Changeset 3549

Timestamp:

Apr 2, 2015, 3:44:19 PM (5 years ago)

Author:

piccolo

Message:

added paolo's trick

Location:

LTS

Files:

• Final.ma (modified) (8 diffs)
• Lang_corr.ma (added)
• Lang_meas.ma (modified) (12 diffs)
• Language.ma (modified) (61 diffs)
• Simulation.ma (modified) (16 diffs)
• Traces.ma (modified) (32 diffs)
• Vm.ma (modified) (51 diffs)
• costs.ma (modified) (2 diffs)

LTS/Final.ma

@@ -18 +18 @@
 
 theorem cerco:
+ ∀l_p : label_params.
  (* Given the operational semantics of a source program *)
- ∀S1: abstract_status.
+ ∀S1: abstract_status l_p.
 
  (* Given the compiled assembly program *)
@@ -25 +26 @@
  
  (* Let S2 be the operational semantics of the compiled code  *)
- let S2 ≝ asm_operational_semantics p p' prog in
+ let S2 ≝ asm_operational_semantics p l_p p' prog in
  
  (* If the simulation conditions between the source and compiled
     code holds (i.e. if the compiler is correct) *)
- ∀rel: relations S1 S2. simulation_conditions … rel →
+ ∀rel: relations … S1 S2. simulation_conditions … rel →
 
  (* Given an abstract interpretation framework for the compiled code *)
- ∀R: asm_abstract_interpretation p p' prog.
+ ∀R: asm_abstract_interpretation p p' … prog.
  
  (* If the static analysis does not fail *)
@@ -40 +41 @@
    equivalently, whose state after the initial labelled transition is s1 
    and whose state after the final labelled transition is s2  *)
- ∀si,s1,s2,sn. ∀t: raw_trace S1 … si sn.
+ ∀si,s1,s2,sn. ∀t: raw_trace … S1 … si sn.
  measurable … s1 s2 … t →
 
  (* For each target non I/O state si' in relation with the source state si *)
- ∀si': S2. as_classify … si' ≠ cl_io → Srel ?? rel si si' →
+ ∀si': S2. as_classify … si' ≠ cl_io → Srel … rel si si' →
 
  (* There exists a corresponding target trace starting from si' *)
@@ -75 +76 @@
     >(proj1 … (static_analisys_ok … EQmap … Hmem))
     @(proj2 … (static_analisys_ok … EQmap … Hmem))]
-#S1 #p #p' #prog letin S2 ≝ (asm_operational_semantics ???) #rel #sim_conds
+#l_p #S1 #p #p' #prog letin S2 ≝ (asm_operational_semantics ????) #rel #sim_conds
 #R #mT #map #EQmap #si #s1 #s2 #sn #t #Hmeas #si' #Hclass #Rsisi'
-cases (simulates_measurable S1 S2 rel sim_conds … Hmeas … Rsisi') 
+cases (simulates_measurable … S1 S2 rel sim_conds … Hmeas … Rsisi') 
 [2: #H cases Hclass >H #ABS cases(ABS (refl …)) ]
 #sn' * #t' ** #Rsnsn' #EQcostlabs * #s1' * #s2' #Hmeas'
@@ -105 +106 @@
 #A #l1 #l2 #x #Hmem normalize #H @mem_neq_zero_is_multiset <H @is_multiset_mem_neq_zero assumption
 qed.
-
-definition is_abelian ≝ λM : monoid.
-∀x,y : M.op … M x y = op … M y x.
 
 lemma mem_list : ∀A : Type[0].
@@ -211 +209 @@
 ∀p_asm,p_asm',prog_asm.
 (* Let S3 be the operational semantics of the compiled code  *)
-let S3 ≝ asm_operational_semantics p_asm p_asm' prog_asm in
+let S3 ≝ asm_operational_semantics p_asm p p_asm' prog_asm in
 
 (* If the simulation conditions between the source with call post-labelled and compiled
     code holds (i.e. if the compiler is correct after the first pass) *)
-∀rel: relations S2 S3. simulation_conditions … rel →
+∀rel: relations … S2 S3. simulation_conditions … rel →
 
 (* let REL be semantical relation between the states of the source program and
@@ -223 +221 @@
 
  (* Given an abstract interpretation framework for the compiled code *)
-∀R: asm_abstract_interpretation p_asm p_asm' prog_asm.
+∀R: asm_abstract_interpretation p_asm p_asm' … prog_asm.
 
 (* If the abstract instructions monoid is abelian *)
@@ -234 +232 @@
    equivalently, whose state after the initial labelled transition is s1 
    and whose state after the final labelled transition is s2  *)
- ∀si,s1,s2,sn. ∀t: raw_trace S1 … si sn.
+ ∀si,s1,s2,sn. ∀t: raw_trace … S1 … si sn.
  measurable … s1 s2 … t →
 

LTS/Lang_meas.ma

@@ -13 +13 @@
 (**************************************************************************)
 
-include "Language.ma".
+include "Lang_corr.ma".
 
 
@@ -21 +21 @@
 ∀s1,s2,s1' : state p.∀abs_top,abs_tail.
 execute_l … p' (env … prog) l s1 s2 → 
-is_costlabelled_act l → 
-(is_call_act l → is_call_post_label (operational_semantics p p' prog) … s1) → 
+is_costlabelled_act p l → 
+(is_call_act p l → is_call_post_label p (operational_semantics p p' prog) … s1) → 
 state_rel … m keep abs_top abs_tail s1 s1' → abs_top = nil ? ∧
-(is_call_act l → is_call_post_label (operational_semantics p p' t_prog) … s1').
+(is_call_act p l → is_call_post_label p (operational_semantics p p' t_prog) … s1').
 #p #p' #prog @pair_elim * #t_prog #m #keep #EQt_prog normalize nodelta
 #l #s1 #s2 #s1' #abs_top #abs_tail #H elim H -s1 -s2 -l
@@ -33 +33 @@
   >EQcont in EQcheck; whd in ⊢ (??%? → ?); inversion(cont … s1') normalize nodelta
   [ #_ #EQ destruct] * #lab' #code_cont' #stack' #_ #EQcont'
-    change with (check_continuations ?????) in match (foldr2 ???????);
+    change with (check_continuations ??????) in match (foldr2 ???????);
     inversion(check_continuations ?????) [ #_ normalize #EQ destruct]
     ** #H2 #a_top1 #a_tail1 #EQcheck >m_return_bind normalize nodelta
@@ -134 +134 @@
   #a_top3 #istr3 #EQi_true' inversion(?==?) #EQget1 inversion(?==?) #EQget2 normalize nodelta
   whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct #_ #_ #EQ destruct % // * #f * #c #EQ destruct
-| cases daemon
+| #s1 #s2 #exp #ltrue #i_true #lfalse #i_false #instrs #new_m #EQcode_s1 #EQeval #EQcont_s2 #EQ1 #EQ2 destruct
+  #Hio1 #Hio2 * #_ whd in match state_rel; normalize nodelta inversion(check_continuations ?????) normalize nodelta
+  [ #_ *] ** #H1 #a_top #a_tail #EQcheck normalize nodelta **** #HH1 >EQcode_s1  inversion(code ? s1')
+  [1,2,3,5,6,7: 
+    [ | #ret | #seq #opt_l #instr #_ | #cond #ltrue #itrue #lfalse #ifalse #_ #_| #f #pars #opt_l #instr #_ 
+       | #lin #io #lout #instr #_ ]
+          #_ whd in ⊢ (??%% → ?);
+          [ |
+          | cases(call_post_clean ?????); normalize nodelta [2: #x cases opt_l normalize nodelta [| #label cases(?==?) normalize nodelta]]
+          | cases(call_post_clean ?????) normalize nodelta 
+            [| #x whd in ⊢ (??%? → ?); cases(call_post_clean ?????) normalize nodelta
+               [| #y cases(?∧?) normalize nodelta 
+               ]
+            ]
+          | cases(call_post_clean ?????) normalize nodelta
+             [| #x cases opt_l normalize nodelta [| #lbls cases(memb ???) normalize nodelta
+                [ cases (?==?) normalize nodelta ]
+             ]]
+          | cases(call_post_clean ?????) normalize nodelta
+             [| #x cases(? ∧ ?) normalize nodelta ]
+          ]
+          whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct
+  ]
+  #exp' #ltrue' #i_true' #lfalse' #i_false' #instrs' #_ #_ #_ #EQcode_s1' whd in ⊢ (??%% → ?);
+  inversion(call_post_clean ?????) normalize nodelta [#_ #EQ destruct] * #a_top1 #istr1 #EQinstr'
+  whd in ⊢ (??%%→ ?); inversion(call_post_clean ?????) normalize nodelta [ #_ #EQ destruct] * #a_top2 #istr2
+  #EQi_false' whd in ⊢ (??%% → ?); inversion(call_post_clean ?????) normalize nodelta [#_ #EQ destruct] *
+  #a_top3 #istr3 #EQi_true' inversion(?==?) #EQget1 inversion(?==?) #EQget2 normalize nodelta
+  whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct #_ #_ #EQ destruct % // * #f * #c #EQ destruct
 | cases daemon
 | cases daemon
@@ -156 +184 @@
       cases(?==?) normalize nodelta
     [2:  #EQ destruct] whd in ⊢ (??%% → ?); #EQ1 lapply(eq_to_jmeq ??? EQ1) -EQ1 #EQ1 destruct #_#_ #EQ1 destruct % // 
-    #_ whd in match (is_call_post_label ??); >EQcode_s1' %
+    #_ whd in match (is_call_post_label ???); >EQcode_s1' %
     ]
     #ABS whd in ⊢ (??%% → ?);  #EQ1 lapply(eq_to_jmeq ??? EQ1) -EQ1 #EQ1 destruct lapply(Hcall ?) [ %{f} %{(f_lab … env_it)} %] 
-    whd in ⊢ (% → ?); whd in match (is_call_post_label ??); normalize nodelta >EQcode *
+    whd in ⊢ (% → ?); whd in match (is_call_post_label ???); normalize nodelta >EQcode *
  ]
 | #s1 #s2 #r_t #mem #stack * [|#lbl] #i #EQcode #EQcont #EQ destruct #_ #_ #EQeval #EQ1 #EQ2 destruct * #_
@@ -168 +196 @@
     >EQcont in EQcheck; inversion (cont ? s1') [ #_ whd in ⊢ (??%% → ?); #EQ destruct]
     * #LAB #instrs #stack' #_ #EQcont_s1' whd in match check_continuations; normalize nodelta
-    whd in match (foldr2 ???????); change with (check_continuations ?????) in match (foldr2 ???????);
+    whd in match (foldr2 ???????); change with (check_continuations ??????) in match (foldr2 ???????);
     cases(check_continuations ?????) normalize nodelta [#EQ destruct] ** #H2 #a_top1 #a_tail1
     normalize nodelta   whd in ⊢ (??%? → ?); cases(call_post_clean ?????) normalize nodelta [ #EQ destruct cases HH1]
@@ -196 +224 @@
 let 〈t_prog,m,keep〉 ≝ trans_prog … prog in
 ∀s1,s2,s1' : state p.∀abs_top,abs_tail.
-∀l.is_costlabelled_act l → 
+∀l.is_costlabelled_act p l → 
 ∀prf :execute_l p p' (env … prog) l s1 s2.
 state_rel … m keep abs_top abs_tail s1 s1' → 
@@ -202 +230 @@
 execute_l p p' (env … t_prog) l s1' s2' ∧
 state_rel  … m keep abs_top' abs_tail s2 s2' ∧
-map_labels_on_trace … m … (actionlabel_to_costlabel l) = 
-actionlabel_to_costlabel l @ abs_top'.
+map_labels_on_trace … m … (actionlabel_to_costlabel p l) = 
+actionlabel_to_costlabel p l @ abs_top'.
 #p #p' #prog  #no_dup @pair_elim * #t_prog #m #keep #EQt_prog normalize nodelta
 #s1 #s2 #s1' #abs_top #abs_tail #l #Hl #H lapply Hl -Hl elim H -s1 -s2 -l
@@ -209 +237 @@
   #Hlbl #cost_lbl whd in match state_rel in ⊢ (% → ?); normalize nodelta inversion(check_continuations ?????)
   normalize nodelta [ #_ *] ** #H1 #a_top #a_tail >EQcont_s1 inversion(cont … s1') [ #_ whd in ⊢ (??%% → ?); #EQ destruct]
-  * #lbl' #i' #stack' #_ #EQcont_s1' whd in ⊢ (??%% → ?); change with (check_continuations ?????) in match (foldr2 ???????);
+  * #lbl' #i' #stack' #_ #EQcont_s1' whd in ⊢ (??%% → ?); change with (check_continuations ??????) in match (foldr2 ???????);
   inversion(check_continuations ?????) normalize nodelta [ #_ #EQ destruct] ** #H2 #a_top1 #a_tail1 #EQcheck
   normalize nodelta inversion(call_post_clean ?????) normalize nodelta [#_ whd in ⊢ (??%% → ?); #EQ destruct ***** ]
@@ -247 +275 @@
   * #genlab #cleaned #EQcleaned inversion(?∧?) normalize nodelta #EQget whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ
   #EQ destruct #EQstore_s1_s1' #EQioinfo #EQ destruct %{[]} 
-  %{(mk_state … (EMPTY …) (〈cost_act (Some ? lout),i'〉::(cont … s1')) (store … s2) true)} % [%
+  %{(mk_state … (EMPTY …) (〈cost_act p (Some ? lout),i'〉::(cont … s1')) (store … s2) true)} % [%
   [ @(io_in … EQcode_s1') // ]
-  whd >EQcont_s2 whd in match (check_continuations ?????); change with (check_continuations ?????) in match (foldr2 ???????);
+  whd >EQcont_s2 whd in match (check_continuations ??????); change with (check_continuations ??????) in match (foldr2 ???????);
   >EQcheck normalize nodelta >EQcleaned normalize nodelta % // % // % // % [2: >EQcode_s2 %] % 
   [2: cases(andb_Prop_true … (bool_true … EQget)) #H #_ >(\P (bool_true … H)) % ] % // % //]
@@ -265 +293 @@
 let 〈t_prog,m,keep〉 ≝ trans_prog … prog in
 ∀si,s1,s2,sn,si' : state p.∀abs_top,abs_tail.
-∀t : raw_trace (operational_semantics … p' prog) si sn.
-measurable (operational_semantics … p' prog) … s1 s2 … t → 
+∀t : raw_trace p (operational_semantics … p' prog) si sn.
+measurable p (operational_semantics p p' prog) … s1 s2 … t → 
 state_rel … m keep abs_top abs_tail si si' → 
-∃abs_top',abs_tail'.∃sn'.∃t' : raw_trace (operational_semantics … p' t_prog) si' sn'.
+∃abs_top',abs_tail'.∃sn'.∃t' : raw_trace p (operational_semantics … p' t_prog) si' sn'.
 state_rel  … m keep abs_top' abs_tail' sn sn' ∧
-is_permutation ? (map_labels_on_trace m (chop … (get_costlabels_of_trace … t)))  
+is_permutation ? (map_labels_on_trace … m (chop … (get_costlabels_of_trace … t)))  
                   (chop … (get_costlabels_of_trace … t')) ∧
                   ∃s1',s2'.
-measurable (operational_semantics … p' t_prog)  … s1' s2' … t'.
+measurable p (operational_semantics … p' t_prog)  … s1' s2' … t'.
 #p #p' #prog #no_dup @pair_elim * #t_prog #m #keep #EQt_prog normalize nodelta
 #si #s1 #s3 #sn #si' #abs_top #abs_tail #t *  #s0 * #s2 * #ti0 * #t12 * #t3n * #l1 * #l2
@@ -300 +328 @@
   >append_nil cases(actionlabel_ok … Hl2) #c2 #EQc2 >EQc2 <associative_append <associative_append
   <associative_append >chop_append_singleton <associative_append <associative_append >chop_append_singleton
-  >append_nil whd in match (get_costlabels_of_trace ??? (t_ind (operational_semantics p p' t_prog) … prf1' (t_base …)));
+  >append_nil whd in match (get_costlabels_of_trace ???? (t_ind ? (operational_semantics p p' t_prog) … prf1' (t_base …)));
   >append_nil >map_labels_on_trace_append >EQmap_l1 >associative_append @is_permutation_append_left_cancellable
   lapply(top_move_source_is_empty … p' prog) >EQt_prog normalize nodelta #H

