruct H0. @@ -8045,7 +8045,7 @@ Proof. case_eq (t_atom .[ a2]); try (intros; now apply C.interp_true). intros c Heqa2. case_eq c; try (intros; now apply C.interp_true). intros bv2 n0 Heqc. (* BVshl *) - case_eq ((a1 == a1') && (a2 == a2')); simpl; intros Heq10; try (now apply C.interp_true). + case_eq ((a1 =? a1') && (a2 =? a2')); simpl; intros Heq10; try (now apply C.interp_true). case_eq ( check_shl bs1 bv2 bsres && (N.of_nat (Datatypes.length bs1) =? n)%N && (N.of_nat (Datatypes.length bv2) =? n)%N && (n0 =? n)%N @@ -8062,13 +8062,13 @@ Proof. rewrite aforallbi_spec;intros. pose proof (H a). - assert (a < PArray.length t_atom). + assert (a <? PArray.length t_atom). { apply PArray.get_not_default_lt. rewrite def_t_atom. rewrite Heq9. easy. } specialize (@H0 H1). rewrite Heq9 in H0. simpl in H0. rewrite !andb_true_iff in H0. destruct H0. destruct H0. pose proof (H a2). - assert (a2 < PArray.length t_atom). + assert (a2 <? PArray.length t_atom). { apply PArray.get_not_default_lt. rewrite def_t_atom. rewrite Heqa2, Heqc. easy. } specialize (@H4 H5). rewrite Heqa2 in H4. simpl in H4. @@ -8375,7 +8375,7 @@ Proof. case_eq (t_atom .[ a2]); try (intros; now apply C.interp_true). intros c Heqa2. case_eq c; try (intros; now apply C.interp_true). intros bv2 n0 Heqc. (* BVshr *) - case_eq ((a1 == a1') && (a2 == a2')); simpl; intros Heq10; try (now apply C.interp_true). + case_eq ((a1 =? a1') && (a2 =? a2')); simpl; intros Heq10; try (now apply C.interp_true). case_eq ( check_shr bs1 bv2 bsres && (N.of_nat (Datatypes.length bs1) =? n)%N && (N.of_nat (Datatypes.length bv2) =? n)%N && (n0 =? n)%N @@ -8392,13 +8392,13 @@ Proof. rewrite aforallbi_spec;intros. pose proof (H a). - assert (a < PArray.length t_atom). + assert (a <? PArray.length t_atom). { apply PArray.get_not_default_lt. rewrite def_t_atom. rewrite Heq9. easy. } specialize (@H0 H1). rewrite Heq9 in H0. simpl in H0. rewrite !andb_true_iff in H0. destruct H0. destruct H0. pose proof (H a2). - assert (a2 < PArray.length t_atom). + assert (a2 <? PArray.length t_atom). { apply PArray.get_not_default_lt. rewrite def_t_atom. rewrite Heqa2, Heqc. easy. } specialize (@H4 H5). rewrite Heqa2 in H4. simpl in H4. diff --git a/src/classes/SMT_classes_instances.v b/src/classes/SMT_classes_instances.v index d5a9da9..d7c9731 100644 --- a/src/classes/SMT_classes_instances.v +++ b/src/classes/SMT_classes_instances.v @@ -474,22 +474,22 @@ Section Int63. Local Open Scope int63_scope. Let int_lt x y := - if x < y then True else False. + if x <? y then True else False. Global Instance int63_ord : OrdType int. Proof. exists int_lt; unfold int_lt. - intros x y z. - case_eq (x < y); intro; - case_eq (y < z); intro; - case_eq (x < z); intro; + case_eq (x <? y); intro; + case_eq (y <? z); intro; + case_eq (x <? z); intro; simpl; try easy. contradict H1. rewrite not_false_iff_true. rewrite ltb_spec in *. exact (Z.lt_trans _ _ _ H H0). - intros x y. - case_eq (x < y); intro; simpl; try easy. + case_eq (x <? y); intro; simpl; try easy. intros. rewrite ltb_spec in *. rewrite <- Misc.to_Z_eq. @@ -501,8 +501,8 @@ Section Int63. Proof. constructor. intros x y. - case_eq (x < y); intro; - case_eq (x == y); intro; unfold lt in *; simpl. + case_eq (x <? y); intro; + case_eq (x =? y); intro; unfold lt in *; simpl. - rewrite Int63.eqb_spec in H0. contradict H0. assert (int_lt x y). unfold int_lt. @@ -512,7 +512,7 @@ Section Int63. - apply LT. unfold int_lt. rewrite H; trivial. - apply EQ. rewrite Int63.eqb_spec in H0; trivial. - apply GT. unfold int_lt. - case_eq (y < x); intro; simpl; try easy. + case_eq (y <? x); intro; simpl; try easy. specialize (Misc.leb_ltb_eqb x y); intro. contradict H2. rewrite Misc.leb_negb_gtb. rewrite H1. simpl. diff --git a/src/cnf/Cnf.v b/src/cnf/Cnf.v index db6e689..bc4ab5d 100644 --- a/src/cnf/Cnf.v +++ b/src/cnf/Cnf.v @@ -23,7 +23,7 @@ Unset Strict Implicit. Definition or_of_imp args := let last := PArray.length args - 1 in - amapi (fun i l => if i == last then l else Lit.neg l) args. + amapi (fun i l => if i =? last then l else Lit.neg l) args. (* Register or_of_imp as PrimInline. *) Lemma length_or_of_imp : forall args, @@ -31,21 +31,21 @@ Lemma length_or_of_imp : forall args, Proof. intro; unfold or_of_imp; apply length_amapi. Qed. Lemma get_or_of_imp : forall args i, - i < (PArray.length args) - 1 -> (or_of_imp args).[i] = Lit.neg (args.[i]). + i <? (PArray.length args) - 1 -> (or_of_imp args).[i] = Lit.neg (args.[i]). Proof. - unfold or_of_imp; intros args i H; case_eq (0 < PArray.length args). + unfold or_of_imp; intros args i H; case_eq (0 <? PArray.length args). intro Heq; rewrite get_amapi. - replace (i == PArray.length args - 1) with false; auto; symmetry; rewrite eqb_false_spec; intro; subst i; unfold is_true in H; rewrite ltb_spec, (to_Z_sub_1 _ _ Heq) in H; lia. + replace (i =? PArray.length args - 1) with false; auto; symmetry; rewrite eqb_false_spec; intro; subst i; unfold is_true in H; rewrite ltb_spec, (to_Z_sub_1 _ _ Heq) in H; lia. rewrite ltb_spec; unfold is_true in H; rewrite ltb_spec, (to_Z_sub_1 _ _ Heq) in H; lia. - rewrite ltb_negb_geb; case_eq (PArray.length args <= 0); try discriminate; intros Heq _; assert (H1: PArray.length args = 0). + rewrite ltb_negb_geb; case_eq (PArray.length args <=? 0); try discriminate; intros Heq _; assert (H1: PArray.length args = 0). apply to_Z_inj; rewrite leb_spec in Heq; destruct (to_Z_bounded (PArray.length args)) as [H1 _]; change [|0|] with 0%Z in *; lia. rewrite !get_outofbound. rewrite default_amapi, H1; auto. - rewrite H1; case_eq (i < 0); auto; intro H2; eelim ltb_0; eassumption. - rewrite length_amapi, H1; case_eq (i < 0); auto; intro H2; eelim ltb_0; eassumption. + rewrite H1; case_eq (i <? 0); auto; intro H2; eelim ltb_0; eassumption. + rewrite length_amapi, H1; case_eq (i <? 0); auto; intro H2; eelim ltb_0; eassumption. Qed. -Lemma get_or_of_imp2 : forall args i, 0 < PArray.length args -> +Lemma get_or_of_imp2 : forall args i, 0 <? PArray.length args -> i = (PArray.length args) - 1 -> (or_of_imp args).[i] = args.[i]. Proof. unfold or_of_imp; intros args i Heq Hi; rewrite get_amapi; subst i. @@ -55,7 +55,7 @@ Qed. Lemma afold_right_impb p a : (forall x, p (Lit.neg x) = negb (p x)) -> - (PArray.length a == 0) = false -> + (PArray.length a =? 0) = false -> (afold_right bool true implb (amap p a)) = List.existsb p (to_list (or_of_imp a)). Proof. @@ -97,7 +97,7 @@ Proof. case_eq (List.existsb p (to_list (or_of_imp a))); auto. rewrite existsb_exists. intros [x [H4 H5]]. apply In_to_list in H4. destruct H4 as [i [H4 ->]]. - case_eq (i < PArray.length a - 1); intro Heq. + case_eq (i <? PArray.length a - 1); intro Heq. + specialize (H2 i). rewrite length_amap in H2. assert (H6 := H2 Heq). rewrite get_amap in H6. now rewrite (get_or_of_imp Heq), Hp, H6 in H5. apply (ltb_trans _ (PArray.length a - 1)); auto. now apply minus_1_lt. @@ -108,7 +108,7 @@ Proof. apply to_Z_inj. rewrite (to_Z_sub_1 _ 0); auto. rewrite ltb_spec in H4; auto. rewrite ltb_negb_geb in Heq. - case_eq (PArray.length a - 1 <= i); intro H2; rewrite H2 in Heq; try discriminate. + case_eq (PArray.length a - 1 <=? i); intro H2; rewrite H2 in Heq; try discriminate. clear Heq. rewrite leb_spec in H2. rewrite (to_Z_sub_1 _ 0) in H2; auto. lia. } @@ -155,7 +155,7 @@ Section CHECKER. else l :: to_list args | Fimp args => if Lit.is_pos l then C._true - else if PArray.length args == 0 then C._true + else if PArray.length args =? 0 then C._true else let args := or_of_imp args in l :: to_list args @@ -193,7 +193,7 @@ Section CHECKER. if Lit.is_pos l then to_list args else C._true | Fimp args => - if PArray.length args == 0 then C._true else + if PArray.length args =? 0 then C._true else if Lit.is_pos l then let args := or_of_imp args in to_list args @@ -271,15 +271,15 @@ Section CHECKER. let x := Lit.blit l in match get_hash x with | For args => - if i < PArray.length args then Lit.lit x::Lit.neg (args.[i])::nil + if i <? PArray.length args then Lit.lit x::Lit.neg (args.[i])::nil else C._true | Fand args => - if i < PArray.length args then Lit.nlit x::(args.[i])::nil + if i <? PArray.length args then Lit.nlit x::(args.