root/src/common/Identifiers.ma @ 1908

include "basics/types.ma".
include "ASM/String.ma".
include "utilities/binary/positive.ma".
include "utilities/lists.ma".
include "utilities/extralib.ma".
include "common/Errors.ma".

(* identifiers and their generators are tagged to differentiate them, and to
   provide extra type checking. *)

(* in common/PreIdentifiers.ma, via Errors.ma.
inductive identifier (tag:String) : Type[0] ≝
  an_identifier : Pos → identifier tag.
*)

record universe (tag:String) : Type[0] ≝
{
  next_identifier : Pos
}.

definition new_universe : ∀tag:String. universe tag ≝
  λtag. mk_universe tag one.

let rec fresh (tag:String) (u:universe tag) on u : identifier tag × (universe tag) ≝
  let id ≝ next_identifier ? u in
  〈an_identifier tag id, mk_universe tag (succ id)〉.


let rec fresh_for_univ tag (id:identifier tag) (u:universe tag) on id : Prop ≝
  match id with [ an_identifier p ⇒ p < next_identifier … u ].


lemma fresh_is_fresh : ∀tag,id,u,u'.
  〈id,u〉 = fresh tag u' →
  fresh_for_univ tag id u.
#tag * #id * #u * #u' #E whd in E:(???%); destruct //
qed.

lemma fresh_remains_fresh : ∀tag,id,id',u,u'.
  fresh_for_univ tag id u →
  〈id',u'〉 = fresh tag u →
  fresh_for_univ tag id u'.
#tag * #id * #id' * #u * #u' normalize #H #E destruct /2 by le_S/
qed.

lemma fresh_distinct : ∀tag,id,id',u,u'.
  fresh_for_univ tag id u →
  〈id',u'〉 = fresh tag u →
  id ≠ id'.
#tag * #id * #id' * #u * #u' normalize #H #E destruct % #E' destruct /2 by absurd/
qed.


let rec env_fresh_for_univ tag A (env:list (identifier tag × A)) (u:universe tag) on u : Prop ≝
  All ? (λida. fresh_for_univ tag (\fst ida) u) env.

lemma fresh_env_extend : ∀tag,A,env,u,u',id,a.
  env_fresh_for_univ tag A env u →
  〈id,u'〉 = fresh tag u →
  env_fresh_for_univ tag A (〈id,a〉::env) u'.
#tag #A #env * #u * #u' #id #a
#H #E whd % [ @(fresh_is_fresh … E) | @(All_mp … H) * #id #a #H' /2 by fresh_remains_fresh/ ]
qed.

definition eq_identifier : ∀t. identifier t → identifier t → bool ≝
  λt,l,r.
  match l with
  [ an_identifier l' ⇒
    match r with
    [ an_identifier r' ⇒
      eqb l' r'
    ]
  ].

lemma eq_identifier_elim : ∀P:bool → Type[0]. ∀t,x,y.
  (x = y → P true) → (x ≠ y → P false) →
  P (eq_identifier t x y).
#P #t * #x * #y #T #F
change with (P (eqb ??))
@(eqb_elim x y P) [ /2 by / | * #H @F % #E destruct /2 by / ]
qed.
    
definition word_of_identifier ≝
  λt.
  λl: identifier t.
  match l with    
  [ an_identifier l' ⇒ l'
  ].

lemma eq_identifier_refl : ∀tag,id. eq_identifier tag id id = true.
#tag * #id whd in ⊢ (??%?); >eqb_n_n @refl
qed.

axiom eq_identifier_sym:
  ∀tag: String.
  ∀l  : identifier tag.
  ∀r  : identifier tag.
    eq_identifier tag l r = eq_identifier tag r l.

lemma eq_identifier_false : ∀tag,x,y. x≠y → eq_identifier tag x y = false.
#tag * #x * #y #NE normalize @not_eq_to_eqb_false /2 by not_to_not/
qed.

definition identifier_eq : ∀tag:String. ∀x,y:identifier tag. (x=y) + (x≠y).
#tag * #x * #y lapply (refl ? (eqb x y)) cases (eqb x y) in ⊢ (???% → %);
#E [ % | %2 ]
lapply E @eqb_elim
[ #H #_ >H @refl | 2,3: #_ #H destruct | #H #_ % #H' destruct /2 by absurd/ ]
qed.

definition identifier_of_nat : ∀tag:String. nat → identifier tag ≝
  λtag,n. an_identifier tag (succ_pos_of_nat  n).