LTS/Language.ma

@@ -18 +18 @@
 include "../src/utilities/option.ma".
 include "basics/jmeq.ma".
+include "utils.ma".
 
 discriminator option.
@@ -31 +32 @@
 
 
-inductive Instructions (p : instr_params) : Type[0] ≝
- | EMPTY : Instructions p
- | RETURN : return_type p → Instructions p
- | SEQ : (seq_instr p) → option NonFunctionalLabel → Instructions p → Instructions p
- | COND : (cond_instr p) → NonFunctionalLabel → Instructions p → 
-                 NonFunctionalLabel → Instructions p → Instructions p → 
-                       Instructions p
- | LOOP : (loop_instr p) → NonFunctionalLabel → Instructions p → 
-                  NonFunctionalLabel → Instructions p → Instructions p
- | CALL : FunctionName → (act_params_type p) → option ReturnPostCostLabel → 
-            Instructions p → Instructions p
- | IO : NonFunctionalLabel → (io_instr p) → NonFunctionalLabel → Instructions p → 
-             Instructions p.
-
-let rec eq_instructions (p : instr_params) (i : Instructions p) 
- on i : (Instructions p) → bool ≝ 
+inductive Instructions (p : instr_params) 
+  (l_p :label_params) : Type[0] ≝
+ | EMPTY : Instructions p l_p
+ | RETURN : return_type p → Instructions p l_p
+ | SEQ : (seq_instr p) → option (NonFunctionalLabel l_p) → Instructions p l_p → Instructions p l_p
+ | COND : (cond_instr p) → (NonFunctionalLabel l_p) → Instructions p l_p → 
+                 (NonFunctionalLabel l_p) → Instructions p l_p → Instructions p l_p → 
+                       Instructions p l_p
+ | LOOP : (loop_instr p) → NonFunctionalLabel l_p → Instructions p l_p → 
+                  NonFunctionalLabel l_p → Instructions p l_p → Instructions p l_p
+ | CALL : FunctionName → (act_params_type p) → option (ReturnPostCostLabel l_p) → 
+            Instructions p l_p → Instructions p l_p
+ | IO : NonFunctionalLabel l_p → (io_instr p) → NonFunctionalLabel l_p → Instructions p l_p → 
+             Instructions p l_p.
+
+let rec eq_instructions (p : instr_params) (l_p : label_params) (i : Instructions p l_p) 
+ on i : (Instructions p l_p) → bool ≝ 
 match i with 
 [ EMPTY ⇒ λi'.match i' with [ EMPTY ⇒ true | _ ⇒ false ]
@@ -53 +55 @@
                       [ SEQ y lab' instr' ⇒ x == y ∧ eq_instructions … instr instr' ∧
                               match lab with [ None ⇒ match lab' with [ None ⇒ true | _ ⇒ false ]
-                                             | Some l1 ⇒ match lab' with [Some l2 ⇒ eq_nf_label l1 l2 | _ ⇒ false]
+                                             | Some l1 ⇒ match lab' with [Some l2 ⇒ eq_nf_label … l1 l2 | _ ⇒ false]
                                              ]
                       | _ ⇒ false
@@ -59 +61 @@
 | COND x ltrue i1 lfalse i2 i3 ⇒ λi'.match i' with
                           [ COND y ltrue' i1' lfalse' i2' i3' ⇒ 
-                             x == y ∧ eq_nf_label ltrue ltrue' ∧ 
-                             eq_instructions … i1 i1' ∧ eq_nf_label lfalse lfalse' ∧
+                             x == y ∧ eq_nf_label … ltrue ltrue' ∧ 
+                             eq_instructions … i1 i1' ∧ eq_nf_label … lfalse lfalse' ∧
                              eq_instructions … i2 i2' ∧ eq_instructions … i3 i3'
                          | _ ⇒ false
@@ -66 +68 @@
 | LOOP x ltrue i1 lfalse i2 ⇒ λi'.match i' with
               [ LOOP y ltrue' i1' lfalse' i2' ⇒ x == y ∧ 
-                      eq_instructions … i1 i1' ∧ eq_nf_label ltrue ltrue' ∧
+                      eq_instructions … i1 i1' ∧ eq_nf_label … ltrue ltrue' ∧
                       eq_instructions … i2 i2'
               | _ ⇒ false
@@ -74 +76 @@
                        act_p == act_p' ∧ eq_instructions … i1 i1' ∧ 
                        match r_lb with [ None ⇒ match r_lb' with [None ⇒ true | _ ⇒ false]
-                                       | Some z ⇒ match r_lb' with [Some w ⇒  eq_return_cost_lab z w | _ ⇒ false ]
+                                       | Some z ⇒ match r_lb' with [Some w ⇒  eq_return_cost_lab … z w | _ ⇒ false ]
                                        ]
             | _ ⇒ false
             ]
 | IO lin io lout i1 ⇒ λi'.match i' with
-             [ IO lin' io' lout' i1' ⇒ eq_nf_label lin lin' ∧ io == io' ∧
-                                       eq_nf_label lout lout' ∧ eq_instructions … i1 i1'
+             [ IO lin' io' lout' i1' ⇒ eq_nf_label … lin lin' ∧ io == io' ∧
+                                       eq_nf_label … lout lout' ∧ eq_instructions … i1 i1'
              | _ ⇒ false                                       
              ]
@@ -117 +119 @@
 }.
 
-record env_item (p : env_params) (p' : instr_params) : Type[0] ≝
+record env_item (p : env_params) (p' : instr_params) (l_p : label_params) : Type[0] ≝
 { f_sig :> signature p p'
-; f_lab : CallCostLabel
-; f_body : Instructions p'
+; f_lab : CallCostLabel l_p
+; f_body : Instructions p' l_p
 }.
 
@@ -126 +128 @@
 { i_pars :> instr_params
 ; e_pars :> env_params
+; l_pars :> label_params
 ; store_type : DeqSet
 }.
 
 record state (p : state_params) : Type[0] ≝ 
-{ code : Instructions p
-; cont : list (ActionLabel × (Instructions p))
+{ code : Instructions p p
+; cont : list (ActionLabel p × (Instructions p p))
 ; store : store_type p
 ; io_info : bool
@@ -149 +152 @@
 
 
-let rec lookup (p : env_params) (p' : instr_params) (l : list (env_item p p')) 
- on l : FunctionName → option (env_item p p') ≝ 
+let rec lookup (p : env_params) (p' : instr_params) (l_p : label_params) (l : list (env_item p p' l_p)) 
+ on l : FunctionName → option (env_item p p' l_p) ≝ 
 match l with
 [ nil ⇒ λ_.None ?
@@ -158 +161 @@
 ].
 