[i])::nil else C._true | Fimp args => let len := PArray.length args in - if i < len then - if i == len - 1 then Lit.lit x::Lit.neg (args.[i])::nil + if i <? len then + if i =? len - 1 then Lit.lit x::Lit.neg (args.[i])::nil else Lit.lit x::(args.[i])::nil else C._true | _ => C._true @@ -297,15 +297,15 @@ Section CHECKER. let x := Lit.blit l in match get_hash x with | For args => - if (i < PArray.length args) && negb (Lit.is_pos l) then Lit.neg (args.[i])::nil + if (i <? PArray.length args) && negb (Lit.is_pos l) then Lit.neg (args.[i])::nil else C._true | Fand args => - if (i < PArray.length args) && (Lit.is_pos l) then (args.[i])::nil + if (i <? PArray.length args) && (Lit.is_pos l) then (args.[i])::nil else C._true | Fimp args => let len := PArray.length args in - if (i < len) && negb (Lit.is_pos l) then - if i == len - 1 then Lit.neg (args.[i])::nil + if (i <? len) && negb (Lit.is_pos l) then + if i =? len - 1 then Lit.neg (args.[i])::nil else (args.[i])::nil else C._true | _ => C._true @@ -362,7 +362,7 @@ Section CHECKER. tauto_check). - rewrite afold_left_and, C.Cinterp_neg;apply orb_negb_r. - rewrite afold_left_or, orb_comm;apply orb_negb_r. - - case_eq (PArray.length a == 0); auto using C.interp_true. + - case_eq (PArray.length a =? 0); auto using C.interp_true. intro Hl; simpl. unfold Lit.interp at 1;rewrite Heq;unfold Var.interp; rewrite rho_interp, H;simpl. rewrite (afold_right_impb (Lit.interp_neg _) Hl), orb_comm;try apply orb_negb_r. @@ -381,7 +381,7 @@ Section CHECKER. Proof. unfold check_BuildProj,C.valid;intros l i. case_eq (t_form.[Lit.blit l]);intros;auto using C.interp_true; - case_eq (i < PArray.length a);intros Hlt;auto using C.interp_true;simpl. + case_eq (i <? PArray.length a);intros Hlt;auto using C.interp_true;simpl. - rewrite Lit.interp_nlit;unfold Var.interp;rewrite rho_interp, orb_false_r, H. simpl;rewrite afold_left_and. case_eq (List.forallb (Lit.interp rho) (to_list a));trivial. @@ -394,9 +394,9 @@ Section CHECKER. case_eq (Lit.interp rho (a .[ i]));trivial. intros Heq Hex;elim Hex;exists (a.[i]);split;trivial. apply to_list_In; auto. - - assert (Hl : (PArray.length a == 0) = false) + - assert (Hl : (PArray.length a =? 0) = false) by (rewrite eqb_false_spec; intro H1; rewrite H1 in Hlt; now elim (ltb_0 i)). - case_eq (i == PArray.length a - 1);intros Heq;simpl; + case_eq (i =? PArray.length a - 1);intros Heq;simpl; rewrite Lit.interp_lit;unfold Var.interp;rewrite rho_interp, H;simpl. + rewrite Lit.interp_neg, orb_false_r. rewrite (afold_right_impb (Lit.interp_neg _) Hl). @@ -452,9 +452,9 @@ Section CHECKER. tauto_check. - rewrite afold_left_and, C.Cinterp_neg, orb_false_r;trivial. - rewrite afold_left_or, orb_false_r;trivial. - - case_eq (PArray.length a == 0); auto using C.interp_true. + - case_eq (PArray.length a =? 0); auto using C.interp_true. intro Hl. now rewrite orb_false_r, (afold_right_impb (Lit.interp_neg _) Hl). - - case_eq (PArray.length a == 0); auto using C.interp_true. + - case_eq (PArray.length a =? 0); auto using C.interp_true. Qed. Lemma valid_check_ImmBuildDef2 : forall cid, C.valid rho (check_ImmBuildDef2 cid). @@ -475,7 +475,7 @@ Section CHECKER. destruct (S.get s cid) as [ | l [ | _l _c]];auto using C.interp_true. simpl;unfold Lit.interp, Var.interp; rewrite !rho_interp; destruct (t_form.[Lit.blit l]);auto using C.interp_true; - case_eq (i < PArray.length a); intros Hlt;auto using C.interp_true; + case_eq (i <? PArray.length a); intros Hlt;auto using C.interp_true; case_eq (Lit.is_pos l);intros Heq;auto using C.interp_true;simpl; rewrite !orb_false_r. - rewrite afold_left_and. @@ -487,17 +487,17 @@ Section CHECKER. intros Heq' Hex;elim Hex;exists (a.[i]);split;trivial. apply to_list_In; auto. - rewrite negb_true_iff, <-not_true_iff_false. - assert (Hl:(PArray.length a == 0) = false) + assert (Hl:(PArray.length a =? 0) = false) by (rewrite eqb_false_spec; intro H; rewrite H in Hlt; now apply (ltb_0 i)). rewrite (afold_right_impb (Lit.interp_neg _) Hl). - case_eq (i == PArray.length a - 1);intros Heq';simpl; + case_eq (i =? PArray.length a - 1);intros Heq';simpl; unfold C.interp;simpl;try rewrite Lit.interp_neg;rewrite orb_false_r, existsb_exists;case_eq (Lit.interp rho (a .[ i]));trivial; intros Heq2 Hex;elim Hex. exists (a.[i]);split;trivial. - assert (H1: 0 < PArray.length a) by (apply (leb_ltb_trans _ i _); auto; apply leb_0); rewrite Int63.eqb_spec in Heq'; rewrite <- (get_or_of_imp2 H1 Heq'); apply to_list_In; rewrite length_or_of_imp; auto. + assert (H1: 0 <? PArray.length a) by (apply (leb_ltb_trans _ i _); auto; apply leb_0); rewrite Int63.eqb_spec in Heq'; rewrite <- (get_or_of_imp2 H1 Heq'); apply to_list_In; rewrite length_or_of_imp; auto. exists (Lit.neg (a.[i]));rewrite Lit.interp_neg, Heq2;split;trivial. - assert (H1: i < PArray.length a - 1 = true) by (rewrite ltb_spec, (to_Z_sub_1 _ _ Hlt); rewrite eqb_false_spec in Heq'; assert (H1: [|i|] <> ([|PArray.length a|] - 1)%Z) by (intro H1; apply Heq', to_Z_inj; rewrite (to_Z_sub_1 _ _ Hlt); auto); rewrite ltb_spec in Hlt; lia); rewrite <- (get_or_of_imp H1); apply to_list_In; rewrite length_or_of_imp; auto. + assert (H1: i <? PArray.length a - 1 = true) by (rewrite ltb_spec, (to_Z_sub_1 _ _ Hlt); rewrite eqb_false_spec in Heq'; assert (H1: [|i|] <> ([|PArray.length a|] - 1)%Z) by (intro H1; apply Heq', to_Z_inj; rewrite (to_Z_sub_1 _ _ Hlt); auto); rewrite ltb_spec in Hlt; lia); rewrite <- (get_or_of_imp H1); apply to_list_In; rewrite length_or_of_imp; auto. Qed. End CHECKER. diff --git a/src/euf/Euf.v b/src/euf/Euf.v index 6b97f94..fae0cfd 100644 --- a/src/euf/Euf.v +++ b/src/euf/Euf.v @@ -40,23 +40,23 @@ Section certif. | nil => let xres := Lit.blit res in get_eq xres (fun t1' t2' => - if ((t1 == t1') && (t2 == t2')) || - ((t1 == t2') && (t2 == t1')) then + if ((t1 =? t1') && (t2 =? t2')) || + ((t1 =? t2') && (t2 =? t1')) then Lit.lit xres :: clause else C._true) | leq::eqs => let xeq := Lit.blit leq in get_eq xeq (fun t t' => - if t2 == t' then + if t2 =? t' then check_trans_aux t1 t eqs res (Lit.nlit xeq :: clause) else - if t2 == t then + if t2 =? t then check_trans_aux t1 t' eqs res (Lit.nlit xeq :: clause) else - if t1 == t' then + if t1 =? t' then check_trans_aux t t2 eqs res (Lit.nlit xeq :: clause) else - if t1 == t then + if t1 =? t then check_trans_aux t' t2 eqs res (Lit.nlit xeq :: clause) else C._true) end. @@ -66,7 +66,7 @@ Section certif. | nil => let xres := Lit.blit res in get_eq xres (fun t1 t2 => - if t1 == t2 then Lit.lit xres :: nil else C._true) + if t1 =? t2 then Lit.lit xres :: nil else C._true) | leq :: eqs => let xeq := Lit.blit leq in get_eq xeq @@ -79,12 +79,12 @@ Section certif. | nil, nil, nil => c | eq::eqs, t1::l, t2::r => match eq with - | None => if t1 == t2 then build_congr eqs l r c else C._true + | None => if t1 =? t2 then build_congr eqs l r c else C._true | Some leq => let xeq := Lit.blit leq in get_eq xeq (fun t1' t2' => - if ((t1 == t1') && (t2 == t2')) || - ((t1 == t2') && (t2 == t1')) then + if ((t1 =? t1') && (t2 =? t2')) || + ((t1 =? t2') && (t2 =? t1')) then build_congr eqs l r (Lit.nlit xeq :: c) else C._true) end @@ -104,7 +104,7 @@ Section certif. build_congr eqs (a::nil) (b::nil) (Lit.lit xeq :: nil) else C._true | Atom.Aapp f1 args1, Atom.Aapp f2 args2 => - if f1 == f2 then build_congr eqs args1 args2 (Lit.lit xeq :: nil) + if f1 =? f2 then build_congr eqs args1 args2 (Lit.lit xeq :: nil) else C._true | _, _ => C._true end). @@ -126,7 +126,7 @@ Section certif. (a::nil) (b::nil) (Lit.nlit xPA :: Lit.lit xPB :: nil) else C._true | Atom.Aapp p a, Atom.Aapp p' b => - if p == p' then + if p =? p' then build_congr eqs a b (Lit.nlit xPA :: Lit.lit xPB :: nil) else C._true | _, _ => C._true @@ -215,7 +215,7 @@ Section certif. destruct b;trivial with smtcoq_euf. generalize wt_t_atom;unfold Atom.wt;unfold is_true; rewrite Misc.aforallbi_spec;intros. - assert (i < length t_atom). + assert (i <? length t_atom). apply PArray.get_not_default_lt. rewrite H0, def_t_atom;discriminate. apply H1 in H2;clear H1;rewrite H0 in H2;simpl in H2. @@ -477,10 +477,10 @@ Section certif. rewrite !wf_interp_form, H, H0;simpl. generalize wt_t_atom;unfold Atom.wt;unfold is_true; rewrite Misc.aforallbi_spec;intros. - assert (i < length