| Age | Commit message (Collapse) | Author |
|---|
|
Thanks to Andres Löh for spotting.
|
|
There are now like four open holes in LiftGet.agda that all boil down to
the same problem. For proving equalities on Vec we first need to show
that those Vecs actually have the same type. Proofs on two different
levels are needed and somehow need to be merged.
|
|
|
|
|
|
|
|
|
|
Thus far we have found maps in both directions but lack statements about
the composition of them.
|
|
It is a definition based on Vec but with less assumptions. The VecBFF
has therefore been renamed to VecRevBFF.
VecBFF uses get : \forall n \exists m -> Vec A n -> Vec a m
VecRevBFF uses get : \forall m \exists n -> Vec A n -> Vec a m
|
|
|
|
|
|
|
|
|
|
Even though they are the same.
|
|
Semantically this is no change, but reducing to standard interface seems
better.
|
|
|
|
It is a special case of lemma-assoc-domain.
|
|
Reasoning about assoc ... = just ... has turned out to be difficult for
inductive arguments. This is why I defined a new property between a List
(Fin n) and a FinMapMaybe n A. Thanks to Janis Voigtlaender for
suggesting this. lemma-assoc-domain transforms a property about assoc
into a domain property which can be used to complete the missing pieces
of lemma-2.
|
|
Introduce lemma-map-lookupM-assoc. It branches on whether the newly
inserted element is already present. To employ the results of this
branch two new lemmata lemma-\in-lookupM-assoc and
lemma-\notin-lookupM-assoc are used and they need
lemma-lookupM-checkInsert. The remaining hole in lemma-map-lookupM-assoc
targets the case where the checkInsert actually is an insert of a new
element. It probably needs more thinking to get this case right.
|
|
|
|
|
|
Seems like the more common use case.
|
|
All proofs about expressions containing checkInsert share a common
pattern. There are three cases:
1) Inserting a key-value-pair that is already present in the map.
2) Inserting a new key into the map.
3) Failure to insert a conflicting key-value pair in the map.
The checkInsertProof record enables to write three different cases
reducing the usage of "with" (and thus line length) in
lemma-checkInsert-restrict and lemma-lookupM-assoc.
|
|
lookup and lookupM reference the same function, but serve different
purposes.
|
|
|
|
|
|
The name was deemed misleading. Nothing else changed.
|
|
|
|
|
|
|
|
|
|
As in the bff paper expand s using lemma-map-denumerate-enumerate
and apply free-theorem-list-list to commute get and map.
|
|
It is some kind of counter part to enumerate. That is:
map (denumerate s) (enumerate s) \== s
It can be employed in bff and I believe it to simplify reasoning on bff.
|
|
Looks like uses of idrange would always be passed a length, so move it
inside the definition.
|
|
|
|
|
|
The step case needs two lemmata. One for the head of the resulting map and one
for the tail. The head case is shown using a
lemma-lookupM-assoc : assoc eq (i :: _) (x :: _) == just h ->
lookupM i h == just x
|
|
|
|
|
|
|
|
Try to always construct statements of the form
complex expression \== simple expression.
|
|
|
|
Introducing the following lemmata:
* lemma-lookupM-empty : nothing \== lookupM i empty
* lemma-from-just : just x \== just y -> x \== y
* lemma-lookupM-insert : just a \== lookupM i (insert i a m)
* lemma-lookupM-insert-other : \neg (i \== j) ->
lookupM i m \== lookupM i (insert j a m)
* lemma-lookupM-generate : just a = lookupM i (generate f is) -> a \== f i
|
|
|
|
This way the inserted value is not hidden in the Is-Just proof object.
|
|
|
|
|
|
|
|
|
|
|
|
|