-definition is_ret_call_act : ActionLabel → Prop ≝ 
-λa.match a with [ret_act _ ⇒ True | call_act _ _ ⇒ True | _ ⇒ False ].
-
-inductive execute_l (p : state_params) (p' : sem_state_params p) (env : list (env_item p p)) : 
-                                         ActionLabel → relation (state p) ≝ 
-| empty : ∀st,st',hd,tl.(code ? st) = (EMPTY p)→ (cont ? st) = hd :: tl → 
+inductive execute_l (p : state_params) (p' : sem_state_params p) (env : list (env_item p p p)) : 
+                                         ActionLabel p → relation (state p) ≝ 
+| empty : ∀st,st',hd,tl.(code ? st) = (EMPTY p p)→ (cont ? st) = hd :: tl → 
            (code ? st') = \snd hd → (cont … st') = tl → (store … st) = (store … st') → 
-           (io_info … st = true → is_non_silent_cost_act (\fst hd)) →  (io_info … st') = false → ¬ is_ret_call_act (\fst hd) →  execute_l … (\fst hd) st st'
+           (io_info … st = true → is_non_silent_cost_act … (\fst hd)) →  (io_info … st') = false → ¬ is_ret_call_act … (\fst hd) →  execute_l … (\fst hd) st st'
 | seq_sil : ∀st,st',i,cd,s,opt_l.(code ? st) = SEQ … i opt_l cd → 
              eval_seq … p' i (store … st) = return s → (code ? st') = cd → 
              (cont … st) = (cont … st') → (store … st') = s → 
-             io_info … st = false →  io_info ? st' = false → execute_l … (cost_act opt_l) st st'
+             io_info … st = false →  io_info ? st' = false → execute_l … (cost_act … opt_l) st st'
 | cond_true : ∀st,st',exp,ltrue,i_true,lfalse,i_false,cd,new_m.
    (code ? st) = COND … exp ltrue i_true lfalse i_false cd → eval_cond_cond … p' exp (store … st) = return 〈true,new_m〉 → 
-   cont ? st' = 〈cost_act (None ?),cd〉 ::(cont … st) → code … st' = i_true → store … st' = new_m → 
-   io_info … st = false →  io_info … st' = false → execute_l … (cost_act (Some ? ltrue)) st st'
+   cont ? st' = 〈cost_act … (None ?),cd〉 ::(cont … st) → code … st' = i_true → store … st' = new_m → 
+   io_info … st = false →  io_info … st' = false → execute_l … (cost_act … (Some ? ltrue)) st st'
 | cond_false : ∀st,st',exp,ltrue,i_true,lfalse,i_false,cd,new_m.
    (code ? st) = COND … exp ltrue i_true lfalse i_false cd → eval_cond_cond … p' exp (store … st) = return 〈false,new_m〉 → 
-   cont ? st' = 〈cost_act (None ?),cd〉 ::(cont … st) → code … st' = i_false → store … st' = new_m → 
-   io_info … st = false →  io_info … st' = false → execute_l … (cost_act (Some ? lfalse)) st st'
+   cont ? st' = 〈cost_act … (None ?),cd〉 ::(cont … st) → code … st' = i_false → store … st' = new_m → 
+   io_info … st = false →  io_info … st' = false → execute_l … (cost_act … (Some ? lfalse)) st st'
 | loop_true : ∀st,st',exp,ltrue,i_true,lfalse,i_false,new_m.
    code ? st = LOOP … exp ltrue i_true lfalse i_false → eval_loop_cond … p' exp (store … st) = return 〈true,new_m〉 → 
-   cont ? st' = 〈cost_act (None ?),LOOP … exp ltrue i_true lfalse i_false〉 :: (cont … st) → 
+   cont ? st' = 〈cost_act … (None ?),LOOP … exp ltrue i_true lfalse i_false〉 :: (cont … st) → 
    code … st' = i_true → store … st' = new_m → io_info … st = false →  io_info … st' = false → 
-   execute_l … (cost_act (Some ? ltrue)) st st'
+   execute_l … (cost_act … (Some ? ltrue)) st st'
 | loop_false : ∀st,st',exp,ltrue,i_true,lfalse,i_false,new_m.
    code ? st = LOOP … exp ltrue i_true lfalse i_false → eval_loop_cond … p' exp (store … st) = return 〈false,new_m〉 → 
    cont ? st' = cont … st → code … st' = i_false → store … st' = new_m → 
-   io_info … st = false →  io_info … st' = false → execute_l … (cost_act (Some ? lfalse)) st st'
+   io_info … st = false →  io_info … st' = false → execute_l … (cost_act … (Some ? lfalse)) st st'
 | io_in : ∀st,st',lin,io,lout,cd,mem.(code ? st) = IO … lin io lout cd → 
-    eval_io … p' io (store … st) = return mem → code ? st' = EMPTY p → 
-    cont … st' = 〈cost_act (Some ? lout),cd〉 :: (cont … st) → store … st' = mem →
-    io_info … st' = true → execute_l … (cost_act (Some ? lin)) st st'
+    eval_io … p' io (store … st) = return mem → code ? st' = EMPTY p p → 
+    cont … st' = 〈cost_act … (Some ? lout),cd〉 :: (cont … st) → store … st' = mem →
+    io_info … st' = true → execute_l … (cost_act … (Some ? lin)) st st'
 | call : ∀st,st',f,act_p,r_lb,cd,mem,env_it.(code ? st) = CALL … f act_p r_lb cd → 
     lookup … env f = return env_it → 
@@ -196 +196 @@
     store ? st' = mem → code … st' = f_body … env_it → 
      cont … st' = 
-       〈(ret_act r_lb),cd〉 :: (cont … st) →  
+       〈(ret_act … r_lb),cd〉 :: (cont … st) →  
     io_info … st = false →  (io_info … st') = false → 
-    execute_l … (call_act f (f_lab ?? env_it)) st st'
+    execute_l … (call_act … f (f_lab … env_it)) st st'
 | ret_instr : ∀st,st',r_t,mem,tl',rb,cd.code ? st = RETURN … r_t → 
-   cont … st = 〈ret_act rb,cd〉 :: tl' → cont ? st' = tl' → 
+   cont … st = 〈ret_act … rb,cd〉 :: tl' → cont ? st' = tl' → 
    io_info … st = false →  io_info ? st' = false → 
    eval_after_return … p' r_t (store … st) = return mem → code … st' = cd → 
-   store … st' = mem → execute_l … (ret_act rb) st st'.
+   store … st' = mem → execute_l … (ret_act … rb) st st'.
    
-let rec get_labels_of_code (p : instr_params) (i : Instructions p) on i : list CostLabel ≝ 
+let rec get_labels_of_code (p : instr_params) (l_p : label_params) (i : Instructions p l_p) on i : list (CostLabel l_p) ≝ 
 match i with
 [ EMPTY ⇒ [ ]
 | RETURN x ⇒ [ ]
 | SEQ x lab instr ⇒ let ih ≝ get_labels_of_code … instr in
-  match lab with [ None ⇒ ih | Some lbl ⇒ a_non_functional_label lbl :: ih ]
+  match lab with [ None ⇒ ih | Some lbl ⇒ a_non_functional_label … lbl :: ih ]
 | COND x ltrue i1 lfalse i2 i3 ⇒ 
    let ih3 ≝ get_labels_of_code … i3 in
@@ -219 +219 @@
    let ih2 ≝ get_labels_of_code … i2 in
    let ih1 ≝ get_labels_of_code … i1 in
-   a_non_functional_label ltrue :: a_non_functional_label lfalse :: (ih1 @ ih2)
+   a_non_functional_label … ltrue :: a_non_functional_label … lfalse :: (ih1 @ ih2)
 | CALL f act_p r_lb i1 ⇒ 
    let ih1 ≝ get_labels_of_code … i1 in
-   match r_lb with [ None ⇒ ih1 | Some lbl ⇒ a_return_post lbl :: ih1]
+   match r_lb with [ None ⇒ ih1 | Some lbl ⇒ a_return_post … lbl :: ih1]
 | IO lin io lout i1 ⇒ 
    let ih1 ≝ get_labels_of_code … i1 in
-   a_non_functional_label lin :: a_non_functional_label lout :: ih1
+   a_non_functional_label … lin :: a_non_functional_label … lout :: ih1
 ].
-
-include "basics/lists/listb.ma".
-include "../src/utilities/hide.ma".
-
-let rec no_duplicates (A : DeqSet) (l : list A) on l : Prop ≝ 
-match l with
-[ nil ⇒ True 
-| cons x xs ⇒ ¬ (bool_to_Prop (x ∈ xs)) ∧ no_duplicates … xs
-].
-
-lemma no_duplicates_append_r : ∀A : DeqSet.∀l1,l2 : list A.no_duplicates … (l1 @ l2) → 
-no_duplicates … l2.
-#A #l1 elim l1 // #x #xs normalize #IH #l2 * /2/
-qed.
-
-lemma no_duplicates_append_l : ∀A : DeqSet.∀l1,l2 : list A.no_duplicates … (l1 @ l2) → 
-no_duplicates … l1.
-#A #l1 elim l1 // #x #xs normalize #IH #l2 * #H1 #H2 % [2: /2/ ]
-inversion(x ∈ xs @l2) in H1; normalize [ #_ * #H @⊥ @H %] #H1 #_
-% inversion(x ∈ xs) normalize [2: //] #H3 #_ >(memb_append_l1 … H3) in H1;
-#EQ destruct(EQ)
-qed.
    
-record Program (p : env_params) (p' : instr_params) : Type[0] ≝ 
-{ env : list (env_item p p')
-; main : Instructions p'
+record Program (p : env_params) (p' : instr_params) (l_p : label_params) : Type[0] ≝ 
+{ env : list (env_item p p' l_p)
+; main : Instructions p' l_p
 }.
 
 
-definition no_duplicates_labels : ∀p,p'.Program p p' → Prop ≝ 
-λp,p',prog.
+
+definition no_duplicates_labels : ∀p,p',l_p.Program p p' l_p → Prop ≝ 
+λp,p',l_p,prog.
    no_duplicates …
-    (foldr … (λitem,acc.((a_call (f_lab … item)) :: get_labels_of_code … (f_body … item)) @ acc) (get_labels_of_code … (main … prog)) (env … prog)).
+    (foldr … 
+      (λitem,acc.((a_call … (f_lab … item)) :: get_labels_of_code … (f_body … item)) @ acc) 
+      (get_labels_of_code … (main … prog)) (env … prog)).
 
 lemma no_duplicates_domain_of_fun:
- ∀p,p',prog.no_duplicates_labels … prog → 
- ∀f,env_it.lookup p p' (env … prog) f = return env_it → 
+ ∀p,p',l_p,prog.no_duplicates_labels … prog → 
+ ∀f,env_it.lookup p p' l_p (env … prog) f = return env_it → 
  no_duplicates … (get_labels_of_code … (f_body … env_it)).
-#p #p' * #env elim env [ #main normalize #_ #f #env_it #EQ destruct(EQ)]
+#p #p' #l_p * #env elim env [ #main normalize #_ #f #env_it #EQ destruct(EQ)]
 #x #xs #IH #main whd in ⊢ (% → ?); whd in match (foldr ?????); #H #f #env_it
 whd in ⊢ (??%? → ?); @eq_function_name_elim normalize nodelta
@@ -279 +260 @@
  ].
 
-definition operational_semantics : ∀p : state_params.∀p'.Program p p → abstract_status ≝ 
-λp,p',prog.mk_abstract_status 
+definition operational_semantics : ∀p : state_params.∀p'.Program p p p → abstract_status p ≝ 
+λp,p',prog.mk_abstract_status … 
                 (state p) 
                 (execute_l ? p' (env … prog)) 
@@ -377 +358 @@
 qed.
 