(* States that all identifiers in an environment are distinct from one another. *)
let rec distinct_env tag (A:Type[0]) (l:list (identifier tag × A)) on l : Prop ≝
match l with
[ nil ⇒ True
| cons hd tl ⇒ All ? (λia. \fst hd ≠ \fst ia) tl ∧
               distinct_env tag A tl
].

lemma distinct_env_append_l : ∀tag,A,l,r. distinct_env tag A (l@r) → distinct_env tag A l.
#tag #A #l elim l
[ //
| * #id #a #tl #IH #r * #H1 #H2 % /2 by All_append_l/
] qed.

lemma distinct_env_append_r : ∀tag,A,l,r. distinct_env tag A (l@r) → distinct_env tag A r.
#tag #A #l elim l
[ //
| * #id #a #tl #IH #r * #H1 #H2 /2 by /
] qed.

(* check_distinct_env is quadratic - we could pay more attention when building maps to make sure that
   the original environment was distinct. *)

axiom DuplicateVariable : String.

let rec check_member_env tag (A:Type[0]) (id:identifier tag) (l:list (identifier tag × A)) on l : res (All ? (λia. id ≠ \fst ia) l) ≝
match l return λl.res (All ?? l) with
[ nil ⇒ OK ? I
| cons hd tl ⇒
    match identifier_eq tag id (\fst hd) with
    [ inl _ ⇒ Error ? [MSG DuplicateVariable; CTX ? id]
    | inr NE ⇒
        do Htl ← check_member_env tag A id tl;
        OK ? (conj ?? NE Htl)
    ]
].

let rec check_distinct_env tag (A:Type[0]) (l:list (identifier tag × A)) on l : res (distinct_env tag A l) ≝
match l return λl.res (distinct_env tag A l) with
[ nil ⇒ OK ? I
| cons hd tl ⇒
    do Hhd ← check_member_env tag A (\fst hd) tl;
    do Htl ← check_distinct_env tag A tl;
    OK ? (conj ?? Hhd Htl)
].




(* Maps from identifiers to arbitrary types. *)

include "common/PositiveMap.ma".

inductive identifier_map (tag:String) (A:Type[0]) : Type[0] ≝
  an_id_map : positive_map A → identifier_map tag A.
  
definition empty_map : ∀tag:String. ∀A. identifier_map tag A ≝
  λtag,A. an_id_map tag A (pm_leaf A).

let rec lookup tag A (m:identifier_map tag A) (l:identifier tag) on m : option A ≝
  lookup_opt A (match l with [ an_identifier l' ⇒ l' ])
               (match m with [ an_id_map m' ⇒ m' ]).

definition lookup_def ≝
λtag,A,m,l,d. match lookup tag A m l with [ None ⇒ d | Some x ⇒ x].

let rec member tag A (m:identifier_map tag A) (l:identifier tag) on m : bool ≝
  match lookup tag A m l with [ None ⇒ false | _ ⇒ true ].

(* Always adds the identifier to the map. *)
let rec add tag A (m:identifier_map tag A) (l:identifier tag) (a:A) on m : identifier_map tag A ≝
  an_id_map tag A (insert A (match l with [ an_identifier l' ⇒ l' ]) a
                            (match m with [ an_id_map m' ⇒ m' ])).

lemma lookup_add_hit : ∀tag,A,m,i,a.
  lookup tag A (add tag A m i a) i = Some ? a.
#tag #A * #m * #i #a
@lookup_opt_insert_hit
qed.

lemma lookup_def_add_hit : ∀tag,A,m,i,a,d.
  lookup_def tag A (add tag A m i a) i d = a.
#tag #A * #m * #i #a #d
@lookup_insert_hit
qed.