t_atom). + assert (i <? length t_atom). apply PArray.get_not_default_lt. rewrite H1, def_t_atom;discriminate. - assert (i0 < length t_atom). + assert (i0 <? length t_atom). apply PArray.get_not_default_lt. rewrite H2, def_t_atom;discriminate. apply H4 in H5;apply H4 in H6;clear H4. @@ -498,10 +498,10 @@ Section certif. rewrite !wf_interp_form, H, H0;simpl. generalize wt_t_atom;unfold Atom.wt;unfold is_true; rewrite Misc.aforallbi_spec;intros. - assert (i < length t_atom). + assert (i <? length t_atom). apply PArray.get_not_default_lt. rewrite H1, def_t_atom. discriminate. - assert (i0 < length t_atom). + assert (i0 <? length t_atom). apply PArray.get_not_default_lt. rewrite H2, def_t_atom;discriminate. apply H4 in H5;apply H4 in H6;clear H4. @@ -520,10 +520,10 @@ Section certif. rewrite !wf_interp_form, H, H0;simpl. generalize wt_t_atom;unfold Atom.wt;unfold is_true; rewrite Misc.aforallbi_spec;intros. - assert (i < length t_atom). + assert (i <? length t_atom). apply PArray.get_not_default_lt. rewrite H1, def_t_atom;discriminate. - assert (i0 < length t_atom). + assert (i0 <? length t_atom). apply PArray.get_not_default_lt. rewrite H2, def_t_atom;discriminate. apply H4 in H5;apply H4 in H6;clear H4. diff --git a/src/lia/Lia.v b/src/lia/Lia.v index 19c12d8..182a4fc 100644 --- a/src/lia/Lia.v +++ b/src/lia/Lia.v @@ -360,15 +360,15 @@ Section certif. Definition check_diseq l : C.t := match get_form (Lit.blit l) with |Form.For a => - if PArray.length a == 3 then + if PArray.length a =? 3 then let a_eq_b := a.[0] in let not_a_le_b := a.[1] in let not_b_le_a := a.[2] in get_eq a_eq_b (fun a b => get_not_le not_a_le_b (fun a' b' => get_not_le not_b_le_a (fun b'' a'' => - if (a == a') && (a == a'') && (b == b') && (b == b'') + if (a =? a') && (a =? a'') && (b =? b') && (b =? b'') then (Lit.lit (Lit.blit l))::nil else - if (a == b') && (a == b'') && (b == a') && (b == a'') + if (a =? b') && (a =? b'') && (b =? a') && (b =? a'') then (Lit.lit (Lit.blit l))::nil else C._true))) else C._true @@ -668,7 +668,7 @@ Section certif. Lemma build_pexpr_atom_aux_correct : forall (build_pexpr : vmap -> hatom -> vmap * PExpr Z) h i, (forall h' vm vm' pe, - h' < h -> + h' <? h -> Typ.eqb (get_type t_i t_func t_atom h') Typ.TZ -> build_pexpr vm h' = (vm',pe) -> wf_vmap vm -> @@ -681,7 +681,7 @@ Section certif. bounded_pexpr (fst vm') pe /\ t_interp.[h'] = Bval t_i Typ.TZ (Zeval_expr (interp_vmap vm') pe))-> forall a vm vm' pe, - h < i -> + h <? i -> lt_atom h a -> check_atom a Typ.TZ -> build_pexpr_atom_aux build_pexpr vm a = (vm',pe) -> @@ -933,7 +933,7 @@ Transparent build_z_atom. t_interp.[h] = Bval t_i Typ.TZ (Zeval_expr (interp_vmap vm') pe). Proof. intros. - case_eq (h < length t_atom);intros. + case_eq (h <? length t_atom);intros. apply build_pexpr_correct_aux;trivial. rewrite <- ltb_spec;trivial. revert H;unfold get_type,get_type'. @@ -1044,7 +1044,7 @@ Transparent build_z_atom. intros;apply build_formula_atom_correct with (get_type t_i t_func t_atom h);trivial. unfold wt, is_true in wt_t_atom;rewrite aforallbi_spec in wt_t_atom. - case_eq (h < length t_atom);intros Heq;unfold get_type;auto with smtcoq_core. + case_eq (h <? length t_atom);intros Heq;unfold get_type;auto with smtcoq_core. unfold get_type'. rewrite !PArray.get_outofbound, default_t_interp, def_t_atom;trivial; try reflexivity. rewrite length_t_interp;trivial. @@ -1188,7 +1188,7 @@ Transparent build_z_atom. (* Fnot2 *) case_eq (build_var vm (Lit.blit l)); try discriminate; intros [vm0 f] Heq H H1; inversion H; subst vm0; subst bf; destruct (Hbv _ _ _ _ Heq H1) as [H2 [H3 [H4 [H5 H6]]]]; do 3 (split; auto); case_eq (Lit.is_pos l); [apply build_not2_pos_correct|apply build_not2_neg_correct]; auto. (* Fand *) - simpl; unfold afold_left; rewrite !length_amap; case_eq (length l == 0); [ rewrite Int63.eqb_spec | rewrite eqb_false_spec, not_0_ltb ]; intro Hl. + simpl; unfold afold_left; rewrite !length_amap; case_eq (length l =? 0); [ rewrite Int63.eqb_spec | rewrite eqb_false_spec, not_0_ltb ]; intro Hl. intro H; inversion H; subst vm'; subst bf; simpl; intro H1; split; auto with smtcoq_core; split; [lia| ]; do 3 (split; auto with smtcoq_core). revert vm' bf; rewrite !get_amap by exact Hl; set (a := foldi _ _ _ _); set (b := foldi _ _ _ _); pattern (length l), a, b; subst a b; apply foldi_ind2. rewrite ltb_spec, to_Z_0 in Hl; rewrite leb_spec, to_Z_1; lia. @@ -1201,7 +1201,7 @@ Transparent build_z_atom. simpl; rewrite (bounded_bformula_le _ _ H11 _ H8); case (Lit.is_pos (l .[ i])); rewrite H13; auto with smtcoq_core. simpl; rewrite (interp_bformula_le _ _ H12 _ H8) in H9; rewrite <- H9; rewrite get_amap by exact H1; case_eq (Lit.is_pos (l .[ i])); intro Heq2; simpl; rewrite <- H14; unfold Lit.interp; rewrite Heq2; split; case (Var.interp rho (Lit.blit (l .[ i]))); try rewrite andb_true_r; try rewrite andb_false_r; try (intros; split; auto with smtcoq_core); try discriminate; intros [H20 H21]; auto with smtcoq_core. (* For *) - simpl; unfold afold_left; rewrite !length_amap; case_eq (length l == 0); [ rewrite Int63.eqb_spec | rewrite eqb_false_spec, not_0_ltb ]; intro Hl. + simpl; unfold afold_left; rewrite !length_amap; case_eq (length l =? 0); [ rewrite Int63.eqb_spec | rewrite eqb_false_spec, not_0_ltb ]; intro Hl. intro H; inversion H; subst vm'; subst bf; simpl; intro H1; split; auto with smtcoq_core; split; [lia| ]; do 3 (split; auto with smtcoq_core); discriminate. revert vm' bf; rewrite !get_amap by exact Hl; set (a := foldi _ _ _ _); set (b := foldi _ _ _ _); pattern (length l), a, b; subst a b; apply foldi_ind2. rewrite ltb_spec, to_Z_0 in Hl; rewrite leb_spec, to_Z_1; lia. @@ -1215,7 +1215,7 @@ Transparent build_z_atom. simpl; rewrite (interp_bformula_le _ _ H12 _ H8) in H9; rewrite <- H9; rewrite get_amap by exact H1; case_eq (Lit.is_pos (l .[ i])); intro Heq2; simpl; rewrite <- H14; unfold Lit.interp; rewrite Heq2; split; case (Var.interp rho (Lit.blit (l .[ i]))); try rewrite orb_false_r; try rewrite orb_true_r; auto with smtcoq_core; try (intros [H20|H20]; auto with smtcoq_core; discriminate); right; intro H20; discriminate. (* Fimp *) { - simpl; unfold afold_right; rewrite !length_amap; case_eq (length l == 0); [ rewrite Int63.eqb_spec | rewrite eqb_false_spec, not_0_ltb ]; intro Hl. + simpl; unfold afold_right; rewrite !length_amap; case_eq (length l =? 0); [ rewrite Int63.eqb_spec | rewrite eqb_false_spec, not_0_ltb ]; intro Hl. intro H; inversion H; subst vm'; subst bf; simpl; intro H1; split; auto with smtcoq_core; split; [lia| ]; do 3 (split; auto with smtcoq_core). revert vm' bf; rewrite !get_amap by (apply minus_1_lt; rewrite eqb_false_spec, not_0_ltb; exact Hl); set (a := foldi _ _ _ _); set (b := foldi _ _ _ _); pattern (length l), a, b; subst a b; apply foldi_ind2. rewrite ltb_spec, to_Z_0 in Hl; rewrite leb_spec, to_Z_1; lia. @@ -1449,7 +1449,7 @@ Transparent build_z_atom. destruct b; try (apply valid_C_true; trivial). generalize wt_t_atom;unfold Atom.wt;unfold is_true; rewrite aforallbi_spec;intros. - assert (i < length t_atom). + assert (i <? length t_atom). apply PArray.get_not_default_lt. rewrite H0, def_t_atom;discriminate. apply H1 in H2;clear H1;rewrite H0 in H2;simpl in H2. @@ -1480,7 +1480,7 @@ Transparent build_z_atom. destruct b; try (apply valid_C_true; trivial). generalize wt_t_atom;unfold Atom.wt;unfold is_true; rewrite aforallbi_spec;intros. - assert (i < length t_atom). + assert (i <? length t_atom). apply PArray.get_not_default_lt. rewrite H0, def_t_atom;discriminate. apply H1 in H2;clear H1;rewrite H0 in H2;simpl in H2. @@ -1548,12 +1548,12 @@ Transparent build_z_atom. Proof. unfold check_diseq; intro c. case_eq (t_form.[Lit.blit c]);intros;subst; try (unfold C.valid; apply valid_C_true; trivial). - case_eq ((length a) == 3); intros; try (unfold C.valid; apply valid_C_true; trivial). + case_eq ((length a) =? 