-let rec eqb_list (D : DeqSet) (l1 : list D) on l1 : list D → bool ≝ 
-match l1 with
-[ nil ⇒ λl2.match l2 with [nil ⇒ true | _ ⇒ false ]
-| cons x xs ⇒ λl2.match l2 with [ cons y ys ⇒ x == y ∧ eqb_list … xs ys | _ ⇒ false ]
-]. 
-
-definition DeqSet_List : DeqSet → DeqSet ≝ 
-λX.mk_DeqSet (list X) (eqb_list …) ?.
-#x elim x [ * /2 by refl, conj/ #y #ys normalize % #EQ destruct] -x
-#x #xs #IH * [ normalize % #EQ destruct] #y #ys normalize % inversion(x == y)
-#EQ normalize nodelta 
-[ #H >(proj1 … (IH ys) H) @eq_f2 [2: %] @(proj1 … (eqb_true …)) assumption
-| #EQ destruct
-| #EQ1 destruct @(proj2 … (IH …)) %
-| #EQ1 destruct <EQ @(proj2 … (eqb_true …)) %
-]
-qed.
-
-unification hint  0 ≔ C; 
-    X ≟ DeqSet_List C
-(* ---------------------------------------- *) ⊢ 
-    list C ≡ carr X.
-
-
-unification hint  0 ≔ D,p1,p2; 
-    X ≟ DeqSet_List D
-(* ---------------------------------------- *) ⊢ 
-    eqb_list D p1 p2 ≡ eqb X p1 p2.
-
-definition associative_list : DeqSet → Type[0] → Type[0] ≝ 
-λA,B.list (A × (list B)).
-
-let rec update_list (A : DeqSet) (B : Type[0]) (l : associative_list A B) 
-   on l : A → list B → associative_list A B ≝ 
-λa,b.match l with 
-    [ nil ⇒ [〈a,b〉]
-    | cons x xs ⇒ if (a == (\fst x)) then 〈a,b〉 :: xs
-                  else x :: (update_list … xs a b)  
-    ].
-
-let rec get_element (A :DeqSet) (B : Type[0]) (l: associative_list A B) on l : A → list B ≝ 
-λa.match l with [ nil ⇒ nil ? 
-                | cons x xs ⇒ if (a == \fst x) then \snd x else get_element … xs a 
-                ].
-
-let rec domain_of_associative_list (A :DeqSet) (B : Type[0]) (l: associative_list A B) on l : list A ≝ 
- match l with
-  [ nil ⇒ [] 
-  | cons x xs ⇒ \fst x :: domain_of_associative_list … xs 
-  ].
-
-lemma get_element_append_l:
- ∀A,B. ∀l1,l2: associative_list A B. ∀x.
-  x ∈ domain_of_associative_list … l1 →
-   get_element … (l1@l2) x = get_element … l1 x.
-#A #B #l1 elim l1 normalize [ #l2 #x * ] #hd #tl #IH #l2 #x cases (dec_eq … x (\fst hd))
-#H [ >(\b H) | >(\bf H) ] normalize /2/
-qed.
-
-lemma get_element_append_r:
- ∀A,B. ∀l1,l2: associative_list A B. ∀x.
-  ¬ (bool_to_Prop (x ∈ domain_of_associative_list … l1)) →
-   get_element ?? (l1@l2) x = get_element … l2 x.
-#A #B #l1 elim l1 normalize [ #l2 #x // ] #hd #tl #IH #l2 #x cases (dec_eq … x (\fst hd))
-#H [ >(\b H) | >(\bf H) ] normalize /2 by/ * #K cases (K I)
-qed.
-
-lemma get_element_append_l1 : 
- ∀A,B. ∀l1,l2: associative_list A B. ∀x.
-  ¬ (bool_to_Prop (x ∈ domain_of_associative_list … l2)) →
-   get_element ?? (l1@l2) x = get_element … l1 x.
-#A #B #l1 elim l1 normalize [2: #x #xs #IH #l2 #a #H >IH // ]
-#l2 elim l2 // #y #ys #IH #a normalize cases(a == \fst y) normalize
-[ * #H @⊥ @H % ] #H @IH assumption
-qed.
-
-lemma get_element_append_r1 : 
- ∀A,B. ∀l1,l2: associative_list A B. ∀x.
-  ¬ (bool_to_Prop (x ∈ domain_of_associative_list … l1)) →
-   get_element ?? (l1@l2) x = get_element … l2 x.
-#A #B #l1 elim l1 normalize // #x #xs #IH #l2 #a cases (?==?)
-normalize [* #H cases H //] #H >IH normalize //
-qed.
-
-definition fresh_nf_label : ℕ → NonFunctionalLabel × ℕ ≝ 
-λx.〈a_non_functional_label x,S x〉.
-
-definition fresh_cc_labe : ℕ → CallCostLabel × ℕ ≝ 
-λx.〈a_call_label x,S x〉.
-
-definition fresh_rc_label : ℕ → ReturnPostCostLabel × ℕ ≝ 
-λx.〈a_return_cost_label (S x),S x〉.
-
-record call_post_info (p : instr_params) : Type[0] ≝ 
-{ gen_labels : list CostLabel
-; t_code : Instructions p
-; fresh : ℕ
-; lab_map : associative_list DEQCostLabel CostLabel
-; lab_to_keep : list ReturnPostCostLabel
+record call_post_info (p : instr_params) (l_p : label_params) : Type[0] ≝ 
+{ gen_labels : list (CostLabel l_p)
+; t_code : Instructions p l_p
+; fresh : l_p
+; lab_map : associative_list (DEQCostLabel l_p) (CostLabel l_p)
+; lab_to_keep : list (ReturnPostCostLabel l_p)
 }.
 
-let rec call_post_trans (p : instr_params) (i : Instructions p) (n : ℕ) on i : 
-list CostLabel → call_post_info p ≝
+let rec call_post_trans (p : instr_params) (l_p : label_params) (i : Instructions p l_p) (n : l_p) on i : 
+list (CostLabel l_p) → call_post_info p l_p ≝
 λabs.
 match i with
-[ EMPTY ⇒ mk_call_post_info ? abs (EMPTY …) n (nil ?) (nil ?)
-| RETURN x ⇒ mk_call_post_info ? abs (RETURN … x) n (nil ?) (nil ?)
+[ EMPTY ⇒ mk_call_post_info … abs (EMPTY …) n (nil ?) (nil ?)
+| RETURN x ⇒ mk_call_post_info … abs (RETURN … x) n (nil ?) (nil ?)
 | SEQ x lab instr ⇒
    let ih ≝ call_post_trans … instr n abs in
    match lab with 
-   [ None ⇒ mk_call_post_info ? (gen_labels … ih) (SEQ … x (None ?) (t_code … ih))
+   [ None ⇒ mk_call_post_info … (gen_labels ?? ih) (SEQ … x (None ?) (t_code … ih))
              (fresh … ih) (lab_map … ih) (lab_to_keep … ih)
    | Some lbl ⇒ 
-      mk_call_post_info ? (nil ?) (SEQ … x (Some ? lbl) (t_code …  ih)) (fresh … ih) 
-      (〈a_non_functional_label lbl,(a_non_functional_label lbl :: (gen_labels … ih))〉 :: (lab_map … ih))
+      mk_call_post_info … (nil ?) (SEQ … x (Some ? lbl) (t_code …  ih)) (fresh … ih) 
+      (〈a_non_functional_label … lbl,((a_non_functional_label … lbl) :: (gen_labels … ih))〉 :: (lab_map … ih))
       (lab_to_keep … ih)
    ]
@@ -498 +386 @@
    let ih2 ≝ call_post_trans … i2 (fresh … ih3) (gen_labels … ih3) in
    let ih1 ≝ call_post_trans … i1 (fresh … ih2) (gen_labels … ih3) in
-   mk_call_post_info ? (nil ?) (COND … x ltrue (t_code … ih1) lfalse (t_code … ih2) (t_code … ih3))
+   mk_call_post_info p l_p (nil ?) (COND … x ltrue (t_code … ih1) lfalse (t_code … ih2) (t_code … ih3))
     (fresh … ih1)  
-    (〈a_non_functional_label ltrue,(a_non_functional_label ltrue :: (gen_labels … ih1))〉::
-      〈a_non_functional_label lfalse,(a_non_functional_label lfalse :: (gen_labels … ih2))〉::
+    (〈a_non_functional_label … ltrue,(a_non_functional_label … ltrue :: (gen_labels … ih1))〉::
+      〈a_non_functional_label … lfalse,(a_non_functional_label … lfalse :: (gen_labels … ih2))〉::
        ((lab_map … ih1) @ (lab_map …  ih2) @ (lab_map … ih3)))
     ((lab_to_keep … ih1) @ (lab_to_keep … ih2) @ (lab_to_keep … ih3))
@@ -507 +395 @@
    let ih2 ≝ call_post_trans … i2 n abs in
    let ih1 ≝ call_post_trans … i1 (fresh … ih2) (nil ?) in
-   mk_call_post_info ? (nil ?) (LOOP … x ltrue (t_code … ih1) lfalse (t_code … ih2)) (fresh … ih1) 
-    (〈a_non_functional_label lfalse,(a_non_functional_label lfalse :: (gen_labels … ih2))〉 :: 
-     〈a_non_functional_label ltrue,(a_non_functional_label ltrue :: (gen_labels … ih1))〉 :: 
+   mk_call_post_info p l_p (nil ?) (LOOP … x ltrue (t_code … ih1) lfalse (t_code … ih2)) (fresh … ih1) 
+    (〈a_non_functional_label … lfalse,(a_non_functional_label … lfalse :: (gen_labels … ih2))〉 :: 
+     〈a_non_functional_label … ltrue,(a_non_functional_label … ltrue :: (gen_labels … ih1))〉 :: 
       ((lab_map … ih1) @ (lab_map … ih2)))
     ((lab_to_keep … ih1) @ (lab_to_keep … ih2))
@@ -515 +403 @@
    let ih ≝ call_post_trans … i1 n abs in
    match r_lb with 
-   [ None ⇒ let 〈l',f''〉 ≝ fresh_rc_label (fresh … ih) in
-       mk_call_post_info ? ((a_return_post l')::(gen_labels … ih)) 
+   [ None ⇒ let 〈l',f''〉 ≝ fresh_rc_label l_p (fresh … ih) in
+       mk_call_post_info p l_p ((a_return_post … l')::(gen_labels … ih)) 
          (CALL … f act_p (Some ? l') (t_code … ih))  f'' (lab_map … ih) (lab_to_keep … ih)
    | Some lbl ⇒ 
-      mk_call_post_info ? (nil ?) (CALL ? f act_p (Some ? lbl) (t_code … ih)) (fresh … ih) 
-       (〈a_return_post lbl,(a_return_post lbl :: (gen_labels … ih))〉 :: (lab_map … ih)) 
+      mk_call_post_info p l_p (nil ?) (CALL … f act_p (Some ? lbl) (t_code … ih)) (fresh … ih) 
+       (〈a_return_post … lbl,(a_return_post … lbl :: (gen_labels … ih))〉 :: (lab_map … ih)) 
        (lbl :: lab_to_keep … ih)
    ]
 | IO lin io lout i1 ⇒ 
     let ih ≝ call_post_trans … i1 n abs in
-    mk_call_post_info ? (nil ?) (IO ? lin io lout (t_code … ih)) (fresh … ih)
-     (〈a_non_functional_label lout,(a_non_functional_label lout :: (gen_labels … ih))〉 ::
-      〈a_non_functional_label lin,[a_non_functional_label lin]〉 :: (lab_map … ih)) (lab_to_keep … ih)
+    mk_call_post_info p l_p (nil ?) (IO … lin io lout (t_code … ih)) (fresh … ih)
+     (〈a_non_functional_label … lout,(a_non_functional_label … lout :: (gen_labels … ih))〉 ::
+      〈a_non_functional_label … lin,[a_non_functional_label … lin]〉 :: (lab_map … ih)) (lab_to_keep … ih)
 ].
 
 
-let rec call_post_clean (p : instr_params) (i : Instructions p) on i :
-associative_list DEQCostLabel CostLabel → list ReturnPostCostLabel → list CostLabel → 
-option ((list CostLabel) × (Instructions p)) ≝ 
+let rec call_post_clean (p : instr_params) (l_p : label_params) (i : Instructions p l_p) on i :
+associative_list (DEQCostLabel l_p) (CostLabel l_p) → list (ReturnPostCostLabel l_p) → list (CostLabel l_p) → 
+option ((list (CostLabel l_p)) × (Instructions p l_p)) ≝ 
 λm,keep,abs.
  match i with
@@ -569 +457 @@
                     then return 〈nil ?,CALL … f act_p (Some ? lbl) instr1〉
                     else None ?
-               else return 〈(a_return_post lbl) :: l1,CALL … f act_p (None ?) instr1〉 
+               else return 〈(a_return_post l_p lbl) :: l1,CALL … f act_p (None ?) instr1〉 
   ]
 | IO lin io lout i1 ⇒ 
@@ -578 +466 @@
 ].
 
-let rec foldr2 (A : Type[0]) (B : Type[0]) (C : Type[0]) (a : A) (l1 : list B)
-(l2 : list C) (f : A → B → C → A) on l1 : option A≝ 
-match l1 with
-[ nil ⇒ match l2 with [ nil ⇒ return a | cons y ys ⇒ None ? ]
-| cons x xs ⇒ 
-        match l2 with
-        [ nil ⇒ None ?
-        | cons y ys ⇒ ! ih ← (foldr2 … a xs ys f);
-                      return f ih x y
-        ]
-].
-
-definition is_silent_cost_act_b : ActionLabel → bool ≝ 
-λact. match act with
- [ cost_act x ⇒ match x with [None ⇒ true | _ ⇒ false ] | _ ⇒ false].
-
-definition eq_ActionLabel : ActionLabel → ActionLabel → bool ≝ 
-λc1,c2.
-match c1 with
-[ call_act f l ⇒ match c2 with [ call_act f' l' ⇒ f == f' ∧ l == l' | _ ⇒ false]
-| ret_act x ⇒ match c2 with [ret_act y ⇒ match x with [ None ⇒ match y with [ None ⇒ true | _ ⇒ false]
-                                                      | Some l ⇒ match y with [ Some l' ⇒ l == l' | _ ⇒ false]
-                                                      ]
-                            | _ ⇒ false
-                            ]
-| cost_act x ⇒ match c2 with [cost_act y ⇒ match x with [ None ⇒ match y with [ None ⇒ true | _ ⇒ false]
-                                                        | Some l ⇒ match y with [ Some l' ⇒ l == l' | _ ⇒ false]
-                                                        ]
-                             | _ ⇒ false
-                             ]
-].
-
-definition ret_costed_abs : list ReturnPostCostLabel → option ReturnPostCostLabel → option CostLabel ≝ 
-λkeep,x.
+
+definition ret_costed_abs : ∀p.list (ReturnPostCostLabel p) → option (ReturnPostCostLabel p) → 
+option (CostLabel p) ≝ 
+λp,keep,x.
  match x with 
-              [ Some lbl ⇒ if lbl ∈ keep then return (a_return_post lbl)
+              [ Some lbl ⇒ if lbl ∈ keep then return (a_return_post … lbl)
                            else None ?
               | None ⇒ None ?
@@ -619 +477 @@
 