lemma lookup_add_miss : ∀tag,A,m,i,j,a.
  i ≠ j →
  lookup tag A (add tag A m j a) i = lookup tag A m i.
#tag #A * #m * #i * #j #a #H
@lookup_opt_insert_miss /2 by not_to_not/
qed.

axiom lookup_def_add_miss : ∀tag,A,m,i,j,a,d.
  i ≠ j →
  lookup_def tag A (add tag A m j a) i d = lookup_def tag A m i d.

lemma lookup_add_oblivious : ∀tag,A,m,i,j,a.
  (lookup tag A m i ≠ None ?) →
  lookup tag A (add tag A m j a) i ≠ None ?.
#tag #A #m #i #j #a #H
cases (identifier_eq ? i j)
[ #E >E >lookup_add_hit % #N destruct
| #NE >lookup_add_miss //
] qed.

lemma lookup_add_cases : ∀tag,A,m,i,j,a,v.
  lookup tag A (add tag A m i a) j = Some ? v →
  (i=j ∧ v = a) ∨ lookup tag A m j = Some ? v.
#tag #A #m #i #j #a #v
cases (identifier_eq ? i j)
[ #E >E >lookup_add_hit #H %1 destruct % //
| #NE >lookup_add_miss /2 by or_intror, sym_not_eq/
] qed. 

(* Extract every identifier, value pair from the map. *)
definition elements : ∀tag,A. identifier_map tag A → list (identifier tag × A) ≝
λtag,A,m.
  fold ?? (λl,a,el. 〈an_identifier tag l, a〉::el)
          (match m with [ an_id_map m' ⇒ m' ]) [ ].

axiom MissingId : String.

(* Only updates an existing entry; fails with an error otherwise. *)
definition update : ∀tag,A. identifier_map tag A → identifier tag → A → res (identifier_map tag A) ≝
λtag,A,m,l,a.
  match update A (match l with [ an_identifier l' ⇒ l' ]) a
                 (match m with [ an_id_map m' ⇒ m' ]) with
  [ None ⇒ Error ? ([MSG MissingId; CTX tag l]) (* missing identifier *)
  | Some m' ⇒ OK ? (an_id_map tag A m')
  ].

definition foldi:
  ∀A, B: Type[0].
  ∀tag: String.
  (identifier tag -> A -> B -> B) -> identifier_map tag A -> B -> B ≝
λA,B,tag,f,m,b.
  match m with
  [ an_id_map m' ⇒ fold A B (λbv. f (an_identifier ? bv)) m' b ].

(* A predicate that an identifier is in a map, and a failure-avoiding lookup
   and update using it. *)

definition present : ∀tag,A. identifier_map tag A → identifier tag → Prop ≝
λtag,A,m,i. lookup … m i ≠ None ?.

lemma member_present : ∀tag,A,m,id.
  member tag A m id = true → present tag A m id.
#tag #A * #m #id normalize cases (lookup_opt A ??) normalize
[ #E destruct
| #x #E % #E' destruct
] qed.

include "ASM/Util.ma".

definition lookup_present : ∀tag,A. ∀m:identifier_map tag A. ∀id. present ?? m id → A ≝
λtag,A,m,id. match lookup ?? m id return λx. x ≠ None ? → ? with [ Some a ⇒ λ_. a | None ⇒ λH.⊥ ].
cases H #H'  cases (H' (refl ??)) qed.

lemma lookup_lookup_present : ∀tag,A,m,id,p.
  lookup tag A m id = Some ? (lookup_present tag A m id p).
#tag #A #m #id #p
whd in p ⊢ (???(??%));
cases (lookup tag A m id) in p ⊢ %;
[ * #H @⊥ @H @refl
| #a #H @refl
] qed.

definition update_present : ∀tag,A. ∀m:identifier_map tag A. ∀id. present ?? m id → A → identifier_map tag A ≝
λtag,A,m,l,p,a.
  let l' ≝ match l with [ an_identifier l' ⇒ l' ] in
  let m' ≝ match m with [ an_id_map m' ⇒ m' ] in
  let u' ≝ update A l' a m' in
  match u' return λx. update ???? = x → ? with
  [ None ⇒ λE.⊥
  | Some m' ⇒ λ_. an_id_map tag A m'
  ] (refl ? u').
cases l in p E; cases m; -l' -m' #m' #l'
whd in ⊢ (% → ?);
 whd in ⊢ (?(??(???%%)?) → ??(??%?%)? → ?);
#NL #U cases NL #H @H @(update_fail … U)
qed.