3); intros; try (unfold C.valid; apply valid_C_true; trivial). apply eqb_correct in H0. apply get_eq_interp; intros. apply get_not_le_interp; intros. apply get_not_le_interp; intros. - case_eq ((a0 == a1) && (a0 == b1) && (b == b0) && (b == a2)); intros; subst; + case_eq ((a0 =? a1) && (a0 =? b1) && (b =? b0) && (b =? a2)); intros; subst; try (unfold C.valid; apply valid_C_true; trivial). repeat(apply andb_prop in H19; destruct H19). apply Int63.eqb_spec in H19;apply Int63.eqb_spec in H20;apply Int63.eqb_spec in H21;apply Int63.eqb_spec in H22; subst a0 b. @@ -1598,7 +1598,7 @@ Transparent build_z_atom. unfold interp_hatom in H21; do 2 rewrite t_interp_wf in H21; trivial. trivial. destruct H19. - case_eq ((a0 == b0) && (a0 == a2) && (b == a1) && (b == b1)); intros; subst; + case_eq ((a0 =? b0) && (a0 =? a2) && (b =? a1) && (b =? b1)); intros; subst; try (unfold C.valid; apply valid_C_true; trivial). repeat(apply andb_prop in H19; destruct H19). apply Int63.eqb_spec in H19;apply Int63.eqb_spec in H20;apply Int63.eqb_spec in H21;apply Int63.eqb_spec in H22;subst a0 b. diff --git a/src/spl/Assumptions.v b/src/spl/Assumptions.v index 0a8d79e..102148d 100644 --- a/src/spl/Assumptions.v +++ b/src/spl/Assumptions.v @@ -65,7 +65,7 @@ Section Checker. End Forallb2. Definition check_hole (s:S.t) (prem_id:list clause_id) (prem:list C.t) (concl:C.t) : C.t := - if forallb2 (fun id c => forallb2 (fun i j => i == j) (S.get s id) (S.sort_uniq c)) prem_id prem + if forallb2 (fun id c => forallb2 (fun i j => i =? j) (S.get s id) (S.sort_uniq c)) prem_id prem then concl else C._true. @@ -89,7 +89,7 @@ Section Checker_correct. t_form). Lemma interp_check_clause c1 : forall c2, - forallb2 (fun i j => i == j) c1 c2 -> C.interp rho c1 = C.interp rho c2. + forallb2 (fun i j => i =? j) c1 c2 -> C.interp rho c1 = C.interp rho c2. Proof. induction c1 as [ |l1 c1 IHc1]; simpl; intros [ |l2 c2]; simpl; auto; try discriminate. unfold is_true. rewrite andb_true_iff. intros [H1 H2]. @@ -97,7 +97,7 @@ Section Checker_correct. Qed. Lemma valid_check_clause cid c : - forallb2 (fun i j => i == j) (S.get s cid) (S.sort_uniq c) -> + forallb2 (fun i j => i =? j) (S.get s cid) (S.sort_uniq c) -> interp_uf rho c. Proof. intro H. rewrite <- interp_equiv, <- S.sort_uniq_correct; auto. @@ -131,7 +131,7 @@ Section Checker_correct. - unfold C.valid. now rewrite interp_equiv. - now apply C.interp_true. - now apply C.interp_true. - - case_eq (forallb2 (fun i j => i == j) (S.get s pid) (S.sort_uniq p)); + - case_eq (forallb2 (fun i j => i =? j) (S.get s pid) (S.sort_uniq p)); simpl; intro Heq; [ |now apply C.interp_true]. apply IHpids. apply H. apply (valid_check_clause _ _ Heq). Qed. diff --git a/src/spl/Operators.v b/src/spl/Operators.v index 540de3f..95bbe8e 100644 --- a/src/spl/Operators.v +++ b/src/spl/Operators.v @@ -35,7 +35,7 @@ Section Operators. Fixpoint check_in x l := match l with | nil => false - | t::q => if x == t then true else check_in x q + | t::q => if x =? t then true else check_in x q end. @@ -43,7 +43,7 @@ Section Operators. Proof. intro x; induction l as [ |t q IHq]; simpl. split; intro H; try discriminate; elim H. - case_eq (x == t). + case_eq (x =? t). rewrite eqb_spec; intro; subst t; split; auto. intro H; rewrite IHq; split; auto; intros [H1|H1]; auto; rewrite H1, eqb_refl in H; discriminate. Qed. @@ -54,7 +54,7 @@ Section Operators. | nil => true | b::q => if aexistsbi (fun _ (x:option (int*int)) => match x with - | Some (a',b') => ((a == a') && (b == b')) || ((a == b') && (b == a')) + | Some (a',b') => ((a =? a') && (b =? b')) || ((a =? b') && (b =? a')) | None => false end ) t then check_diseqs_complete_aux a q t else false @@ -63,13 +63,13 @@ Section Operators. Lemma check_diseqs_complete_aux_spec : forall a dist t, check_diseqs_complete_aux a dist t = true <-> - forall y, In y dist -> exists i, i < length t /\ + forall y, In y dist -> exists i, i <? length t /\ (t.[i] = Some (a,y) \/ t.[i] = Some (y,a)). Proof. intros a dist t; induction dist as [ |b q IHq]; simpl; split; auto. intros _ y H; inversion H. - case_eq (aexistsbi (fun _ (x : option (int * int)) => match x with | Some (a', b') => (a == a') && (b == b') || (a == b') && (b == a') | None => false end) t); try discriminate; rewrite aexistsbi_spec; intros [i [H1 H2]]; rewrite IHq; clear IHq; intros H3 y [H4|H4]; auto; subst y; exists i; split; auto; generalize H2; case (t .[ i]); try discriminate; intros [a' b']; rewrite orb_true_iff, !andb_true_iff, !Int63.eqb_spec; intros [[H4 H5]|[H4 H5]]; subst a' b'; auto. - intro H1; case_eq (aexistsbi (fun _ (x : option (int * int)) => match x with | Some (a', b') => (a == a') && (b == b') || (a == b') && (b == a') | None => false end) t). + case_eq (aexistsbi (fun _ (x : option (int * int)) => match x with | Some (a', b') => (a =? a') && (b =? b') || (a =? b') && (b =? a') | None => false end) t); try discriminate; rewrite aexistsbi_spec; intros [i [H1 H2]]; rewrite IHq; clear IHq; intros H3 y [H4|H4]; auto; subst y; exists i; split; auto; generalize H2; case (t .[ i]); try discriminate; intros [a' b']; rewrite orb_true_iff, !andb_true_iff, !Int63.eqb_spec; intros [[H4 H5]|[H4 H5]]; subst a' b'; auto. + intro H1; case_eq (aexistsbi (fun _ (x : option (int * int)) => match x with | Some (a', b') => (a =? a') && (b =? b') || (a =? b') && (b =? a') | None => false end) t). intros _; rewrite IHq; clear IHq; intros y Hy; apply H1; auto. rewrite aexistsbi_false_spec; destruct (H1 b (or_introl (refl_equal b))) as [i [H2 H3]]; intro H; rewrite <- (H _ H2); destruct H3 as [H3|H3]; rewrite H3; rewrite !eqb_refl; auto; rewrite orb_true_r; auto. Qed. @@ -77,15 +77,15 @@ Section Operators. Lemma check_diseqs_complete_aux_false_spec : forall a dist t, check_diseqs_complete_aux a dist t = false <-> - exists y, In y dist /\ forall i, i < length t -> + exists y, In y dist /\ forall i, i <? length t -> (t.[i] <> Some (a,y) /\ t.[i] <> Some (y,a)). Proof. intros a dist t; induction dist as [ |b q IHq]; simpl; split; try discriminate. intros [y [H _]]; elim H. - case_eq (aexistsbi (fun _ (x : option (int * int)) => match x with | Some (a', b') => (a == a') && (b == b') || (a == b') && (b == a') | None => false end) t). + case_eq (aexistsbi (fun _ (x : option (int * int)) => match x with | Some (a', b') => (a =? a') && (b =? b') || (a =? b') && (b =? a') | None => false end) t). intros _; rewrite IHq; clear IHq; intros [y [H3 H4]]; exists y; auto. rewrite aexistsbi_false_spec; intros H _; exists b; split; auto; intros i Hi; split; intro H1; generalize (H _ Hi); rewrite H1, !eqb_refl; try discriminate; rewrite orb_true_r; discriminate. - intros [y [H1 H2]]; case_eq (aexistsbi (fun _ (x : option (int * int)) => match x with | Some (a', b') => (a == a') && (b == b') || (a == b') && (b == a') | None => false end) t); auto; rewrite aexistsbi_spec; intros [i [H3 H4]]; rewrite IHq; clear IHq; exists y; destruct H1 as [H1|H1]; auto; subst y; case_eq (t.[i]); [intros [a' b'] Heq|intro Heq]; rewrite Heq in H4; try discriminate; rewrite orb_true_iff, !andb_true_iff, !eqb_spec in H4; destruct H4 as [[H4 H5]|[H4 H5]]; subst a' b'; generalize (H2 _ H3); rewrite Heq; intros [H4 H5]; [elim H4|elim H5]; auto. + intros [y [H1 H2]]; case_eq (aexistsbi (fun _ (x : option (int * int)) => match x with | Some (a', b') => (a =? a') && (b =? b') || (a =? b') && (b =? a') | None => false end) t); auto; rewrite aexistsbi_spec; intros [i [H3 H4]]; rewrite IHq; clear IHq; exists y; destruct H1 as [H1|H1]; auto; subst y; case_eq (t.[i]); [intros [a' b'] Heq|intro Heq]; rewrite Heq in H4; try discriminate; rewrite orb_true_iff, !andb_true_iff, !eqb_spec in H4; destruct H4 as [[H4 H5]|[H4 H5]]; subst a' b'; generalize (H2 _ H3); rewrite Heq; intros [H4 H5]; [elim H4|elim H5]; auto. Qed. @@ -98,7 +98,7 @@ Section Operators. Lemma check_diseqs_complete_spec : forall dist t, check_diseqs_complete dist t = true <-> - forall x y, In2 x y dist -> exists i, i < length t /\ + forall x y, In2 x y dist -> exists i, i <? length t /\ (t.[i] = Some (x,y) \/ t.[i] = Some (y,x)). Proof. intros dist t; induction dist as [ |a q IHq]; simpl; split; auto. @@ -112,7 +112,7 @@ Section Operators. Lemma check_diseqs_complete_false_spec : forall dist t, check_diseqs_complete dist t = false <-> - exists x y, In2 x y dist /\ forall i, i < length t -> + exists x y, In2 x y dist /\ forall i, i <? length t -> (t.[i] <> Some (x,y) /\ t.