 
-definition check_continuations : ∀p : instr_params.
-∀l1,l2 : list (ActionLabel × (Instructions p)). 
-associative_list DEQCostLabel CostLabel → 
-list ReturnPostCostLabel →  option (Prop × (list CostLabel) × (list CostLabel)) ≝ 
-λp,cont1,cont2,m,keep.
+definition check_continuations : ∀p : instr_params.∀l_p : label_params.
+∀l1,l2 : list ((ActionLabel l_p) × (Instructions p l_p)). 
+associative_list (DEQCostLabel l_p) (CostLabel l_p) → 
+list (ReturnPostCostLabel l_p) →  option (Prop × (list (CostLabel l_p)) × (list (CostLabel l_p))) ≝ 
+λp,l_p,cont1,cont2,m,keep.
 foldr2 ??? 〈True,nil ?,nil ?〉 cont1 cont2
  (λx,y,z.
    let 〈cond,abs_top',abs_tail'〉 ≝ x in
-   match call_post_clean p (\snd z) m keep abs_top' with
+   match call_post_clean p l_p (\snd z) m keep abs_top' with
    [ None ⇒ 〈False,nil ?,nil ?〉
    | Some w ⇒
       match \fst z with
        [ ret_act opt_x ⇒ 
-           match ret_costed_abs keep opt_x with 
+           match ret_costed_abs … keep opt_x with 
            [ Some lbl ⇒ 〈\fst y = \fst z ∧ cond ∧ \snd w = \snd y ∧ 
                                get_element … m lbl = lbl :: (\fst w),(nil ?),abs_tail'〉 
            | None ⇒ 
-              〈\fst y = ret_act (None ?) ∧ cond ∧ \snd w = \snd y,(nil ?),(\fst w) @ abs_tail'〉
+              〈\fst y = ret_act … (None ?) ∧ cond ∧ \snd w = \snd y,(nil ?),(\fst w) @ abs_tail'〉
            ]
        | cost_act opt_x ⇒
@@ -662 +520 @@
        
 
-definition state_rel : ∀p.
-associative_list DEQCostLabel CostLabel → list ReturnPostCostLabel → list CostLabel →(list CostLabel) → 
+definition state_rel : ∀p : state_params.
+associative_list (DEQCostLabel p) (CostLabel p) → list (ReturnPostCostLabel p) → 
+list (CostLabel p) → list (CostLabel p) → 
 relation (state p) ≝ λp,m,keep,abs_top,abs_tail,st1,st2.
-match check_continuations ? (cont ? st1) (cont … st2) m keep with
+match check_continuations … (cont ? st1) (cont … st2) m keep with
 [ Some x ⇒ let 〈prf1,abs_top',abs_tail'〉 ≝ x in
            prf1 ∧ call_post_clean … (code … st2) m keep abs_top' = return 〈abs_top,(code … st1)〉
@@ -672 +531 @@
 ].
 
-include "Simulation.ma".
-
-let rec len (s : abstract_status) (st1 : s) (st2 : s) (t : raw_trace s st1 st2)
-on t : ℕ ≝ 
-match t with
-[ t_base s ⇒ O
-| t_ind s1 s2 s3 l prf lt ⇒ S (len … lt)
-].
-(*
-lemma associative_max : ∀n1,n2,n3.max (max n1 n2) n3 = max n1 (max n2 n3).
-#n1 #n2 #n3 normalize @leb_elim normalize
-[ @leb_elim normalize
-  [ #H1 #H2 @leb_elim normalize
-    [ @leb_elim normalize // * #H @⊥ @H assumption  
-    | @leb_elim normalize
-      [ #H3 * #H @⊥ @H @(transitive_le … H1) assumption
-      | * #H @⊥ @H assumption
-      ]
-    ]
-  | #H1 #H2 @leb_elim normalize
-    [ @leb_elim normalize // #_ #H cases H1 #H1 @⊥ @H1 assumption
-    | @leb_elim normalize
-      [ #_ * #H @⊥ @H assumption
-      | * #H @⊥ @H @(transitive_le … H2) 
-*)
-let rec compute_max_n (p : instr_params) (i : Instructions p) on i : ℕ ≝ 
+let rec compute_max_n (p : instr_params) (l_p : label_params) (i : Instructions p l_p) on i : l_p ≝ 
 match i with 
-[ EMPTY ⇒ O
-| RETURN x ⇒ O
+[ EMPTY ⇒ e … l_p
+| RETURN x ⇒ e … l_p
 | SEQ x lab instr ⇒ let n ≝ compute_max_n … instr in
                     match lab with
@@ -706 +540 @@
                     | Some l ⇒ 
                         match l with 
-                        [ a_non_functional_label n' ⇒ S (max n n') ]
+                        [ a_non_functional_label n' ⇒ op … l_p n n' ]
                     ]
 | COND x ltrue i1 lfalse i2 i3 ⇒ 
@@ -712 +546 @@
   let n2 ≝ compute_max_n … i2 in
   let n3 ≝ compute_max_n … i3 in
-  let mx ≝ max (max n1 n2) n3 in
+  let mx ≝ op … l_p (op … l_p n1 n2) n3 in
   match ltrue with 
   [ a_non_functional_label lt ⇒ 
     match lfalse with
-    [a_non_functional_label lf ⇒ S (max (max mx lt) lf) ] ]
+    [a_non_functional_label lf ⇒  op … l_p (op … l_p mx lt) lf ] ]
 | LOOP x ltrue i1 lfalse i2 ⇒ 
    let n1 ≝ compute_max_n … i1 in
    let n2 ≝ compute_max_n … i2 in
-   let mx ≝ max n1 n2 in
+   let mx ≝ op … l_p n1 n2 in
    match ltrue with 
   [ a_non_functional_label lt ⇒ 
     match lfalse with
-    [a_non_functional_label lf ⇒ S (max (max mx lt) lf) ] ]
+    [a_non_functional_label lf ⇒ op … l_p (op … l_p mx lt) lf ] ]
 | CALL f act_p r_lb i1 ⇒ 
    let n ≝ compute_max_n … i1 in
    match r_lb with 
    [ None ⇒ n
-   | Some lbl ⇒ match lbl with [a_return_cost_label l ⇒ S(max l n) ]
+   | Some lbl ⇒ match lbl with [a_return_cost_label l ⇒ op … l_p l n ]
    ]
 | IO lin io lout i1 ⇒ 
@@ -736 +570 @@
   [a_non_functional_label l1 ⇒ 
     match lout with
-    [a_non_functional_label l2 ⇒ S(max (max n l1) l2) ] ]
+    [a_non_functional_label l2 ⇒ op … l_p (op … l_p n l1) l2 ] ]
 ].
 
 
-definition same_fresh_map_on : list CostLabel → 
-relation (associative_list DEQCostLabel CostLabel) ≝ 
-λdom,m1,m2.∀x.bool_to_Prop (x ∈ dom) → get_element … m1 x = get_element … m2 x.
-
-definition same_to_keep_on : list CostLabel → relation (list ReturnPostCostLabel) ≝ 
-λdom,keep1,keep2.∀x. bool_to_Prop (a_return_post x ∈ dom) → (x ∈ keep1) = (x ∈ keep2).
-
-lemma memb_not_append : ∀D : DeqSet.∀l1,l2 : list D.∀x : D.
-x ∈ l1 = false → x ∈ l2 = false → x ∈ (l1 @ l2) = false.
-#D #l1 elim l1
-[ #l2 #x #_ #H @H ]
-#x #xs #IH #l2 #x1 whd in match (memb ???); inversion (x1 == x) normalize nodelta
-[ #_ #EQ destruct] #EQx1 #EQxs #EQl2 whd in match (memb ???); >EQx1
-normalize nodelta @IH //
-qed.
-
-lemma memb_no_duplicates_append : ∀A : DeqSet.∀x.∀l1,l2 : list A .
-no_duplicates … (l1 @ l2) → x ∈  l1 → x ∈ l2 → False.
-#A #x #l1 elim l1 // #x1 #xs #IH #l2 * #H1 #H2 whd in match (memb ???);
-inversion (x == x1) normalize nodelta 
-[ #H3 #_ #H4 >memb_append_l2 in H1; [2: <(\P H3) @H4 ] * #H @H %
-| #_ @IH //
-]
-qed.
-
-
-lemma same_to_keep_on_append : ∀dom1,dom2,dom3 : list CostLabel.
-∀l1,l2,l3,l : list ReturnPostCostLabel.
-no_duplicates … (dom1@dom2@dom3) → (∀x.x ∈ l1 → a_return_post x ∈ dom1) →
-(∀x.x ∈ l3 → a_return_post x ∈ dom3) → 
-same_to_keep_on (dom1@dom2@dom3) (l1@l2@l3) l → 
-same_to_keep_on dom2 l2 l.
-#dom1 #dom2 #dom3 #l1 #l2 #l3 #l #no_dup #sub_set1 #sub_set3 #H2
+definition same_fresh_map_on : ∀p.list (CostLabel p) → 
+relation (associative_list (DEQCostLabel p) (CostLabel p)) ≝ 
+λp,dom,m1,m2.∀x.bool_to_Prop (x ∈ dom) → get_element … m1 x = get_element … m2 x.
+
+definition same_to_keep_on : ∀p. list (CostLabel p) → relation (list (ReturnPostCostLabel p)) ≝ 
+λp,dom,keep1,keep2.∀x. bool_to_Prop (a_return_post … x ∈ dom) → (x ∈ keep1) = (x ∈ keep2).
+
+
+lemma same_to_keep_on_append : ∀p.∀dom1,dom2,dom3 : list (CostLabel p).
+∀l1,l2,l3,l : list (ReturnPostCostLabel p).
+no_duplicates … (dom1@dom2@dom3) → (∀x.x ∈ l1 → a_return_post … x ∈ dom1) →
+(∀x.x ∈ l3 → a_return_post … x ∈ dom3) → 
+same_to_keep_on … (dom1@dom2@dom3) (l1@l2@l3) l → 
+same_to_keep_on … dom2 l2 l.
+#p #dom1 #dom2 #dom3 #l1 #l2 #l3 #l #no_dup #sub_set1 #sub_set3 #H2
 #x #Hx inversion (x ∈ l2)
  [ #EQkeep <H2 [> memb_append_l2 // >memb_append_l1 // ]
@@ -780 +596 @@
    | @sym_eq @memb_not_append [2: @memb_not_append //]
    [ <associative_append in no_dup; #no_dup ]
-   lapply(memb_no_duplicates_append … (a_return_post x) … no_dup) #H
+   lapply(memb_no_duplicates_append … (a_return_post … x) … no_dup) #H
    inversion(memb ???) // #H1 cases H 
    [1,4: [>memb_append_l2 | >memb_append_l1] // >Hx //
@@ -790 +606 @@
 qed.
 
-lemma same_fresh_map_on_append : ∀dom1,dom2,dom3,l1,l2,l3,l.
+lemma same_fresh_map_on_append : ∀p.∀dom1,dom2,dom3,l1,l2,l3,l.
 no_duplicates … (dom1 @dom2 @ dom3) → (∀x.x ∈ domain_of_associative_list … l1 → x ∈ dom1) →
 (∀x.x ∈ domain_of_associative_list … l3 → x ∈ dom3) → 
-same_fresh_map_on … (dom1 @dom2 @dom3) (l1 @l2 @ l3) l → 
-same_fresh_map_on … dom2 l2 l.
-#dom1 #dom2 #dom3 #l1 #l2 #l3 #l #no_dup #subset1 #subset3 whd in ⊢ (% → ?); #H1
+same_fresh_map_on p … (dom1 @dom2 @dom3) (l1 @l2 @ l3) l → 
+same_fresh_map_on p … dom2 l2 l.
+#p #dom1 #dom2 #dom3 #l1 #l2 #l3 #l #no_dup #subset1 #subset3 whd in ⊢ (% → ?); #H1
 whd #x #Hx <H1
 [2: >memb_append_l2 // >memb_append_l1 // >Hx //]
@@ -805 +621 @@
 
 
-lemma lab_to_keep_in_domain : ∀p.∀i : Instructions p.
+lemma lab_to_keep_in_domain : ∀p,l_p.∀i : Instructions p l_p.
 ∀x,n,l.
-x ∈ lab_to_keep … (call_post_trans … i n l) → a_return_post x ∈ get_labels_of_code …  i.
-#p #i elim i //
+x ∈ lab_to_keep … (call_post_trans … i n l) → a_return_post … x ∈ get_labels_of_code …  i.
+#p #l_p #i elim i //
 [ #seq #opt_l #instr #IH #x #n #l whd in match (call_post_trans ????);
   cases opt_l -opt_l normalize nodelta [|#lbl] 
@@ -836 +652 @@
 qed.
 
