| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
Seems like the more common use case.
|
|
All proofs about expressions containing checkInsert share a common
pattern. There are three cases:
1) Inserting a key-value-pair that is already present in the map.
2) Inserting a new key into the map.
3) Failure to insert a conflicting key-value pair in the map.
The checkInsertProof record enables to write three different cases
reducing the usage of "with" (and thus line length) in
lemma-checkInsert-restrict and lemma-lookupM-assoc.
|
|
lookup and lookupM reference the same function, but serve different
purposes.
|
|
|
|
|
|
The name was deemed misleading. Nothing else changed.
|
|
|
|
|
|
|
|
|
|
As in the bff paper expand s using lemma-map-denumerate-enumerate
and apply free-theorem-list-list to commute get and map.
|
|
It is some kind of counter part to enumerate. That is:
map (denumerate s) (enumerate s) \== s
It can be employed in bff and I believe it to simplify reasoning on bff.
|
|
Looks like uses of idrange would always be passed a length, so move it
inside the definition.
|
|
|
|
|
|
The step case needs two lemmata. One for the head of the resulting map and one
for the tail. The head case is shown using a
lemma-lookupM-assoc : assoc eq (i :: _) (x :: _) == just h ->
lookupM i h == just x
|
|
|
|
|
|
|
|
Try to always construct statements of the form
complex expression \== simple expression.
|
|
|
|
Introducing the following lemmata:
* lemma-lookupM-empty : nothing \== lookupM i empty
* lemma-from-just : just x \== just y -> x \== y
* lemma-lookupM-insert : just a \== lookupM i (insert i a m)
* lemma-lookupM-insert-other : \neg (i \== j) ->
lookupM i m \== lookupM i (insert j a m)
* lemma-lookupM-generate : just a = lookupM i (generate f is) -> a \== f i
|
|
|
|
This way the inserted value is not hidden in the Is-Just proof object.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
In order to prove lemma-1 we first show a lemma-insert-same to show that
inserting the same pair twice does not change the FinMapMaye. lemma-1 still
has two goals. In the first goal agda doesn't accept "is-just (f i)". Why?
The second goal is to be shown as absurd.
|
|
This way matches the usage in lemma-1 more closely since zip actually is
something similar to assoc.
|
|
The FinMapMaybe is what FinMap previously was. The FinMap instead now really
maps its whole domain to something. This property is needed to avoid the
usage of fromJust in the definition of bff. With this split applied the
definition of bff is now complete.
|
|
The domain of the map is always limited. So using Fin n as the domain is
natural. Additionally FinMaps are now semantically equal iff their normal form
is the same. That means \== can be used.
|
|
|
|
|
|
Without using the stdlib basic data structures are defined (with the
stdlib names in mind). The IntMap given in the paper is translated to a
NatMap. There are definitions for checkInsert and assoc resulting in a
formalization of lemma-1.
|
|
|