[i] <> Some (y,x)). Proof. intros dist t; induction dist as [ |a q IHq]; simpl; split; try discriminate. @@ -135,7 +135,7 @@ Section Operators. | Fatom a => match get_atom a with | Atom.Abop (Atom.BO_eq A) h1 h2 => - if (Typ.eqb ty A) && (negb (h1 == h2)) && (check_in h1 dist) && (check_in h2 dist) then + if (Typ.eqb ty A) && (negb (h1 =? h2)) && (check_in h1 dist) && (check_in h2 dist) then Some (h1,h2) else None @@ -150,14 +150,14 @@ Section Operators. Lemma check_diseqs_spec : forall A dist diseq, check_diseqs A dist diseq = true <-> - ((forall i, i < length diseq -> + ((forall i, i <? length diseq -> let t := diseq.[i] in ~ Lit.is_pos t /\ exists a, get_form (Lit.blit t) = Fatom a /\ exists h1 h2, get_atom a = Atom.Abop (Atom.BO_eq A) h1 h2 /\ h1 <> h2 /\ (In2 h1 h2 dist \/ In2 h2 h1 dist)) /\ - (forall x y, In2 x y dist -> exists i, i < length diseq /\ + (forall x y, In2 x y dist -> exists i, i <? length diseq /\ let t := diseq.[i] in ~ Lit.is_pos t /\ exists a, get_form (Lit.blit t) = Fatom a /\ @@ -169,14 +169,14 @@ Section Operators. aforallbi_spec, check_diseqs_complete_spec, length_amap; split; intros [H1 H2]; split. clear H2; intros i Hi; generalize (H1 _ Hi); rewrite get_amap; auto; case_eq (Lit.is_pos (diseq .[ i])); try discriminate; intro Heq1; case_eq (get_form (Lit.blit (diseq .[ i]))); - try discriminate; intros a Heq2; case_eq (get_atom a); try discriminate; intros [ | | | | | | | B | | | | | | | | | | | | ]; try discriminate; intros h1 h2 Heq3; case_eq (Typ.eqb A B); try discriminate; change (Typ.eqb A B = true) with (is_true (Typ.eqb A B)); rewrite Typ.eqb_spec; intro; subst B; case_eq (h1 == h2); try discriminate; rewrite eqb_false_spec; intro H2; case_eq (check_in h1 dist); try discriminate; case_eq (check_in h2 dist); try discriminate; rewrite !check_in_spec; intros H3 H4 _; split; try discriminate; exists a; split; auto; exists h1, h2; repeat split; auto; rewrite <- In2_In; auto. + try discriminate; intros a Heq2; case_eq (get_atom a); try discriminate; intros [ | | | | | | | B | | | | | | | | | | | | ]; try discriminate; intros h1 h2 Heq3; case_eq (Typ.eqb A B); try discriminate; change (Typ.eqb A B = true) with (is_true (Typ.eqb A B)); rewrite Typ.eqb_spec; intro; subst B; case_eq (h1 =? h2); try discriminate; rewrite eqb_false_spec; intro H2; case_eq (check_in h1 dist); try discriminate; case_eq (check_in h2 dist); try discriminate; rewrite !check_in_spec; intros H3 H4 _; split; try discriminate; exists a; split; auto; exists h1, h2; repeat split; auto; rewrite <- In2_In; auto. clear H1; intros x y Hxy; destruct (H2 _ _ Hxy) as [i [H1 H4]]; clear H2; rewrite get_amap in H4; auto; exists i; split; auto; generalize H4; - case_eq (Lit.is_pos (diseq .[ i])); intro Heq; try (intros [H|H]; discriminate); case_eq (get_form (Lit.blit (diseq .[ i]))); [intros a| | |intros a1 a2|intros a1|intros a1|intros a1|intros a1 a2|intros a1 a2| intros a1 a2 a3|intros a ls]; intro Heq2; try (intros [H|H]; discriminate); case_eq (get_atom a); [intros a1|intros a1 a2|intros [ | | | | | | | B | | | | | | | | | | | | ] h1 h2|intros a1 a2|intros a1 a2 | intros a1 a2]; intro Heq3; try (intros [H|H]; discriminate); try (case_eq (Typ.eqb A B); try (intros _ [H|H]; discriminate); change (Typ.eqb A B = true) with (is_true (Typ.eqb A B)); rewrite Typ.eqb_spec; intro; subst B; case_eq (h1 == h2); try (intros _ [H|H]; discriminate); rewrite eqb_false_spec; intro H10; case (check_in h1 dist); try (intros [H|H]; discriminate); case (check_in h2 dist); try (intros [H|H]; discriminate); simpl; intro H3; split; try discriminate; exists a; split; auto; destruct H3 as [H3|H3]; inversion H3; subst; auto). + case_eq (Lit.is_pos (diseq .[ i])); intro Heq; try (intros [H|H]; discriminate); case_eq (get_form (Lit.blit (diseq .[ i]))); [intros a| | |intros a1 a2|intros a1|intros a1|intros a1|intros a1 a2|intros a1 a2| intros a1 a2 a3|intros a ls]; intro Heq2; try (intros [H|H]; discriminate); case_eq (get_atom a); [intros a1|intros a1 a2|intros [ | | | | | | | B | | | | | | | | | | | | ] h1 h2|intros a1 a2|intros a1 a2 | intros a1 a2]; intro Heq3; try (intros [H|H]; discriminate); try (case_eq (Typ.eqb A B); try (intros _ [H|H]; discriminate); change (Typ.eqb A B = true) with (is_true (Typ.eqb A B)); rewrite Typ.eqb_spec; intro; subst B; case_eq (h1 =? h2); try (intros _ [H|H]; discriminate); rewrite eqb_false_spec; intro H10; case (check_in h1 dist); try (intros [H|H]; discriminate); case (check_in h2 dist); try (intros [H|H]; discriminate); simpl; intro H3; split; try discriminate; exists a; split; auto; destruct H3 as [H3|H3]; inversion H3; subst; auto). intros. destruct H0; now contradict H0. - clear H2; intros i Hi; rewrite get_amap; auto; destruct (H1 _ Hi) as [H2 [a [H3 [h1 [h2 [H4 [H5 H6]]]]]]]; clear H1; replace (Lit.is_pos (diseq .[ i])) with false by (case_eq (Lit.is_pos (diseq .[ i])); auto); rewrite H3, H4, Typ.eqb_refl; simpl; replace (h1 == h2) with false by (case_eq (h1 == h2); auto; rewrite eqb_spec; intro H; elim H5; auto); simpl; rewrite <- In2_In, <- !check_in_spec in H6; auto; destruct H6 as [H6 H7]; rewrite H6, H7; auto. - clear H1; intros x y Hxy; destruct (H2 _ _ Hxy) as [i [H1 [H3 [a [H4 [H6 H5]]]]]]; clear H2; exists i; split; auto; rewrite get_amap; auto; replace (Lit.is_pos (diseq .[ i])) with false by (case_eq (Lit.is_pos (diseq .[ i])); auto); rewrite H4; assert (H7 := or_introl (In2 y x dist) Hxy); rewrite <- In2_In, <- !check_in_spec in H7; auto; destruct H7 as [H7 H8]; destruct H5 as [H5|H5]; rewrite H5, Typ.eqb_refl; [replace (x == y) with false by (case_eq (x == y); auto; rewrite eqb_spec; auto)|replace (y == x) with false by (case_eq (y == x); auto; rewrite eqb_spec; auto)]; simpl; rewrite H7, H8; auto. + clear H2; intros i Hi; rewrite get_amap; auto; destruct (H1 _ Hi) as [H2 [a [H3 [h1 [h2 [H4 [H5 H6]]]]]]]; clear H1; replace (Lit.is_pos (diseq .[ i])) with false by (case_eq (Lit.is_pos (diseq .[ i])); auto); rewrite H3, H4, Typ.eqb_refl; simpl; replace (h1 =? h2) with false by (case_eq (h1 =? h2); auto; rewrite eqb_spec; intro H; elim H5; auto); simpl; rewrite <- In2_In, <- !check_in_spec in H6; auto; destruct H6 as [H6 H7]; rewrite H6, H7; auto. + clear H1; intros x y Hxy; destruct (H2 _ _ Hxy) as [i [H1 [H3 [a [H4 [H6 H5]]]]]]; clear H2; exists i; split; auto; rewrite get_amap; auto; replace (Lit.is_pos (diseq .[ i])) with false by (case_eq (Lit.is_pos (diseq .[ i])); auto); rewrite H4; assert (H7 := or_introl (In2 y x dist) Hxy); rewrite <- In2_In, <- !check_in_spec in H7; auto; destruct H7 as [H7 H8]; destruct H5 as [H5|H5]; rewrite H5, Typ.eqb_refl; [replace (x =? y) with false by (case_eq (x =? y); auto; rewrite eqb_spec; auto)|replace (y =? x) with false by (case_eq (y =? x); auto; rewrite eqb_spec; auto)]; simpl; rewrite H7, H8; auto. Qed. @@ -187,7 +187,7 @@ intros. destruct H0; now contradict H0. (* | Fatom a => *) (* match get_atom a with *) (* | Atom.Abop (Atom.BO_eq A) h1 h2 => *) - (* (Typ.eqb ty A) && (negb (h1 == h2)) && (check_in h1 dist) && (check_in h2 dist) *) + (* (Typ.eqb ty A) && (negb (h1 =? h2)) && (check_in h1 dist) && (check_in h2 dist) *) (* | _ => false *) (* end *) (* | _ => false *) @@ -195,7 +195,7 @@ intros. destruct H0; now contradict H0. (* Lemma check_diseqs_spec : forall A dist diseq, *) - (* check_diseqs A dist diseq <-> forall i, i < length diseq -> *) + (* check_diseqs A dist diseq <-> forall i, i <? length diseq -> *) (* let t := diseq.[i] in *) (* ~ Lit.is_pos t /\ *) (* exists a, get_form (Lit.blit t) = Fatom a /\ *) @@ -204,7 +204,7 @@ intros. destruct H0; now contradict H0. (* Proof. *) (* intros A dist diseq; unfold check_diseqs; unfold is_true at 1; rewrite PArray.forallb_spec; split. *) (* intros H i Hi; generalize (H _ Hi); clear H; case (Lit.is_pos (diseq .[ i])); try discriminate; case (get_form (Lit.blit (diseq .[ i]))); try discriminate; intros a H1; split; try discriminate; exists a; split; auto; generalize H1; clear H1; case (get_atom a); try discriminate; intros [ | | | | | | |B] h1 h2; try discriminate; rewrite !andb_true_iff; change (check_in h1 dist = true) with (is_true (check_in h1 dist)); change (check_in h2 dist = true) with (is_true (check_in h2 dist)); rewrite !check_in_spec; intros [[[H1 H4] H2] H3]; change (is_true (Typ.eqb A B)) in H1; rewrite Typ.eqb_spec in H1; subst B; exists h1; exists h2; split; auto; assert (H5: h1 <> h2) by (intro H; rewrite H, eqb_refl in H4; discriminate); split; auto; rewrite <- In2_In; auto. *) - (* intros H i Hi; generalize (H _ Hi); clear H; case (Lit.is_pos (diseq .