lemma update_still_present : ∀tag,A,m,id,a,id'.
  ∀H:present tag A m id.
  ∀H':present tag A m id'.
  present tag A (update_present tag A m id' H' a) id.
#tag #A * #m * #id #a * #id' #H #H'
whd whd in ⊢ (?(??(???(%??????)?)?)); normalize nodelta
cases (identifier_eq ? (an_identifier tag id) (an_identifier tag id'))
[ #E >E @refute_none_by_refl #m' #U whd in ⊢ (?(??%?)); >(update_lookup_opt_same ????? U)
  % #E' destruct
| #NE @refute_none_by_refl #m' #U whd in ⊢ (?(??%?)); whd in ⊢ (?(??(??%%)?));
  <(update_lookup_opt_other ????? U id) [ @H | % #E cases NE >E #H @H @refl ]
] qed.


let rec fresh_for_map tag A (id:identifier tag) (m:identifier_map tag A) on id : Prop ≝
  lookup … m id = None A.

lemma fresh_for_empty_map : ∀tag,A,id.
  fresh_for_map tag A id (empty_map tag A).
#tag #A * #id //
qed.

definition fresh_map_for_univ ≝
λtag,A. λm:identifier_map tag A. λu:universe tag.
  ∀id. present tag A m id → fresh_for_univ tag id u.

lemma fresh_fresh_for_map : ∀tag,A,m,id,u,u'.
  fresh_map_for_univ tag A m u →
  〈id,u'〉 = fresh tag u →
  fresh_for_map tag A id m.
#tag #A * #m * #id * #u * #u' whd in ⊢ (% → ???% → %);
#FMU #E destruct lapply (FMU (an_identifier tag u)) whd in ⊢ ((% → %) → ?);
generalize in ⊢ ((?(??%?) → ?) → ??%?); *
[ // | #a #H @False_ind lapply (H ?) /2 by absurd/ % #E destruct
qed.

lemma fresh_map_preserved : ∀tag,A,m,u,u',id.
  fresh_map_for_univ tag A m u →
  〈id,u'〉 = fresh tag u →
  fresh_map_for_univ tag A m u'.
#tag #A #m #u * #u' #id whd in ⊢ (% → ? → %); #H #E
#id' #PR @(fresh_remains_fresh … E) @H //
qed.

lemma fresh_map_add : ∀tag,A,m,u,id,a.
  fresh_map_for_univ tag A m u →
  fresh_for_univ tag id u →
  fresh_map_for_univ tag A (add tag A m id a) u.
#tag #A * #m #u #id #a #Hm #Hi
#id' #PR cases (identifier_eq tag id' id)
[ #E >E @Hi
| #NE @Hm whd in PR;
  change with (add tag A (an_id_map tag A m) id a) in PR:(?(??(???%?)?));
  >lookup_add_miss in PR; //
] qed.

lemma present_not_fresh : ∀tag,A,m,id,id'.
  present tag A m id →
  fresh_for_map tag A id' m →
  id ≠ id'.
#tag #A #m #id * #id' whd in ⊢ (% → % → ?);
* #NE #E % #E' destruct @(NE E)
qed.

lemma fresh_for_map_add : ∀tag,A,id,m,id',a.
  id ≠ id' →
  fresh_for_map tag A id m →
  fresh_for_map tag A id (add tag A m id' a).
#tag #A * #id #m #id' #a #NE #F
whd >lookup_add_miss //
qed.


(* Sets *)

definition identifier_set ≝ λtag.identifier_map tag unit.

definition empty_set : ∀tag.identifier_set tag ≝ λtag.empty_map ….


definition add_set : ∀tag.identifier_set tag → identifier tag → identifier_set tag ≝
  λtag,s,i.add … s i it.

definition singleton_set : ∀tag:String. identifier tag → identifier_set tag ≝
λtag,i. add_set tag (empty_set tag) i.