-lemma domain_of_associative_list_append : ∀A,B.∀l1,l2 : associative_list A B.
-domain_of_associative_list ?? (l1 @ l2) = 
- (domain_of_associative_list ?? l1) @ (domain_of_associative_list ?? l2).
-#A #B #l1 elim l1 // #x #xs #IH #l2 normalize //
-qed.
-
-lemma lab_map_in_domain: ∀p.∀i: Instructions p.
+lemma lab_map_in_domain: ∀p,l_p.∀i: Instructions p l_p.
  ∀x,n,l.
-  x ∈ domain_of_associative_list … (lab_map p (call_post_trans … i n l)) →
+  x ∈ domain_of_associative_list … (lab_map … (call_post_trans … i n l)) →
    x ∈ get_labels_of_code … i.
-#p #i elim i //
+#p #l_p #i elim i //
 [ #seq * [|#lbl] #i1 #IH #x #n #l whd in match(call_post_trans ????);
   whd in match (get_labels_of_code ??); /2/ whd in match (memb ???);
@@ -879 +689 @@
 qed.
 
-lemma eq_a_non_functional_label : 
-∀c1,c2.c1 == c2 → a_non_functional_label c1 == a_non_functional_label c2.
-#c1 #c2 #EQ cases(eqb_true DEQNonFunctionalLabel c1 c2) #H1 #_ lapply(H1 (eq_true_to_b … EQ)) -EQ
-#EQ destruct >(\b (refl …)) @I
-qed.
-
-let rec is_fresh_for_return (keep : list CostLabel) (n : ℕ) on keep : Prop ≝
+let rec is_fresh_for_return (p : label_params) (keep : list (CostLabel p)) (n : p) on keep : Prop ≝
 match keep with
 [ nil ⇒ True
-| cons x xs ⇒ let ih ≝ is_fresh_for_return xs n in
+| cons x xs ⇒ let ih ≝ is_fresh_for_return … xs n in
               match x with 
-              [ a_return_post y ⇒ match y with [a_return_cost_label m ⇒ m ≤ n ∧ ih ]
+              [ a_return_post y ⇒ match y with [a_return_cost_label m ⇒ m ⊑^{p} n ∧ ih ]
               | _ ⇒ ih
               ]
 ].
 
-lemma fresh_ok_call_post_trans : ∀p : instr_params.∀i1 : Instructions p.∀n : ℕ.∀l.
-n ≤ fresh … (call_post_trans p i1 n l).
-#p #i1 elim i1 normalize /2 by transitive_le, le_n/
+lemma fresh_ok_call_post_trans : ∀p : instr_params.∀l_p.∀i1 : Instructions p l_p.∀n : l_p.∀l.
+n ⊑^{l_p} fresh … (call_post_trans … i1 n l).
+#p #l_p #i1 elim i1 normalize /2 by trans_po_rel, refl_po_rel/
 [ #seq * [|#lbl] #i2 #IH #n #l normalize /2 by /
 | #cond #ltrue #i_true #lfalse #i_false #i2 #IH1 #IH2 #IH3 #n #l
-  @(transitive_le … (IH3 …)) [2: @(transitive_le … (IH2 …)) [2: @(transitive_le … (IH1 …)) ]] //
-| #f #act_p * [|#lbl] normalize #i2 #IH /2 by le_S/
+  @(trans_po_rel … (IH3 …)) [2: @(trans_po_rel … (IH2 …)) [2: @(trans_po_rel … (IH1 …)) ]] //
+| #f #act_p * [|#lbl] normalize #i2 #IH /2 by / #n #l @(trans_po_rel … (IH … l …)) @lab_po_rel_succ
 ]
 qed.
 
-lemma fresh_keep_n_ok : ∀n,m,l.
-is_fresh_for_return l n → n ≤ m → is_fresh_for_return l m.
-#n #m #l lapply n -n lapply m -m elim l // * 
+lemma fresh_keep_n_ok : ∀p : label_params.∀n,m.∀l.
+is_fresh_for_return p l n → n ⊑^{p} m → is_fresh_for_return p l m.
+#p #n #m #l lapply n -n lapply m -m elim l // * 
 [1,2,3: * #x] #xs #IH #n #m
-normalize [2: * #H1] #H2 #H3 [ %] /2 by transitive_le/
-qed.
-
-definition cast_return_to_cost_labels ≝ map … (a_return_post …).
+normalize [2: * #H1] #H2 #H3 [ %] /2 by trans_po_rel/ @(IH … H2) assumption
+qed.
+
+definition cast_return_to_cost_labels ≝ λp.map … (a_return_post p …).
 coercion cast_return_to_cost_labels.
 
-lemma fresh_false : ∀n.∀l: list ReturnPostCostLabel.is_fresh_for_return l n → 
-a_return_cost_label (S n) ∈ l = false.
-#n #l lapply n -n elim l // * #x #xs #IH #n whd in ⊢ (% → ??%?); * #H1 
+lemma succ_label_leq_absurd : ∀p : label_params.∀x : p.succ_label … p … x ⊑^{p} x → False.
+#p #x #ABS @(absurd ?? (no_maps_in_id … p x)) @(antisym_po_rel … (po_label … p)) //
+qed.
+
+lemma fresh_false : ∀p.∀n.∀l: list (ReturnPostCostLabel p).is_fresh_for_return … l n → 
+a_return_cost_label p (succ_label … n) ∈ l = false.
+#p #n #l lapply n -n elim l // * #x #xs #IH #n whd in ⊢ (% → ??%?); * #H1 
 #H2 @eq_return_cost_lab_elim
-[ #EQ destruct @⊥ /2 by absurd/
+[ #EQ destruct @⊥ @succ_label_leq_absurd //
 | #_ >IH //
 ]
 qed.
 
-lemma inverse_call_post_trans : ∀p : instr_params.∀i1 : Instructions p.∀n : ℕ.
+lemma inverse_call_post_trans : ∀p : instr_params.∀l_p : label_params.∀i1 : Instructions p l_p.∀n : l_p.
 let dom ≝ get_labels_of_code … i1 in
 no_duplicates … dom → 
 ∀m,keep.
-∀info,l.call_post_trans p i1 n l = info → 
-same_fresh_map_on dom (lab_map … info) m → 
-same_to_keep_on dom (lab_to_keep … info) keep → 
-is_fresh_for_return keep n → 
-call_post_clean ? (t_code ? info) m keep l 
+∀info,l.call_post_trans … i1 n l = info → 
+same_fresh_map_on … dom (lab_map … info) m → 
+same_to_keep_on … dom (lab_to_keep … info) keep → 
+is_fresh_for_return … keep n → 
+call_post_clean … (t_code … info) m keep l 
  = return 〈gen_labels … info,i1〉.
-#p #i1 elim i1
+#p #l_p #i1 elim i1
 [ #n #no_dup #m #keep * #gen_lab #t_code #fresh #lab_map #lab_keep #l whd in ⊢ (??%? → ?);
   #EQ destruct(EQ) //
@@ -950 +758 @@
   ]
   normalize nodelta <(H1 lbl) 
-  [2: whd in match (get_labels_of_code ??); @orb_Prop_l cases(eqb_true … (a_non_functional_label lbl) lbl)
+  [2: whd in match (get_labels_of_code ??); @orb_Prop_l cases(eqb_true … (a_non_functional_label … lbl) lbl)
       #H3 #H4 >H4 % ]
   whd in match (get_element ????); >(\b (refl …)) normalize nodelta 
@@ -960 +768 @@
       change with ([?;?]@?) in match (?::?) in H2;
       <associative_append in H2; <associative_append
-      <(append_nil … (?@?)) <associative_append in ⊢ (??%? → ?);
-      <(append_nil … (?@?)) in ⊢ (??%? → ?); >associative_append
-      >associative_append in ⊢ (??%? → ?); #H2
+      <(append_nil … (?@?)) <associative_append in ⊢ (???%? → ?);
+      <(append_nil … (?@?)) in ⊢ (???%? → ?); >associative_append
+      >associative_append in ⊢ (???%? → ?); #H2
       @(same_to_keep_on_append … H2) // [ >append_nil
       whd in ⊢ (??%); whd in no_dup:(??%); >associative_append // ]
@@ -972 +780 @@
       <associative_append in H1; <associative_append      
       <(append_nil … (?@?)) >associative_append
-      change with ([?;?]@?) in match (?::?::?) in ⊢ (??%? → ?);
-      <associative_append in ⊢ (??%? → ?);
-      <associative_append in ⊢ (??%? → ?);
-      <(append_nil … (?@?)) in ⊢ (??%? → ?);
-      >associative_append in ⊢ (??%? → ?); #H1
+      change with ([?;?]@?) in match (?::?::?) in ⊢ (???%? → ?);
+      <associative_append in ⊢ (???%? → ?);
+      <associative_append in ⊢ (???%? → ?);
+      <(append_nil … (?@?)) in ⊢ (???%? → ?);
+      >associative_append in ⊢ (???%? → ?); #H1
       @(same_fresh_map_on_append … H1) //
       [ >append_nil >associative_append // ]
@@ -1001 +809 @@
   |4: whd  in match (get_labels_of_code ??) in H1;
    change with ([?;?]@?) in match (?::?) in H1;
-   change with ([?;?]@?) in match (?::?::?) in H1 : (??%?);
-   <associative_append in H1; <associative_append in ⊢ (??%? → ?); #H1
+   change with ([?;?]@?) in match (?::?::?) in H1 : (???%?);
+   <associative_append in H1; <associative_append in ⊢ (???%? → ?); #H1
    @(same_fresh_map_on_append … H1) // [2: /2 by lab_map_in_domain/ ]
    #x >domain_of_associative_list_append #H cases(memb_append … H)
@@ -1019 +827 @@
   |3:  whd  in match (get_labels_of_code ??) in H2;
    change with ([?;?]@?) in match (?::?) in H2;
-   change with ([ ] @ ?) in match (lab_to_keep ??) in H2;
-   >associative_append in H2 : (??%?); #H2
+   change with ([ ] @ ?) in match (lab_to_keep ???) in H2;
+   >associative_append in H2 : (???%?); #H2
    @(same_to_keep_on_append … H2) //  #x #Hx cases(memb_append … Hx)
    -Hx #Hx [ >memb_append_l1 | >memb_append_l2] //
@@ -1026 +834 @@
   |4:  whd  in match (get_labels_of_code ??) in H1;
    change with ([?;?]@?) in match (?::?) in H1;
-   change with ([?;?]@?) in match (?::?::?) in H1 : (??%?);
+   change with ([?;?]@?) in match (?::?::?) in H1 : (???%?);
     @(same_fresh_map_on_append … H1) // #x >domain_of_associative_list_append
     #Hx cases(memb_append … Hx) -Hx #Hx [ >memb_append_l1 | >memb_append_l2 ]
@@ -1041 +849 @@
       whd in match (get_element ????); @eq_costlabel_elim normalize nodelta
       [ #ABS @⊥ cases no_dup >ABS * #H #_ @H @orb_Prop_l  
-      >(\b (refl ? (a_non_functional_label ltrue))) % ] #_
+      >(\b (refl ? (a_non_functional_label … ltrue))) % ] #_
       whd in match (get_element ????); >(\b (refl …)) normalize nodelta
       >(\b (refl …)) %
@@ -1050 +858 @@
     [ >m_return_bind <fresh_map [2: @orb_Prop_l >(\b (refl …)) % ]
       whd in match (get_element ????);
-      inversion(a_non_functional_label ltrue == a_non_functional_label lfalse) 
+      inversion(a_non_functional_label … ltrue == a_non_functional_label … lfalse) 
       #Hltrue normalize nodelta
       [ cases no_dup whd in match (memb ???); 
-        cases(eqb_true … (a_non_functional_label ltrue) (a_non_functional_label lfalse))
+        cases(eqb_true … (a_non_functional_label … ltrue) (a_non_functional_label … lfalse))
         #H1 #_ lapply(H1 Hltrue) #EQ destruct(EQ) >(\b (refl …)) * #ABS @⊥ @ABS % ]
       whd in match (get_element ????); >(\b (refl …)) normalize nodelta >(\b (refl …))
@@ -1060 +868 @@
       >(\b (refl …)) %
     | /2 by fresh_keep_n_ok/
-    | change with ([?;?]@?@?) in keep_on : (?%??); change with ((nil ?) @ ? @ ?) in keep_on : (??%?);
+    | change with ([?;?]@?@?) in keep_on : (??%??); change with ((nil ?) @ ? @ ?) in keep_on : (???%?);
       @(same_to_keep_on_append … keep_on) // #x /2 by lab_to_keep_in_domain/ 
-    | change with ([?;?]@?@?) in fresh_map : (?%%?); @(same_fresh_map_on_append … fresh_map)
+    | change with ([?;?]@?@?) in fresh_map : (??%%?); @(same_fresh_map_on_append … fresh_map)
       /2 by lab_map_in_domain/ #x whd in match (memb ???); inversion(x==lfalse) #Hlfalse
       normalize nodelta
@@ -1072 +880 @@
     ]
   | //
-  | change with ([?;?]@?@?) in keep_on : (?%??); <associative_append in keep_on; 
-    <(append_nil … (?@?)) <(append_nil … (?@?)) in ⊢ (??%? → ?); 
-    >associative_append in ⊢ (?%%? → ?); >associative_append in ⊢ (??%? → ?); 
+  | change with ([?;?]@?@?) in keep_on : (??%??); <associative_append in keep_on; 
+    <(append_nil … (?@?)) <(append_nil … (?@?)) in ⊢ (???%? → ?); 
+    >associative_append in ⊢ (??%%? → ?); >associative_append in ⊢ (???%? → ?); 
     #keep_on @(same_to_keep_on_append … keep_on) //
     [ >associative_append >append_nil //
     | #x #Hx @orb_Prop_r @orb_Prop_r /2 by lab_to_keep_in_domain/
     ]
-  | change with ([?;?]@?@?) in fresh_map : (?%??); <associative_append in fresh_map; 
-    <(append_nil … (?@?)) change with ([?;?]@?@?) in ⊢ (??%? → ?);
-    <associative_append in ⊢ (??%? → ?); <(append_nil … (?@?)) in ⊢ (??%? → ?); 
-    >associative_append in ⊢ (?%%? → ?); >associative_append in ⊢ (??%? → ?);
+  | change with ([?;?]@?@?) in fresh_map : (??%??); <associative_append in fresh_map; 
+    <(append_nil … (?@?)) change with ([?;?]@?@?) in ⊢ (???%? → ?);
+    <associative_append in ⊢ (???%? → ?); <(append_nil … (?@?)) in ⊢ (???%? → ?); 
+    >associative_append in ⊢ (??%%? → ?); >associative_append in ⊢ (???%? → ?);
     #fresh_map @(same_fresh_map_on_append … fresh_map) //
     [ >append_nil //
@@ -1113 +921 @@
     ]
   |2,7: //
-  |3,8: whd in match (get_labels_of_code ??) in same_keep; // #x #Hx <same_keep
+  |3,8: whd in match (get_labels_of_code ???) in same_keep; // #x #Hx <same_keep
         [2: >memb_cons // >Hx // ] cases no_dup * #ABS #_ whd in ⊢ (???%);
         inversion(x==?) [2: #_ //] #ABS1 @⊥ @ABS <(\P ABS1) >Hx //
-  |4,9: whd in match (get_labels_of_code ??) in fresh_map; // #x #Hx <fresh_map
+  |4,9: whd in match (get_labels_of_code ???) in fresh_map; // #x #Hx <fresh_map
         [2: >memb_cons // >Hx //] cases no_dup * #ABS #_ whd in ⊢ (???%);
         inversion(x==?) [2: #_ //] #ABS1 @⊥ @ABS <(\P ABS1) //
   |5,10: [ @no_dup | cases no_dup // ]
   ]
-| #lin #io #lout #i #IH #n whd in match (get_labels_of_code ??); #no_dup
+| #lin #io #lout #i #IH #n whd in match (get_labels_of_code ???); #no_dup
   #m #keep #info #l whd in ⊢ (??%? → ?); #EQ destruct(EQ) #fresh_map #same_keep
   #f_k whd in ⊢ (??%?); >(IH … (refl …))
@@ -1130 +938 @@
     [ #ABS @⊥ cases no_dup * #ABS1 #_ @ABS1 whd in match (memb ???); >(\P ABS)
       >(\b (refl …)) //
-    | #H inversion (a_non_functional_label lin== ? lout) 
+    | #H inversion (a_non_functional_label … lin== ? lout) 
       [ #ABS lapply(\P ABS) #EQ destruct >(\b (refl …)) in H; #EQ destruct
       | #_ normalize nodelta whd in match (get_element ????); >(\b (refl …))
@@ -1150 +958 @@
 qed.
 
