| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Since \negp can be written as i\innis \circ here.
|
|
Thanks to Wouter Swierstra for pointing to the keyword.
|
|
|
|
|
|
Thanks to Joachim Breitner and Wouter Swierstra for their encouragement
and hints. Note that the result duplicates work at this point, but the
proofs are complete.
|
|
Thanks to Joachim Breitner for assisting and pointing to
proof-irrelevance.
|
|
The name vec-length-same hides the fact that it eliminates a toList and
a fromList. Actually a more generic form without fromList is possible.
Thanks to Joachim Breitner for spotting.
|
|
Thanks to Andres Löh for spotting.
|
|
There are now like four open holes in LiftGet.agda that all boil down to
the same problem. For proving equalities on Vec we first need to show
that those Vecs actually have the same type. Proofs on two different
levels are needed and somehow need to be merged.
|
|
|
|
|
|
|
|
|
|
Thus far we have found maps in both directions but lack statements about
the composition of them.
|
|
It is a definition based on Vec but with less assumptions. The VecBFF
has therefore been renamed to VecRevBFF.
VecBFF uses get : \forall n \exists m -> Vec A n -> Vec a m
VecRevBFF uses get : \forall m \exists n -> Vec A n -> Vec a m
|
|
|
|
|
|
|
|
|
|
Even though they are the same.
|
|
Semantically this is no change, but reducing to standard interface seems
better.
|
|
|
|
It is a special case of lemma-assoc-domain.
|
|
Reasoning about assoc ... = just ... has turned out to be difficult for
inductive arguments. This is why I defined a new property between a List
(Fin n) and a FinMapMaybe n A. Thanks to Janis Voigtlaender for
suggesting this. lemma-assoc-domain transforms a property about assoc
into a domain property which can be used to complete the missing pieces
of lemma-2.
|
|
Introduce lemma-map-lookupM-assoc. It branches on whether the newly
inserted element is already present. To employ the results of this
branch two new lemmata lemma-\in-lookupM-assoc and
lemma-\notin-lookupM-assoc are used and they need
lemma-lookupM-checkInsert. The remaining hole in lemma-map-lookupM-assoc
targets the case where the checkInsert actually is an insert of a new
element. It probably needs more thinking to get this case right.
|
|
|
|
|
|
Seems like the more common use case.
|
|
All proofs about expressions containing checkInsert share a common
pattern. There are three cases:
1) Inserting a key-value-pair that is already present in the map.
2) Inserting a new key into the map.
3) Failure to insert a conflicting key-value pair in the map.
The checkInsertProof record enables to write three different cases
reducing the usage of "with" (and thus line length) in
lemma-checkInsert-restrict and lemma-lookupM-assoc.
|
|
lookup and lookupM reference the same function, but serve different
purposes.
|
|
|
|
|
|
The name was deemed misleading. Nothing else changed.
|
|
|
|
|
|
|
|
|
|
As in the bff paper expand s using lemma-map-denumerate-enumerate
and apply free-theorem-list-list to commute get and map.
|
|
It is some kind of counter part to enumerate. That is:
map (denumerate s) (enumerate s) \== s
It can be employed in bff and I believe it to simplify reasoning on bff.
|
|
Looks like uses of idrange would always be passed a length, so move it
inside the definition.
|
|
|
|
|
|
The step case needs two lemmata. One for the head of the resulting map and one
for the tail. The head case is shown using a
lemma-lookupM-assoc : assoc eq (i :: _) (x :: _) == just h ->
lookupM i h == just x
|
|
|
|
|
|
|
|
Try to always construct statements of the form
complex expression \== simple expression.
|
|
|
|
Introducing the following lemmata:
* lemma-lookupM-empty : nothing \== lookupM i empty
* lemma-from-just : just x \== just y -> x \== y
* lemma-lookupM-insert : just a \== lookupM i (insert i a m)
* lemma-lookupM-insert-other : \neg (i \== j) ->
lookupM i m \== lookupM i (insert j a m)
* lemma-lookupM-generate : just a = lookupM i (generate f is) -> a \== f i
|