(* mem set is generalised to all maps *)
let rec mem_set (tag:String) A (s:identifier_map tag A) (i:identifier tag) on s : bool ≝
  match lookup … s i with
  [ None ⇒ false
  | Some _ ⇒ true
  ].
  
let rec union_set (tag:String) A B (s:identifier_map tag A) (s':identifier_map tag B) on s : identifier_set tag ≝
  an_id_map tag unit (merge … (λo,o'.match o with [Some _ ⇒ Some ? it | None ⇒ !_ o'; return it])
    (match s with [ an_id_map s0 ⇒ s0 ])
    (match s' with [ an_id_map s1 ⇒ s1 ])).


(* set minus is generalised to maps *)
let rec minus_set (tag:String) A B (s:identifier_map tag A) (s':identifier_map tag B) on s : identifier_map tag A ≝
  an_id_map tag A (merge A B A (λo,o'.match o' with [None ⇒ o | Some _ ⇒ None ?])
    (match s with [ an_id_map s0 ⇒ s0 ])
    (match s' with [ an_id_map s1 ⇒ s1 ])).

notation "a ∖ b" left associative with precedence 55 for @{'setminus $a $b}.

interpretation "identifier set union" 'union a b = (union_set ??? a b).
notation "∅" non associative with precedence 90 for @{ 'empty }.
interpretation "empty identifier set" 'empty = (empty_set ?).
interpretation "singleton identifier set" 'singl a = (add_set ? (empty_set ?) a).
interpretation "identifier set membership" 'mem a b = (mem_set ?? b a).
interpretation "identifier map difference" 'setminus a b = (minus_set ??? a b).

definition IdentifierSet : String → Setoid ≝ λtag.
  mk_Setoid (identifier_set tag) (λs,s'.∀i.i ∈ s = (i ∈ s')) ???.
  // qed.

unification hint 0 ≔ tag;
S ≟ IdentifierSet tag 
(*-----------------------------*)⊢
identifier_set tag ≡ std_supp S.
unification hint 0 ≔ tag;
S ≟ IdentifierSet tag 
(*-----------------------------*)⊢
identifier_map tag unit ≡ std_supp S.

lemma mem_set_add : ∀tag,A.∀i,j : identifier tag.∀s,x.
  i ∈ add ? A s j x = (eq_identifier ? i j ∨ i ∈ s).
#tag #A *#i *#j *#s #x normalize
@(eqb_elim i j)
[#EQ destruct
  >(lookup_opt_insert_hit A x j)
|#NEQ >(lookup_opt_insert_miss … s NEQ)
] elim (lookup_opt  A j s) normalize // qed.

lemma mem_set_add_id : ∀tag,A,i,s,x.bool_to_Prop (i ∈ add tag A s i x).
#tag #A #i #s #x >mem_set_add
@eq_identifier_elim [#_ %| #ABS elim (absurd … (refl ? i) ABS)] qed.

lemma in_map_domain : ∀tag,A.∀m : identifier_map tag A.∀i.
  if i ∈ m then (∃s.lookup … m i = Some ? s) else (lookup … m i = None ?).
#tag #A * #m * #i normalize
elim (lookup_opt A i m) normalize
[ % | #x %{x} % ]
qed.

lemma union_empty_l : ∀tag.∀s:identifier_set tag. ∅ ∪ s = s.
#tag * normalize #m >map_opt_id_eq_ext // * %
qed.

lemma union_empty_r : ∀tag.∀s:identifier_set tag. s ∪ ∅ = s.
#tag * * [//] *[2: *] #l#r normalize
>map_opt_id_eq_ext [1,3: >map_opt_id_eq_ext [2,4: *] |*: *] //
qed.

lemma minus_empty_l : ∀tag,A.∀s:identifier_map tag A. ∅ ∖ s ≅ ∅.
#tag #A * * [//] *[2:#x]#l#r * * normalize [1,4://]
#p >lookup_opt_map elim (lookup_opt ???) normalize //
qed.

lemma minus_empty_r : ∀tag,A.∀s:identifier_map tag A. s ∖ ∅ = s.
#tag #A * * [//] *[2:#x]#l#r normalize
>map_opt_id >map_opt_id //
qed.