-definition fresh_for_prog_aux : ∀p,p'.Program p p' → ℕ → ℕ ≝ 
-λp,p',prog,n.foldl … (λn,i.max n (compute_max_n … (f_body … i))) n (env … prog).
-
-include alias "arithmetics/nat.ma".
-
-lemma max_1 : ∀n,m,k.k ≤ m → k ≤ max m n.
-#m #n #k #H normalize @leb_elim // normalize nodelta #H1 
-/2 by transitive_le/
-qed.
-
-lemma max_2 : ∀n,m,k.k≤ n → k ≤ max m n.
-#m #n #k #H normalize @leb_elim // #H1 normalize nodelta
-@(transitive_le … H) @(transitive_le … (not_le_to_lt … H1)) //
-qed.
-
-lemma fresh_aux_ok : ∀p,p'.∀prog : Program p p'.∀n,m.n ≤ m → 
-fresh_for_prog_aux … prog n ≤ fresh_for_prog_aux … prog m.
-#p #p' * #env #main elim env // #hd #tl #IH #n #m #H whd in ⊢ (?%%);
-@IH whd in ⊢ (?%?); @leb_elim normalize nodelta
-[ #H1 @max_2 // | #_ @max_1 // ]
-qed.
-
-definition fresh_for_prog : ∀p,p'.Program p p' → ℕ ≝ 
-λp,p',prog.fresh_for_prog_aux … prog 
+definition fresh_for_prog_aux : ∀p,p',l_p.Program p p' l_p → l_p → l_p ≝ 
+λp,p',l_p,prog,n.foldl … (λn,i.op … l_p … n (compute_max_n … (f_body … i))) n (env … prog).
+
+
+lemma fresh_aux_ok : ∀p,p',l_p.∀prog : Program p p' l_p.∀n,m.n ⊑^{l_p} m → 
+fresh_for_prog_aux … prog n ⊑^{l_p} fresh_for_prog_aux … prog m.
+#p #p' #l_p * #env #main elim env // #hd #tl #IH #n #m #H whd in ⊢ (???%%);
+@IH whd in ⊢ (???%?); @(monotonic_magg … l_p … H)
+qed.
+
+definition fresh_for_prog : ∀p,p',l_p.Program p p' l_p → l_p ≝ 
+λp,p',l_p,prog.fresh_for_prog_aux … prog 
 (compute_max_n … (main … prog)).
 
 definition translate_env ≝ 
-λp,p'.λenv : list (env_item p p').λmax_all.(foldr ??
+λp,p',l_p.λenv : list (env_item p p' l_p).λmax_all.(foldr ??
            (λi,x.let 〈t_env,n,m,keep〉 ≝ x in
            let info ≝ call_post_trans … (f_body … i) n (nil ?) in
-                   〈(mk_env_item ?? 
+                   〈(mk_env_item ??? 
                        (mk_signature ??(f_name ?? i) (f_pars … i) (f_ret … i))
                        (f_lab … i) (t_code … info)) :: t_env,
-                     fresh … info, 〈a_call (f_lab … i),(a_call (f_lab … i)) :: (gen_labels ? info)〉 :: 
+                     fresh … info, 〈a_call … (f_lab … i),(a_call … (f_lab … i)) :: (gen_labels ?? info)〉 :: 
                                      ((lab_map … info) @ m),(lab_to_keep … info) @ keep〉) 
           (〈nil ?,max_all,nil ?,nil ?〉) env).
 
-definition trans_prog : ∀p,p'.Program p p' → 
-((Program p p') × (associative_list DEQCostLabel CostLabel)) × ((list ReturnPostCostLabel))≝ 
-λp,p',prog.
+definition trans_prog : ∀p,p',l_p.Program p p' l_p → 
+((Program p p' l_p) × (associative_list (DEQCostLabel l_p) (CostLabel l_p)) × ((list (ReturnPostCostLabel l_p))))≝ 
+λp,p',l_p,prog.
 let max_all ≝ fresh_for_prog … prog in
 let info_main ≝ (call_post_trans … (main … prog) max_all (nil ?)) in
 let 〈t_env,n,m,keep〉 ≝ translate_env … (env … prog) (fresh … info_main) in
-〈mk_Program ?? t_env (t_code … info_main),m @ (lab_map … info_main),keep @ (lab_to_keep … info_main)〉.
-
-definition map_labels_on_trace : 
-(associative_list DEQCostLabel CostLabel) → list CostLabel → list CostLabel ≝ 
-λm,l.foldr … (λlab,t.(get_element … m lab) @ t) (nil ?) l.
+〈mk_Program ??? t_env (t_code … info_main),m @ (lab_map … info_main),keep @ (lab_to_keep … info_main)〉.
+
+definition map_labels_on_trace : ∀p : label_params.
+(associative_list (DEQCostLabel p) (CostLabel p)) → list (CostLabel p) → list (CostLabel p) ≝ 
+λp,m,l.foldr … (λlab,t.(get_element … m lab) @ t) (nil ?) l.
 
 lemma map_labels_on_trace_append:
- ∀m,l1,l2. map_labels_on_trace m (l1@l2) =
-  map_labels_on_trace m l1 @ map_labels_on_trace m l2.
- #m #l1 elim l1 // #hd #tl #IH #l2 >associative_append <IH //
+ ∀p,m,l1,l2. map_labels_on_trace p m (l1@l2) =
+  map_labels_on_trace p m l1 @ map_labels_on_trace p m l2.
+#p #m #l1 elim l1 // #hd #tl #IH #l2 >associative_append <IH //
 qed.
 
@@ -1241 +1037 @@
 *)
 
-lemma memb_append_l22 : ∀A : DeqSet.∀x : A.∀l1,l2 : list A. 
-¬ (x ∈ l1) → x∈ l1 @ l2 = (x ∈ l2).
-#A #x #l1 elim l1 normalize // #y #ys #IH #l2 cases(x==y) 
-normalize [*] @IH
-qed.
-
-lemma memb_append_l12 : ∀A : DeqSet.∀x : A.∀l1,l2 : list A. 
-¬ (x ∈ l2) → x∈ l1 @ l2 = (x ∈ l1).
-#A #x #l1 elim l1 
-[ #l2 #H whd in match (append ???); @not_b_to_eq_false @Prop_notb >H % ]
-#y #ys #IH #l2 #H1 whd in match (memb ???); >IH //
-qed.
-
-
-lemma lookup_ok_append : ∀p,p',l,f,env_it.
-lookup p p' l f = return env_it → ∃l1,l2. l = l1 @ [env_it] @ l2 ∧
+
+
+lemma lookup_ok_append : ∀p,p',l_p,l,f,env_it.
+lookup p p' l_p l f = return env_it → ∃l1,l2. l = l1 @ [env_it] @ l2 ∧
 f_name … env_it = f.
-#p #p' #l elim l [ #f #env_it normalize #EQ destruct]
+#p #p' #l_p #l elim l [ #f #env_it normalize #EQ destruct]
 #x #xs #IH #f #env_it whd in ⊢ (??%? → ?); @eq_function_name_elim
 [ #EQ destruct(EQ) normalize nodelta whd in ⊢ (???% → ?); #EQ destruct
@@ -1274 +1058 @@
 *)
 