[ i])); try (intros [H _]; elim H; reflexivity); intros [_ [a [H1 [h1 [h2 [H2 [H3 H4]]]]]]]; rewrite H1, H2; rewrite !andb_true_iff; rewrite <- (In2_In H3) in H4; destruct H4 as [H4 H5]; change (check_in h1 dist = true) with (is_true (check_in h1 dist)); change (check_in h2 dist = true) with (is_true (check_in h2 dist)); rewrite !check_in_spec; repeat split; auto; case_eq (h1 == h2); auto; try (rewrite Typ.eqb_refl; auto); rewrite eqb_spec; intro; subst h1; elim H3; auto. *) + (* intros H i Hi; generalize (H _ Hi); clear H; case (Lit.is_pos (diseq .[ i])); try (intros [H _]; elim H; reflexivity); intros [_ [a [H1 [h1 [h2 [H2 [H3 H4]]]]]]]; rewrite H1, H2; rewrite !andb_true_iff; rewrite <- (In2_In H3) in H4; destruct H4 as [H4 H5]; change (check_in h1 dist = true) with (is_true (check_in h1 dist)); change (check_in h2 dist = true) with (is_true (check_in h2 dist)); rewrite !check_in_spec; repeat split; auto; case_eq (h1 =? h2); auto; try (rewrite Typ.eqb_refl; auto); rewrite eqb_spec; intro; subst h1; elim H3; auto. *) (* Qed. *) @@ -231,7 +231,7 @@ intros. destruct H0; now contradict H0. match get_form f1, get_form f2 with | Fatom ha, Fatom hb => match get_atom ha, get_atom hb with - | Atom.Anop (Atom.NO_distinct ty) (x::y::nil), Atom.Abop (Atom.BO_eq ty') x' y' => (Typ.eqb ty ty') && (((x == x') && (y == y')) || ((x == y') && (y == x'))) + | Atom.Anop (Atom.NO_distinct ty) (x::y::nil), Atom.Abop (Atom.BO_eq ty') x' y' => (Typ.eqb ty ty') && (((x =? x') && (y =? y')) || ((x =? y') && (y =? x'))) | _, _ => false end | _, _ => false @@ -287,12 +287,12 @@ intros. destruct H0; now contradict H0. Proof. intros ha diseq; rewrite check_distinct_spec; intros [A [dist [H1 H2]]]; rewrite check_diseqs_spec in H2; destruct H2 as [H2 H3]; unfold Atom.interp_form_hatom, Atom.interp_bool, Atom.interp_hatom; rewrite Atom.t_interp_wf; auto with smtcoq_spl_op; rewrite H1; simpl; generalize (Atom.compute_interp_spec_rev t_i (get (Atom.t_interp t_i t_func t_atom)) A dist); case (Atom.compute_interp t_i (get (Atom.t_interp t_i t_func t_atom)) A nil); simpl. intros l H4; case_eq (distinct (Typ.i_eqb t_i A) (rev l)). - rewrite distinct_spec; intro H5; symmetry; apply afold_left_andb_true; rewrite length_amap; intros i Hi; rewrite get_amap by exact Hi; destruct (H2 _ Hi) as [H9 [a [H10 [h1 [h2 [H6 [H7 H8]]]]]]]; unfold Lit.interp; replace (Lit.is_pos (diseq .[ i])) with false by (case_eq (Lit.is_pos (diseq .[ i])); auto with smtcoq_spl_op smtcoq_core); unfold Var.interp; rewrite Form.wf_interp_form; auto with smtcoq_spl_op smtcoq_core; rewrite H10; simpl; rewrite Atom.t_interp_wf; auto with smtcoq_spl_op smtcoq_core; rewrite H6; simpl; unfold Atom.apply_binop; unfold Atom.wt in wt_t_atom; unfold is_true in wt_t_atom; rewrite aforallbi_spec in wt_t_atom; assert (H11: a < length t_atom). - case_eq (a < length t_atom); auto with smtcoq_spl_op smtcoq_core; intro H11; rewrite (get_outofbound _ _ _ H11) in H6; rewrite default_t_atom in H6; inversion H6. + rewrite distinct_spec; intro H5; symmetry; apply afold_left_andb_true; rewrite length_amap; intros i Hi; rewrite get_amap by exact Hi; destruct (H2 _ Hi) as [H9 [a [H10 [h1 [h2 [H6 [H7 H8]]]]]]]; unfold Lit.interp; replace (Lit.is_pos (diseq .[ i])) with false by (case_eq (Lit.is_pos (diseq .[ i])); auto with smtcoq_spl_op smtcoq_core); unfold Var.interp; rewrite Form.wf_interp_form; auto with smtcoq_spl_op smtcoq_core; rewrite H10; simpl; rewrite Atom.t_interp_wf; auto with smtcoq_spl_op smtcoq_core; rewrite H6; simpl; unfold Atom.apply_binop; unfold Atom.wt in wt_t_atom; unfold is_true in wt_t_atom; rewrite aforallbi_spec in wt_t_atom; assert (H11: a <? length t_atom). + case_eq (a <? length t_atom); auto with smtcoq_spl_op smtcoq_core; intro H11; rewrite (get_outofbound _ _ _ H11) in H6; rewrite default_t_atom in H6; inversion H6. generalize (wt_t_atom _ H11); rewrite H6; simpl; rewrite !andb_true_iff; change (Typ.eqb (Atom.get_type' t_i (Atom.t_interp t_i t_func t_atom) h1) A = true) with (is_true (Typ.eqb (Atom.get_type' t_i (Atom.t_interp t_i t_func t_atom) h1) A)); change (Typ.eqb (Atom.get_type' t_i (Atom.t_interp t_i t_func t_atom) h2) A = true) with (is_true (Typ.eqb (Atom.get_type' t_i (Atom.t_interp t_i t_func t_atom) h2) A)); rewrite !Typ.eqb_spec; intros [[_ H13] H12]; generalize (Atom.check_aux_interp_hatom _ t_func _ wf_t_atom h1); rewrite H13; intros [v1 HH1]; generalize (Atom.check_aux_interp_hatom _ t_func _ wf_t_atom h2); rewrite H12; intros [v2 HH2]; rewrite HH1, HH2; simpl; rewrite Typ.cast_refl; simpl; destruct H8 as [H8|H8]; [ |rewrite Typ.i_eqb_sym]; rewrite H5; auto with smtcoq_spl_op smtcoq_core; rewrite H4; [exists h2; exists h1|exists h1; exists h2]; auto with smtcoq_spl_op smtcoq_core. rewrite distinct_false_spec; intros [v2 [v1 [H5 H6]]]; rewrite H4 in H5; destruct H5 as [a [b [H5 [H7 H8]]]]; clear H4; change (Typ.i_eqb t_i A v2 v1 = true) with (is_true (Typ.i_eqb t_i A v2 v1)) in H6; rewrite Typ.i_eqb_spec in H6; subst v2; clear H2; destruct (H3 _ _ H5) as [i [H2 [H4 [hb [H6 [H9 H10]]]]]]; clear H3; symmetry; apply (afold_left_andb_false i); rewrite ?length_amap; auto with smtcoq_spl_op smtcoq_core; rewrite get_amap by assumption; unfold Lit.interp; replace (Lit.is_pos (diseq .[ i])) with false by (case_eq (Lit.is_pos (diseq .[ i])); auto with smtcoq_spl_op smtcoq_core); unfold Var.interp; rewrite Form.wf_interp_form; auto with smtcoq_spl_op smtcoq_core; rewrite H6; simpl; rewrite Atom.t_interp_wf; auto with smtcoq_spl_op smtcoq_core; destruct H10 as [H10|H10]; rewrite H10; simpl; rewrite H7, H8; simpl; rewrite Typ.cast_refl; simpl; replace (Typ.i_eqb t_i A v1 v1) with true; auto with smtcoq_spl_op smtcoq_core; symmetry; change (is_true (Typ.i_eqb t_i A v1 v1)); rewrite Typ.i_eqb_spec; auto with smtcoq_spl_op smtcoq_core. - intros [a [H20 H21]]; assert (H4: ha < length t_atom). - case_eq (ha < length t_atom); auto with smtcoq_spl_op smtcoq_core; intro Heq; generalize H1; rewrite get_outofbound; auto with smtcoq_spl_op smtcoq_core; rewrite default_t_atom; discriminate. + intros [a [H20 H21]]; assert (H4: ha <? length t_atom). + case_eq (ha <? length t_atom); auto with smtcoq_spl_op smtcoq_core; intro Heq; generalize H1; rewrite get_outofbound; auto with smtcoq_spl_op smtcoq_core; rewrite default_t_atom; discriminate. unfold Atom.wt in wt_t_atom; unfold is_true in wt_t_atom; rewrite aforallbi_spec in wt_t_atom; generalize (wt_t_atom _ H4); rewrite H1; simpl; rewrite andb_true_iff, forallb_forall; intros [_ H5]; assert (H6 := H5 _ H20); generalize (Atom.check_aux_interp_hatom _ t_func _ wf_t_atom a); intros [va Ha]; rewrite Ha in H21; simpl in H21; elim H21; apply Typ.eqb_spec; auto with smtcoq_spl_op smtcoq_core. Qed. @@ -300,7 +300,7 @@ intros. destruct H0; now contradict H0. check_distinct_two_args f1 f2 = true -> rho f1 = negb (rho f2). Proof. - intros f1 f2; rewrite check_distinct_two_args_spec; intros [ha [hb [A [x [y [H1 [H2 [H3 [H4|H4]]]]]]]]]; unfold Form.interp_state_var; assert (H5: f1 < length t_form) by (case_eq (f1 < length t_form); auto with smtcoq_spl_op smtcoq_core; intro Heq; generalize H1; rewrite get_outofbound; auto with smtcoq_spl_op smtcoq_core; rewrite default_t_form; discriminate); assert (H6: f2 < length t_form) by (case_eq (f2 < length t_form); auto with smtcoq_spl_op smtcoq_core; intro Heq; generalize H2; rewrite get_outofbound; auto with smtcoq_spl_op smtcoq_core; rewrite default_t_form; discriminate); rewrite !Form.t_interp_wf; auto with smtcoq_spl_op smtcoq_core; rewrite H1, H2; simpl; unfold Atom.interp_form_hatom, Atom.interp_hatom; rewrite !Atom.t_interp_wf; auto with smtcoq_spl_op smtcoq_core; rewrite H3, H4; simpl; unfold Atom.wt,is_true in wt_t_atom; rewrite aforallbi_spec in wt_t_atom; assert (H7: hb < length t_atom) by (case_eq (hb < length t_atom); auto with smtcoq_spl_op smtcoq_core; intro Heq; generalize H4; rewrite get_outofbound; auto with smtcoq_spl_op smtcoq_core; rewrite default_t_atom; discriminate); generalize (wt_t_atom _ H7); rewrite H4; simpl; case (Atom.get_type' t_i (Atom.t_interp t_i t_func t_atom) hb); try discriminate; simpl; rewrite andb_true_iff; change (Typ.eqb (Atom.get_type' t_i (Atom.t_interp t_i t_func t_atom) x) A = true) with (is_true (Typ.eqb (Atom.get_type' t_i (Atom.t_interp t_i t_func t_atom) x) A)); change (Typ.eqb (Atom.get_type' t_i (Atom.t_interp t_i t_func t_atom) y) A = true) with (is_true (Typ.eqb (Atom.get_type' t_i (Atom.t_interp t_i t_func t_atom) y) A)); rewrite !Typ.eqb_spec; intros [H8 H9]; generalize (Atom.check_aux_interp_hatom _ t_func _ wf_t_atom x), (Atom.check_aux_interp_hatom _ t_func _ wf_t_atom y); rewrite H8, H9; intros [v1 HH1] [v2 HH2]; rewrite HH1, HH2; simpl; rewrite Typ.cast_refl; auto with smtcoq_spl_op smtcoq_core; rewrite Typ.i_eqb_sym; auto with smtcoq_spl_op smtcoq_core. + intros f1 f2; rewrite check_distinct_two_args_spec; intros [ha [hb [A [x [y [H1 [H2 [H3 [H4|H4]]]]]]]]]; unfold Form.interp_state_var; assert (H5: f1 <? length t_form) by (case_eq (f1 <? length t_form); auto with smtcoq_spl_op smtcoq_core; intro Heq; generalize H1; rewrite get_outofbound; auto with smtcoq_spl_op smtcoq_core; rewrite default_t_form; discriminate); assert (H6: f2 <? length t_form) by (case_eq (f2 <? length t_form); auto with smtcoq_spl_op smtcoq_core; intro Heq; generalize H2; rewrite get_outofbound; auto with smtcoq_spl_op smtcoq_core; rewrite default_t_form; discriminate); rewrite !Form.t_interp_wf; auto with smtcoq_spl_op smtcoq_core; rewrite H1, H2; simpl; unfold Atom.interp_form_hatom, Atom.interp_hatom; rewrite !Atom.t_interp_wf; auto with smtcoq_spl_op smtcoq_core; rewrite H3, H4; simpl; unfold Atom.wt,is_true in wt_t_atom; rewrite aforallbi_spec in wt_t_atom; assert (H7: hb <? length t_atom) by (case_eq (hb <? length t_atom); auto with smtcoq_spl_op smtcoq_core; intro Heq; generalize H4; rewrite get_outofbound; auto with smtcoq_spl_op smtcoq_core; rewrite default_t_atom; discriminate); generalize (wt_t_atom _ H7); rewrite H4; simpl; case (Atom.get_type' t_i (Atom.t_interp t_i t_func t_atom) hb); try discriminate; simpl; rewrite andb_true_iff; change (Typ.eqb (Atom.get_type' t_i (Atom.t_interp t_i t_func t_atom) x) A = true) with (is_true (Typ.eqb (Atom.get_type' t_i (Atom.t_interp t_i t_func t_atom) x) A)); change (Typ.eqb (Atom.get_type' t_i (Atom.t_interp t_i t_func t_atom) y) A = true) with (is_true (Typ.eqb (Atom.get_type' t_i (Atom.t_interp t_i t_func t_atom) y) A)); rewrite !Typ.eqb_spec; intros [H8 H9]; generalize (Atom.check_aux_interp_hatom _ t_func _ wf_t_atom x), (Atom.check_aux_interp_hatom _ t_func _ wf_t_atom y); rewrite H8, H9; intros [v1 HH1] [v2 HH2]; rewrite HH1, HH2; simpl; rewrite Typ.cast_refl; auto with smtcoq_spl_op smtcoq_core; rewrite Typ.i_eqb_sym; auto with smtcoq_spl_op smtcoq_core. Qed. @@ -309,11 +309,11 @@ intros. destruct H0; now contradict H0. (* interp_form_hatom ha -> afold_left bool int true andb (Lit.interp rho) diseq. *) (* Proof. *) (* intros ha diseq; rewrite check_distinct_spec; intros [A [dist [H1 H]]]; rewrite check_diseqs_spec in H; unfold Atom.interp_form_hatom, Atom.interp_bool, Atom.interp_hatom; rewrite Atom.t_interp_wf; auto with smtcoq_spl_op smtcoq_core; rewrite H1; simpl; generalize (Atom.compute_interp_spec_rev t_i (get (Atom.t_interp t_i t_func t_atom)) A dist); case (Atom.compute_interp t_i (get (Atom.t_interp t_i t_func t_atom)) A nil); simpl. *) - (* intros l H2; unfold is_true; rewrite distinct_spec; intro H3; apply afold_left_andb_true; intros i Hi; destruct (H _ Hi) as [H4 [a [H5 [h1 [h2 [H6 [H7 H8]]]]]]]; unfold Lit.interp; replace (Lit.is_pos (diseq .[ i])) with false by (case_eq (Lit.is_pos (diseq .[ i])); auto with smtcoq_spl_op smtcoq_core); unfold Var.interp; rewrite Form.wf_interp_form; auto with smtcoq_spl_op smtcoq_core; rewrite H5; simpl; rewrite Atom.t_interp_wf; auto with smtcoq_spl_op smtcoq_core; rewrite H6; simpl; unfold Atom.apply_binop; unfold Atom.wt in wt_t_atom; unfold is_true in wt_t_atom; rewrite aforallbi_spec in wt_t_atom; assert (H10: a < length t_atom). *) - (* case_eq (a < length t_atom); auto with smtcoq_spl_op smtcoq_core; intro H10; rewrite (get_outofbound _ _ _ H10) in H6; rewrite default_t_atom in H6; inversion H6. *) + (* intros l H2; unfold is_true; rewrite distinct_spec; intro H3; apply afold_left_andb_true; intros i Hi; destruct (H _ Hi) as [H4 [a [H5 [h1 [h2 [H6 [H7 H8]]]]]]]; unfold Lit.interp; replace (Lit.is_pos (diseq .[ i])) with false by (case_eq (Lit.is_pos (diseq .[ i])); auto with smtcoq_spl_op smtcoq_core); unfold Var.interp; rewrite Form.wf_interp_form; auto with smtcoq_spl_op smtcoq_core; rewrite H5; simpl; rewrite Atom.t_interp_wf; auto with smtcoq_spl_op smtcoq_core; rewrite H6; simpl; unfold Atom.apply_binop; unfold Atom.wt in wt_t_atom; unfold is_true in wt_t_atom; rewrite aforallbi_spec in wt_t_atom; assert (H10: a <? length t_atom). *) + (* case_eq (a <? length t_atom); auto with smtcoq_spl_op smtcoq_core; intro H10; rewrite (get_outofbound _ _ _ H10) in H6; rewrite default_t_atom in H6; inversion H6. *) (* generalize (wt_t_atom _ H10); rewrite H6; simpl; rewrite !andb_true_iff. change (Typ.eqb (Atom.get_type t_i t_func t_atom h1) A = true) with (is_true (Typ.eqb (Atom.get_type t_i t_func t_atom h1) A)); change (Typ.eqb (Atom.get_type t_i t_func t_atom h2) A = true) with (is_true (Typ.eqb (Atom.get_type t_i t_func t_atom h2) A)); rewrite !Typ.eqb_spec; intros [[_ H11] H12]; generalize (Atom.check_aux_interp_hatom _ t_func _ wf_t_atom h1); rewrite H11; intros [v1 HH1]; generalize (Atom.check_aux_interp_hatom _ t_func _ wf_t_atom h2); rewrite H12; intros [v2 HH2]; rewrite HH1, HH2; simpl; rewrite Typ.cast_refl; simpl; destruct H8 as [H8|H8]; [ |rewrite Typ.i_eqb_sym]; rewrite H3; auto with smtcoq_spl_op smtcoq_core; rewrite H2; [exists h2; exists h1|exists h1; exists h2]; auto with smtcoq_spl_op smtcoq_core. *) - (* intros [a [H2 H3]] _; assert (H4: ha < length t_atom). *) - (* case_eq (ha < length t_atom); auto with smtcoq_spl_op smtcoq_core; intro Heq; generalize H1; rewrite get_outofbound; auto with smtcoq_spl_op smtcoq_core; rewrite default_t_atom; discriminate. *) + (* intros [a [H2 H3]] _; assert (H4: ha <? length t_atom). *) + (* case_eq (ha <? length t_atom); auto with smtcoq_spl_op smtcoq_core; intro Heq; generalize H1; rewrite get_outofbound; auto with smtcoq_spl_op smtcoq_core; rewrite default_t_atom; discriminate. *) (* unfold Atom.wt in wt_t_atom; unfold is_true in wt_t_atom; rewrite aforallbi_spec in wt_t_atom; generalize (wt_t_atom _ H4); rewrite H1; simpl; rewrite andb_true_iff, forallb_forall; intros [_ H5]; assert (H6 := H5 _ H2); generalize (Atom.check_aux_interp_hatom _ t_func _ wf_t_atom a); intros [va Ha]; rewrite Ha in H3; simpl in H3; elim H3; apply Typ.eqb_spec; auto with smtcoq_spl_op smtcoq_core. *) (* Qed. *) @@ -325,22 +325,22 @@ intros. destruct H0; now contradict H0. Variable check_var : var -> var -> bool. Definition check_lit l1 l2 := - (l1 == l2) || ((Bool.eqb (Lit.is_pos l1) (Lit.is_pos l2)) && (check_var (Lit.blit l1) (Lit.blit l2))) || ((Bool.eqb (Lit.is_pos l1) (negb (Lit.is_pos l2))) && (check_distinct_two_args (Lit.blit l1) (Lit.blit l2))). + (l1 =? l2) || ((Bool.eqb (Lit.is_pos l1) (Lit.is_pos l2)) && (check_var (Lit.blit l1) (Lit.blit l2))) || ((Bool.eqb (Lit.is_pos l1) (negb (Lit.is_pos l2))) && (check_distinct_two_args (Lit.blit l1) (Lit.blit l2))). (* Definition check_lit l1 l2 := *) - (* (l1 == l2) || ((Lit.is_pos l1) && (Lit.is_pos l2) && (check_var (Lit.blit l1) (Lit.blit l2))) || ((negb (Lit.is_pos l1)) && (negb (Lit.is_pos l2)) && (check_var (Lit.blit l2) (Lit.blit l1))). *) + (* (l1 =? l2) || ((Lit.is_pos l1) && (Lit.is_pos l2) && (check_var (Lit.blit l1) (Lit.blit l2))) || ((negb (Lit.is_pos l1)) && (negb (Lit.is_pos l2)) && (check_var (Lit.blit l2) (Lit.blit l1))). *) Definition check_form_aux a b := match a, b with | Fatom ha, Fand diseq => check_distinct ha diseq - | Fatom a, Fatom b => a == b + | Fatom a, Fatom b => a =? b | Ftrue, Ftrue => true | Ffalse, Ffalse => true - | Fnot2 i1 l1, Fnot2 i2 l2 => (i1 == i2) && (check_lit l1 l2) - | Fand a1, Fand a2 => (length a1 == length a2) && (aforallbi (fun i l => check_lit l (a2.