lemma mem_set_union : ∀tag.∀i : identifier tag.∀s,s' : identifier_set tag.
  i ∈ (s ∪ s') = (i ∈ s ∨ i ∈ s').
#tag * #i * #s * #s' normalize
>lookup_opt_merge [2: @refl]
elim (lookup_opt ???)
elim (lookup_opt ???)
normalize // qed.

lemma mem_set_minus : ∀tag,A,B.∀i : identifier tag.∀s : identifier_map tag A.
  ∀s' : identifier_map tag B.
  i ∈ (s ∖ s') = (i ∈ s ∧ ¬ i ∈ s').
#tag #A #B * #i * #s * #s' normalize
>lookup_opt_merge [2: @refl]
elim (lookup_opt ???)
elim (lookup_opt ???)
normalize // qed.

lemma set_eq_ext_node : ∀tag.∀o,o',l,l',r,r'.
  an_id_map tag ? (pm_node ? o l r) ≅ an_id_map … (pm_node ? o' l' r') →
    o = o' ∧ an_id_map tag ? l ≅ an_id_map … l' ∧ an_id_map tag ? r ≅ an_id_map … r'.
#tag#o#o'#l#l'#r#r'#H
%[
%[ lapply (H (an_identifier ? one))
   elim o [2: *] elim o' [2,4: *] normalize // #EQ destruct
 | *#p lapply (H (an_identifier ? (p0 p))) normalize //
]| *#p lapply (H (an_identifier ? (p1 p))) normalize //
]
qed.

lemma set_eq_ext_leaf : ∀tag,A.∀o,l,r.
  (∀i.i∈an_id_map tag A (pm_node ? o l r) = false) →
    o = None ? ∧ (∀i.i∈an_id_map tag ? l = false) ∧ (∀i.i∈an_id_map tag ? r = false).
#tag#A#o#l#r#H
%[
%[ lapply (H (an_identifier ? one))
   elim o [2: #a] normalize // #EQ destruct
 | *#p lapply (H (an_identifier ? (p0 p))) normalize //
]| *#p lapply (H (an_identifier ? (p1 p))) normalize //
]
qed.


definition id_map_size : ∀tag : String.∀A. identifier_map tag A → ℕ ≝
  λtag,A,s.match s with [an_id_map p ⇒ |p|].

interpretation "identifier map domain size" 'norm s = (id_map_size ?? s).

lemma set_eq_ext_empty_to_card : ∀tag,A.∀s : identifier_map tag A. (∀i.i∈s = false) → |s| = 0.
#tag#A * #s elim s [//]
#o#l#r normalize in ⊢((?→%)→(?→%)→?); #Hil #Hir #H
elim (set_eq_ext_leaf … H) * #EQ destruct #Hl #Hr normalize
>(Hil Hl) >(Hir Hr) // qed.

lemma set_eq_ext_to_card : ∀tag.∀s,s' : identifier_set tag. s ≅ s' → |s| = |s'|.
#tag *#s elim s
[** [//] #o#l#r #H
  >(set_eq_ext_empty_to_card … (std_symm … H)) //
| #o#l#r normalize in ⊢((?→?→??%?)→(?→?→??%?)→?);
  #Hil #Hir **
  [#H @(set_eq_ext_empty_to_card … H)]
  #o'#l'#r' #H elim (set_eq_ext_node … H) * #EQ destruct(EQ) #Hl #Hr
  normalize >(Hil ? Hl) >(Hir ? Hr) //
] qed.

lemma add_size: ∀tag,A,s,i,x.
  |add tag A s i x| = (if i ∈ s then 0 else 1) + |s|.
#tag #A *#s *#i #x
lapply (insert_size ? i x s)
lapply (refl ? (lookup_opt ? i s))
generalize in ⊢ (???%→?); * [2: #x']
normalize #EQ >EQ normalize //
qed.

lemma mem_set_O_lt_card : ∀tag,A.∀i.∀s : identifier_map tag A. i ∈ s → |s| > 0.
#tag #A * #i * #s normalize #H
@(lookup_opt_O_lt_size … i)
% #EQ >EQ in H; normalize *
qed.

(* NB: no control on values if applied to maps *)
definition set_subset ≝ λtag,A,B.λs : identifier_map tag A.
  λs' : identifier_map tag B. ∀i.i ∈ s → (bool_to_Prop (i ∈ s')).

interpretation "identifier set subset" 'subseteq s s' = (set_subset ??? s s').

lemma add_subset :
  ∀tag,A,B.∀i : identifier tag.∀x.∀s : identifier_map ? A.∀s' : identifier_map ? B.
    i ∈ s' → s ⊆ s' → add … s i x ⊆ s'.
#tag#A#B#i#x#s#s' #H #G #j
>mem_set_add
@eq_identifier_elim #H' [* >H' @H | #js @(G ? js)]
qed.

definition set_forall : ∀tag,A.(identifier tag → Prop) →
  identifier_map tag A → Prop ≝ λtag,A,P,m.∀i. i ∈ m → P i.
  
lemma set_forall_add : ∀tag,P,m,i.set_forall tag ? P m → P i →
  set_forall tag ? P (add_set ? m i).
#tag#P#m#i#Pm#Pi#j
>mem_set_add
@eq_identifier_elim
[#EQ destruct(EQ) #_ @Pi
|#_ @Pm
]
qed.

include "utilities/proper.ma".

lemma minus_subset : ∀tag,A,B.minus_set tag A B ⊨ set_subset … ++> set_subset … -+> set_subset ….
#tag#A#B#s#s' #H #s'' #s''' #G #i
>mem_set_minus >mem_set_minus
#H' elim (andb_Prop_true … H') -H' #is #nis''
>(H … is) 
elim (true_or_false_Prop (i∈s'''))
[ #is''' >(G … is''') in nis''; *
| #nis''' >nis''' %
]
qed.

lemma subset_node : ∀tag,A,B.∀o,o',l,l',r,r'.
  an_id_map tag A (pm_node ? o l r) ⊆ an_id_map tag B (pm_node ? o' l' r') →
    opt_All ? (λ_.o' ≠ None ?) o ∧ an_id_map tag ? l ⊆ an_id_map tag  ? l' ∧
      an_id_map tag ? r ⊆ an_id_map tag ? r'.
#tag#A#B#o#o'#l#l'#r#r'#H
%[%
  [ lapply (H (an_identifier ? (one))) elim o [2: #a] elim o' [2:#b]
    normalize // [#_ % #ABS destruct(ABS) | #G lapply (G I) *]
  | *#p lapply (H (an_identifier ? (p0 p)))
  ]
 | *#p lapply (H (an_identifier ? (p1 p)))
] #H @H
qed.

lemma subset_leaf : ∀tag,A.∀o,l,r.
  an_id_map tag A (pm_node ? o l r) ⊆ ∅ →
    o = None ? ∧ (∀i.i∈an_id_map tag ? l = false) ∧ (∀i.i∈an_id_map tag ? r = false).
#tag#A#o#l#r#H
%[
%[ lapply (H (an_identifier ? one))
   elim o [2: #a] normalize // #EQ lapply(EQ I) *
 | *#p lapply (H (an_identifier ? (p0 p)))
 ]
|  *#p lapply (H (an_identifier ? (p1 p)))
] normalize elim (lookup_opt ? p ?) normalize
// #a #H lapply (H I) *
qed.

lemma subset_card : ∀tag,A,B.∀s : identifier_map tag A.∀s' : identifier_map tag B.
  s ⊆ s' → |s| ≤ |s'|.
#tag #A #B *#s elim s
[ //
| #o#l#r #Hil #Hir **
  [ #H elim (subset_leaf … H) * #EQ >EQ #Hl #Hr
    lapply (set_eq_ext_empty_to_card … Hl)
    lapply (set_eq_ext_empty_to_card … Hr)
    normalize //
  | #o' #l' #r' #H elim (subset_node … H) *
    elim o [2: #a] elim o' [2,4: #a']
    [3: #G normalize in G; elim(absurd ? (refl ??) G)
    |*: #_ #Hl #Hr lapply (Hil ? Hl) lapply (Hir ? Hr)
      normalize #H1 #H2
      [@le_S_S | @(transitive_le … (|l'|+|r'|)) [2: / by /]]
      @le_plus assumption
    ]
  ]
]
qed.