[i])) a1) - | For a1, For a2 => (length a1 == length a2) && (aforallbi (fun i l => check_lit l (a2.[i])) a1) - | Fimp a1, Fimp a2 => (length a1 == length a2) && (aforallbi (fun i l => check_lit l (a2.[i])) a1) - (* (length a1 == length a2) && (aforallbi (fun i l => if i < length a1 - 1 then check_lit (a2.[i]) l else check_lit l (a2.[i])) a1) *) + | Fnot2 i1 l1, Fnot2 i2 l2 => (i1 =? i2) && (check_lit l1 l2) + | Fand a1, Fand a2 => (length a1 =? length a2) && (aforallbi (fun i l => check_lit l (a2.[i])) a1) + | For a1, For a2 => (length a1 =? length a2) && (aforallbi (fun i l => check_lit l (a2.[i])) a1) + | Fimp a1, Fimp a2 => (length a1 =? length a2) && (aforallbi (fun i l => check_lit l (a2.[i])) a1) + (* (length a1 =? length a2) && (aforallbi (fun i l => if i <? length a1 - 1 then check_lit (a2.[i]) l else check_lit l (a2.[i])) a1) *) | Fxor l1 l2, Fxor j1 j2 => check_lit l1 j1 && check_lit l2 j2 (* check_lit l1 j1 && check_lit j1 l1 && check_lit l2 j2 && check_lit j2 l2 *) (* (* let a := check_lit l1 j1 in *) *) @@ -450,16 +450,16 @@ intros. destruct H0; now contradict H0. (* rewrite <- H1; eauto with smtcoq_core. *) (* eapply interp_check_lit; eauto with smtcoq_core. *) (* (* Implication *) *) - (* unfold is_true; rewrite andb_true_iff, Int63Properties.eqb_spec; intros [H1 H2]; rewrite aforallbi_spec in H2; intro H3; apply afold_right_implb_true; case_eq (length a1 == 0); intro Heq. *) + (* unfold is_true; rewrite andb_true_iff, Int63Properties.eqb_spec; intros [H1 H2]; rewrite aforallbi_spec in H2; intro H3; apply afold_right_implb_true; case_eq (length a1 =? 0); intro Heq. *) (* left; rewrite eqb_spec in Heq; rewrite <- H1; auto with smtcoq_core. *) (* destruct (afold_right_implb_true_inv _ _ _ H3) as [H4|[[i [H4 H5]]|H4]]. *) (* rewrite H4 in Heq; discriminate. *) - (* right; left; exists i; rewrite <- H1; split; auto with smtcoq_core; case_eq (Lit.interp rho (a2 .[ i])); auto with smtcoq_core; intro H6; assert (H7: i < length a1 = true). *) + (* right; left; exists i; rewrite <- H1; split; auto with smtcoq_core; case_eq (Lit.interp rho (a2 .[ i])); auto with smtcoq_core; intro H6; assert (H7: i <? length a1 = true). *) (* rewrite ltb_spec in *; rewrite eqb_false_spec in Heq; rewrite to_Z_sub_1_diff in H4; auto with smtcoq_core; omega. *) (* generalize (H2 _ H7); rewrite H4; intro H8; rewrite (interp_check_lit _ _ H8 H6) in H5; auto with smtcoq_core. *) - (* right; case_eq (aexistsbi (fun i l => (i < length a2 - 1) && (negb (Lit.interp rho l))) a2). *) + (* right; case_eq (aexistsbi (fun i l => (i <? length a2 - 1) && (negb (Lit.interp rho l))) a2). *) (* rewrite aexistsbi_spec; intros [i [_ H5]]; rewrite andb_true_iff in H5; destruct H5 as [H5 H6]; left; exists i; split; auto with smtcoq_core; generalize H6; case (Lit.interp rho (a2 .[ i])); auto with smtcoq_core; discriminate. *) - (* rewrite aexistsbi_false_spec; intro H; right; intros i Hi; assert (Hi' := Hi); rewrite <- H1 in Hi'; generalize (H2 _ Hi') (H _ Hi); rewrite <- H1; case (i < length a1 - 1); simpl. *) + (* rewrite aexistsbi_false_spec; intro H; right; intros i Hi; assert (Hi' := Hi); rewrite <- H1 in Hi'; generalize (H2 _ Hi') (H _ Hi); rewrite <- H1; case (i <? length a1 - 1); simpl. *) (* intros _; case (Lit.interp rho (a2 .[ i])); auto with smtcoq_core; discriminate. *) (* intros H5 _; apply (interp_check_lit _ _ H5); apply H4; auto with smtcoq_core. *) (* (* Xor *) *) @@ -474,7 +474,7 @@ intros. destruct H0; now contradict H0. Definition check_hform h1 h2 := foldi - (fun _ cont h1 h2 => (h1 == h2) || check_form_aux cont (get_form h1) (get_form h2)) + (fun _ cont h1 h2 => (h1 =? h2) || check_form_aux cont (get_form h1) (get_form h2)) 0 (PArray.length t_form) (fun h1 h2 => false) h1 h2. Definition check_form := check_form_aux check_hform. diff --git a/src/spl/Syntactic.v b/src/spl/Syntactic.v index eb512ee..ea55500 100644 --- a/src/spl/Syntactic.v +++ b/src/spl/Syntactic.v @@ -77,7 +77,7 @@ Section CheckAtom. match o1, o2 with | NO_distinct t1, NO_distinct t2 => Typ.eqb t1 t2 && list_beq check_hatom l1 l2 end - | Aapp f1 aargs, Aapp f2 bargs =>(f1 == f2) && list_beq check_hatom aargs bargs + | Aapp f1 aargs, Aapp f2 bargs =>(f1 =? f2) && list_beq check_hatom aargs bargs | _, _ => false end. @@ -191,7 +191,7 @@ Section CheckAtom. Definition check_hatom h1 h2 := foldi - (fun _ cont h1 h2 => (h1 == h2) || check_atom_aux cont (t_atom.[h1]) (t_atom.[h2])) + (fun _ cont h1 h2 => (h1 =? h2) || check_atom_aux cont (t_atom.[h1]) (t_atom.[h2])) 0 (PArray.length t_atom) (fun h1 h2 => false) h1 h2. Definition check_atom := check_atom_aux check_hatom. @@ -269,7 +269,7 @@ Section CheckAtom. | Val _ _, Val _ _ => False end. Proof. - unfold wt; unfold is_true at 1; rewrite aforallbi_spec; intros Hwt Hwf Hdef h1 h2; unfold check_neg_hatom; case_eq (get_atom h1); try discriminate; intros b1 t11 t12 H1; case_eq (get_atom h2); try discriminate; intros b2 t21 t22 H2; assert (H7: h1 < length t_atom) by (apply PArray.get_not_default_lt; rewrite H1, Hdef; discriminate); generalize (Hwt _ H7); rewrite H1; simpl; generalize H1; case b1; try discriminate; clear H1 b1; simpl; intro H1; case (get_type' t_i (t_interp t_i t_func t_atom) h1); try discriminate; simpl; rewrite andb_true_iff; intros [H30 H31]; change (is_true (Typ.eqb (get_type' t_i (t_interp t_i t_func t_atom) t11) Typ.TZ)) in H30; change (is_true (Typ.eqb (get_type' t_i (t_interp t_i t_func t_atom) t12) Typ.TZ)) in H31; rewrite Typ.eqb_spec in H30, H31; generalize (check_aux_interp_hatom _ t_func _ Hwf t11), (check_aux_interp_hatom _ t_func _ Hwf t12); rewrite H30, H31; intros [v1 Hv1] [v2 Hv2]; generalize H2; case b2; try discriminate; clear H2 b2; intro H2; unfold is_true; rewrite andb_true_iff; intros [H3 H4]; generalize (check_hatom_correct Hwf Hdef _ _ H3), (check_hatom_correct Hwf Hdef _ _ H4); unfold interp_hatom; intros H5 H6; rewrite t_interp_wf; auto; rewrite H1; simpl; rewrite Hv1, Hv2; simpl; rewrite t_interp_wf; auto; rewrite H2; simpl; rewrite <- H5; rewrite <- H6, Hv1, Hv2; simpl. + unfold wt; unfold is_true at 1; rewrite aforallbi_spec; intros Hwt Hwf Hdef h1 h2; unfold check_neg_hatom; case_eq (get_atom h1); try discriminate; intros b1 t11 t12 H1; case_eq (get_atom h2); try discriminate; intros b2 t21 t22 H2; assert (H7: h1 <? length t_atom) by (apply PArray.get_not_default_lt; rewrite H1, Hdef; discriminate); generalize (Hwt _ H7); rewrite H1; simpl; generalize H1; case b1; try discriminate; clear H1 b1; simpl; intro H1; case (get_type' t_i (t_interp t_i t_func t_atom) h1); try discriminate; simpl; rewrite andb_true_iff; intros [H30 H31]; change (is_true (Typ.eqb (get_type' t_i (t_interp t_i t_func t_atom) t11) Typ.TZ)) in H30; change (is_true (Typ.eqb (get_type' t_i (t_interp t_i t_func t_atom) t12) Typ.TZ)) in H31; rewrite Typ.eqb_spec in H30, H31; generalize (check_aux_interp_hatom _ t_func _ Hwf t11), (check_aux_interp_hatom _ t_func _ Hwf t12); rewrite H30, H31; intros [v1 Hv1] [v2 Hv2]; generalize H2; case b2; try discriminate; clear H2 b2; intro H2; unfold is_true; rewrite andb_true_iff; intros [H3 H4]; generalize (check_hatom_correct Hwf Hdef _ _ H3), (check_hatom_correct Hwf Hdef _ _ H4); unfold interp_hatom; intros H5 H6; rewrite t_interp_wf; auto; rewrite H1; simpl; rewrite Hv1, Hv2; simpl; rewrite t_interp_wf; auto; rewrite H2; simpl; rewrite <- H5; rewrite <- H6, Hv1, Hv2; simpl. rewrite Z.ltb_antisym; auto. rewrite Z.geb_leb, Z.ltb_antisym; auto. rewrite Z.leb_antisym; auto. @@ -354,8 +354,8 @@ Section FLATTEN. Definition check_flatten_body frec (l lf:_lit) := let l := remove_not l in let lf := remove_not lf in - if l == lf then true - else if 1 land (l lxor lf) == 0 then + if l =? lf then true + else if 1 land (l lxor lf) =? 0 then match get_form (Lit.blit l), get_form (Lit.blit lf) with | Fatom a1, Fatom a2 => check_atom a1 a2 | Ftrue, Ftrue => true @@ -371,7 +371,7 @@ Section FLATTEN. | Fxor l1 l2, Fxor lf1 lf2 => frec l1 lf1 && frec l2 lf2 | Fimp args1, Fimp args2 => - if PArray.length args1 == PArray.length args2 then + if PArray.length args1 =? PArray.length args2 then aforallbi (fun i l => frec l (args2.[i])) args1 else false | Fiff l1 l2, Fiff lf1 lf2 => |