lemma mem_set_empty : ∀tag.∀i: identifier tag. i∈∅ = false.
#tag * #i normalize %
qed.

lemma mem_set_singl_to_eq : ∀tag.∀i,j : identifier tag.i∈{(j)} → i = j.
#tag
#i #j >mem_set_add >mem_set_empty
#H elim (orb_true_l … H) -H
[@eq_identifier_elim [//] #_] #EQ destruct
qed.

lemma subset_add_set : ∀tag,i,s.s ⊆ add_set tag s i.
#tag#i#s#j #H >mem_set_add >H
>commutative_orb %
qed.

lemma add_set_monotonic : ∀tag,i,s,s'.s ⊆ s' → add_set tag s i ⊆ add_set tag s' i.
#tag#i#s#s' #H #j >mem_set_add >mem_set_add
@orb_elim elim (eq_identifier ???)
whd lapply (H j) /2 by /
qed.

lemma transitive_subset : ∀tag,A.transitive ? (set_subset tag A A).
#tag#A#s#s'#s''#H#G#i #is
@(G … (H … is))
qed.

definition set_from_list : ∀tag.list (identifier tag) → identifier_map tag unit ≝
  λtag.foldl … (add_set ?) ∅.

coercion id_set_from_list : ∀tag.∀l : list (identifier tag).identifier_map tag unit ≝
  set_from_list on _l : list (identifier ?) to identifier_map ? unit.

lemma mem_map_domain : ∀tag,A.∀m : identifier_map tag A.∀i.
i∈m → lookup … m i ≠ None ?.
#tag#A * #m #i
whd in match (i∈?);
elim (lookup ????) normalize [2: #x]
* % #EQ destruct(EQ)
qed.



lemma mem_list_as_set : ∀tag.∀l : list (identifier tag).
  ∀i.i ∈ l → In ? l i.
#tag #l @(list_elim_left … l)
[ #i *
| #t #h #Hi  #i
  whd in ⊢ (?(???%?)→?);
  >foldl_append
  whd in ⊢ (?(???%?)→?);
  >mem_set_add
  @eq_identifier_elim
  [ #EQi destruct(EQi)
    #_ @Exists_append_r % %
  | #_ #H @Exists_append_l @Hi assumption
  ]
]
qed.

lemma list_as_set_mem : ∀tag.∀l : list (identifier tag).
  ∀i.In ? l i → i ∈ l.
#tag #l @(list_elim_left … l)
[ #i *
| #t #h #Hi #i #H
  whd in ⊢ (?(???%?));
  >foldl_append
  whd in ⊢ (?(???%?));
  elim (Exists_append … H) -H
  [ #H >mem_set_add
    @eq_identifier_elim [//] #_ normalize
    @Hi @H
  | * [2: *] #EQi destruct(EQi) >mem_set_add_id %
  ]
]
qed.

lemma list_as_set_All : ∀tag,P.∀ l : list (identifier tag).
  (∀i.i ∈ l → P i) → All ? P l.
#tag #P #l @(list_elim_left … l)
[ #_ %
| #x #l' #Hi
  whd in match (l'@[x] : identifier_map tag unit);
  >foldl_append
  #H @All_append
  [ @Hi #i #G @H
    whd in ⊢ (?(???%?));
    >mem_set_add @orb_Prop_r @G
  | % [2: %]
    @H
    whd in ⊢ (?(???%?));
    @mem_set_add_id
  ]
]
qed.

lemma All_list_as_set : ∀tag,P.∀ l : list (identifier tag).
  All ? P l → ∀i.i ∈ l → P i.
#tag #P #l @(list_elim_left … l)
[ * #i *
| #x #l' #Hi #H
  lapply (All_append_l … H)
  lapply (All_append_r … H)
  * #Px * #Pl' #i
  whd in match (l'@[x] : identifier_map ??);
  >foldl_append
  >mem_set_add
  @eq_identifier_elim
  [ #EQx >EQx #_ @Px
  | #_ whd in match (?∨?); @Hi @Pl'
  ]
]
qed.