-lemma foldr_map_append :
-  ∀A,B:Type[0]. ∀l1, l2 : list A.
-   ∀f:A → list B. ∀seed.
-    foldr ?? (λx,acc. (f x) @ acc) seed (l1 @ l2) =
-     append ? (foldr ?? (λx,acc. (f x) @ acc) (nil ?) l1) 
-       (foldr  ?? (λx,acc. (f x) @ acc) seed l2).
-#A #B #l1 elim l1 normalize // /3 by eq_f, trans_eq/
-qed.
-
-lemma cons_append : ∀A.∀x : A.∀l.x::l = ([x]@l).
-//
-qed.
-
-lemma eq_a_call_label : 
-∀c1,c2.c1 == c2 → a_call c1 == a_call c2.
-#c1 #c2 #EQ cases(eqb_true ? c1 c2) #H1 #_ lapply(H1 (eq_true_to_b … EQ)) -EQ
-#EQ destruct >(\b (refl …)) @I
-qed.
-
-
-lemma no_duplicates_append_commute : ∀ A : DeqSet.∀l1,l2 : list A.
-no_duplicates … (l1 @ l2) → 
-no_duplicates … (l2 @ l1).
-#A #l1 elim l1
-[ #l2 >append_nil //]
-#x #xs #IH #l2 * #H1 #H2 lapply(IH … H2) lapply H1 -H1 -IH -H2
-elim l2 -l1
-[ >append_nil #H1 #H2 % // ]
-#y #ys #IH * #H1 * #H2 #H3 %
-[2: @IH
-   [ % #H4 @H1 cases(memb_append … H4)
-     [ #H5 >memb_append_l1 //
-     | #H5 >memb_append_l2 // @orb_Prop_r >H5 //
-     ]
-   | //
-   ]
-| % #H4 cases(memb_append … H4)
-  [ #H5 @(absurd ?? H2) >memb_append_l1 //
-  | whd in match (memb ???); inversion(y==x)
-    [ #H5 #_ <(\P H5) in H1; #H1 @H1 >memb_append_l2 //
-    | #_ normalize nodelta #H5 @(absurd ?? H2) >memb_append_l2 //
-    ]
-  ]
-]
-qed.
+
 
 (* aggiungere fresh_to_keep al lemma seguente??*)
 
-let rec subset (A : Type[0]) (l1,l2 : list A) on l1 : Prop ≝ 
-match l1 with
-[ nil ⇒ True
-| cons x xs ⇒ mem … x l2 ∧ subset … xs l2
-].
-
-interpretation "subset" 'subseteq a b = (subset ? a b).
-
-lemma subset_append_l2 : ∀A,l2,l1.subset A l2 (l1 @ l2).
-#A #l2 elim l2 // normalize #x #xs #IH #l1 % // @mem_append_l2 whd /2/
-qed.
-
-lemma refl_subset : ∀A.reflexive … (subset A).
-#A #l1 elim l1 // #x #xs #IH normalize % /2/
-qed.
-
-lemma fresh_for_subset : ∀l1,l2,n.l1 ⊆ l2 → is_fresh_for_return … l2 n → 
-is_fresh_for_return … l1 n.
-#l1 elim l1 // * [1,2,3: * #x] #xs #IH #l2 #n * #H1 #H2 #H3 whd
+lemma fresh_for_subset : ∀p : label_params.∀l1,l2,n.l1 ⊆ l2 → is_fresh_for_return p … l2 n → 
+is_fresh_for_return p … l1 n.
+#p #l1 elim l1 // * [1,2,3: * #x] #xs #IH #l2 #n * #H1 #H2 #H3 whd
 try(@IH) // % [2: @IH //] elim l2 in H1 H3; normalize [*]
 * [1,2,3: * #y] #ys #IH normalize 
@@ -1350 +1074 @@
 qed.
 
-lemma fresh_append : ∀n,l1,l2.is_fresh_for_return l1 n → is_fresh_for_return l2 n → 
-is_fresh_for_return (l1@l2) n.
-#n #l1 lapply n -n elim l1 // * [1,2,3: * #x] #xs #IH #n #l2 [2: * #H1 ] #H2 #H3 
+lemma fresh_append : ∀p.∀n,l1,l2.is_fresh_for_return p l1 n → is_fresh_for_return p l2 n → 
+is_fresh_for_return p (l1@l2) n.
+#p #n #l1 lapply n -n elim l1 // * [1,2,3: * #x] #xs #IH #n #l2 [2: * #H1 ] #H2 #H3 
 [ % // @IH //] @IH //
 qed.
 
-definition labels_of_prog : ∀p,p'.Program p p' → ? ≝ 
-λp,p',prog.foldr … (λx,l.l @ (get_labels_of_code … (f_body … x))) 
+definition labels_of_prog : ∀p,p',l_p.Program p p' l_p → ? ≝ 
+λp,p',l_p,prog.foldr … (λx,l.l @ (get_labels_of_code … (f_body … x))) 
  (get_labels_of_code … (main … prog)) (env … prog).
 
-lemma cast_return_append : ∀l1,l2.cast_return_to_cost_labels … (l1 @ l2) = 
-(cast_return_to_cost_labels … l1) @ (cast_return_to_cost_labels … l2).
-#l1 #l2 @(sym_eq … (map_append …)) qed.
+lemma cast_return_append : ∀p.∀l1,l2.cast_return_to_cost_labels p … (l1 @ l2) = 
+(cast_return_to_cost_labels p … l1) @ (cast_return_to_cost_labels p … l2).
+#p #l1 #l2 @(sym_eq … (map_append …)) qed.
 
 include alias "arithmetics/nat.ma".
 
 
-lemma is_fresh_code : ∀p.∀i : Instructions p.
-is_fresh_for_return (get_labels_of_code … i) (compute_max_n … i).
-#p #main  elim main //
-[ #seq * [| * #lbl] #i #IH normalize // @(fresh_keep_n_ok … IH)
-  inversion(leb ? lbl) // @leb_elim #Hlbl #EQ destruct normalize nodelta 
-  /2 by le_S/
-| #cond * #ltrue #i1 * #lfalse #i2 #i3 #IH1 #IH2 #IH3 whd in ⊢ (?%%); 
+lemma is_fresh_code : ∀p,l_p.∀i : Instructions p l_p.
+is_fresh_for_return l_p (get_labels_of_code … i) (compute_max_n … i).
+#p #l_p #main  elim main //
+[ #seq * [| * #lbl] #i #IH normalize // @(fresh_keep_n_ok … IH) //
+| #cond * #ltrue #i1 * #lfalse #i2 #i3 #IH1 #IH2 #IH3 whd in ⊢ (??%%); 
   @fresh_append
-  [ @(fresh_keep_n_ok … IH1) @le_S @max_1 @max_1 @max_1 @max_1 //
+  [ @(fresh_keep_n_ok … IH1) @max_1 @max_1 @max_1 @max_1 // 
   | @fresh_append
-    [ @(fresh_keep_n_ok … IH2) @le_S @max_1 @max_1 @max_1 @max_2 //
-    | @(fresh_keep_n_ok … IH3) @le_S @max_1 @max_1 @max_2 //
+    [ @(fresh_keep_n_ok … IH2) @max_1 @max_1 @max_1 @max_2 //
+    | @(fresh_keep_n_ok … IH3) @max_1 @max_1 @max_2 //
     ]
   ]
-| #cond * #ltrue #i1 * #lfalse #i2 #IH1 #IH2 whd in ⊢ (?%%); @fresh_append
-  [ @(fresh_keep_n_ok … IH1) @le_S @max_1 @max_1 @max_1 //
-  | @(fresh_keep_n_ok … IH2) @le_S @max_1 @max_1 @max_2 //
-  ]
-| #f #act_p * [| * #lbl] #i #IH whd in ⊢ (?%%); // 
-  change with ([?]@?) in ⊢ (?%?); @fresh_append
-  [ whd % // @le_S @max_1 //
-  | @(fresh_keep_n_ok … IH) @le_S @max_2 //
-  ]
-| * #lin #io * #lout #i #IH whd in ⊢ (?%%); @(fresh_keep_n_ok … IH)
-  @le_S @max_1 @max_1 //
+| #cond * #ltrue #i1 * #lfalse #i2 #IH1 #IH2 whd in ⊢ (??%%); @fresh_append
+  [ @(fresh_keep_n_ok … IH1) @max_1 @max_1 @max_1 //
+  | @(fresh_keep_n_ok … IH2) @max_1 @max_1 @max_2 //
+  ]
+| #f #act_p * [| * #lbl] #i #IH whd in ⊢ (??%%); // 
+  change with ([?]@?) in ⊢ (??%?); @fresh_append
+  [ whd % //
+  | @(fresh_keep_n_ok … IH) @max_2 //
+  ]
+| * #lin #io * #lout #i #IH whd in ⊢ (??%%); @(fresh_keep_n_ok … IH)
+  @max_1 @max_1 //
 ]
 qed.
 
-lemma is_fresh_fresh_for_prog : ∀p,p'.∀prog : Program p p'.
-is_fresh_for_return (labels_of_prog … prog) (fresh_for_prog … prog).
-#p #p' * #env #main whd in match fresh_for_prog; normalize nodelta whd in ⊢ (?%?);
-elim env // * #sig #cost #i #tail #IH  whd in ⊢ (?%?); @fresh_append
+lemma is_fresh_fresh_for_prog : ∀p,p',l_p.∀prog : Program p p' l_p.
+is_fresh_for_return … (labels_of_prog … prog) (fresh_for_prog … prog).
+#p #p' #l_p * #env #main whd in match fresh_for_prog; normalize nodelta whd in ⊢ (??%?);
+elim env // * #sig #cost #i #tail #IH  whd in ⊢ (??%?); @fresh_append
 [ @(fresh_keep_n_ok … IH) @fresh_aux_ok @max_1 //
 | @(fresh_keep_n_ok … (is_fresh_code … i)) whd in match fresh_for_prog_aux; normalize nodelta
-  whd in ⊢ (??%); elim tail [ @max_2 // ] #hd1 #tl1 #IH1 @(transitive_le …  IH1)
-  whd in ⊢ (??%); change with (fresh_for_prog_aux ?? (mk_Program ?? tl1 main) ?) in ⊢ (?%%);
+  whd in ⊢ (????%); elim tail [ @max_2 // ] #hd1 #tl1 #IH1 @(trans_po_rel …  IH1)
+  whd in ⊢ (????%); change with (fresh_for_prog_aux ??? (mk_Program ??? tl1 main) ?) in ⊢ (???%%);
   @fresh_aux_ok @max_1 //
 ]
 qed.
 
-lemma subset_def : ∀A : DeqSet.∀l1,l2 : list A.(∀x.x ∈l1 → x ∈ l2) → l1 ⊆ l2.
-#A #l1 elim l1 // #x #xs #IH #l2 #H % 
-[ @memb_to_mem >H // >memb_hd // 
-| @IH #y #H1 @H >memb_cons // >H1 //
-]
-qed.
-
-lemma memb_cast_return : ∀keep,x.x ∈ cast_return_to_cost_labels keep → 
-∃ y.x = a_return_post y ∧ bool_to_Prop (y ∈ keep).
-#keep elim keep
+lemma memb_cast_return : ∀p.∀keep,x.x ∈ cast_return_to_cost_labels p keep → 
+∃ y.x = a_return_post … y ∧ bool_to_Prop (y ∈ keep).
+#p #keep elim keep
 [ #x *] #x #xs #IH #y whd in match cast_return_to_cost_labels;
 whd in match (map ????); whd in match (memb ???); inversion(y==x)
@@ -1424 +1139 @@
 qed.
 
-lemma subset_append : ∀A.∀l1,l2,l3 : list A.l1 ⊆ l3 → l2 ⊆ l3 → (l1 @ l2) ⊆ l3.
-#A #l1 elim l1 // #x #xs #IH #l2 #l3 * #H1 #H2 #H3 % /2/
-qed.
-
-lemma subset_def_inv : ∀A.∀l1,l2 : list A. l1 ⊆ l2 → ∀x.mem … x l1 → mem … x l2.
-#A #l1 elim l1 [ #l2 * #x * ] #x #xs #IH #l2 * #H1 #H2 #y *
-[ #EQ destruct // | #H3 @IH // ]
-qed.
-
-lemma transitive_subset : ∀A.transitive … (subset A).
-#A #l1 elim l1 // #x #xs #IH #l2 #l3 * #H1 #H2 #H3 %
-[ @(subset_def_inv … H3) // | @IH // ]
-qed.
-
-lemma subset_append_h1 : ∀A.∀l1,l2,l3 : list A.l1 ⊆ l3 → l1 ⊆ (l3 @ l2).
-#A #l1 elim l1 // #x #x2 #IH #l2 #l3 * #H1 #H2 % [ @mem_append_l1 // | @IH // ]
-qed.
-
-lemma subset_append_h2 : ∀A.∀l1,l2,l3 : list A.l2 ⊆ l3 → l2 ⊆ (l1 @ l3).
-#A #l1 elim l1 // #x #xs #IH #l2 elim l2 // #y #ys #IH #l3 * #H1 #H2 %
-[ @mem_append_l2 // | @IH // ]
-qed.
-
-lemma lab_to_keep_in_prog : ∀p,p'.∀prog : Program p p'.
+lemma lab_to_keep_in_prog : ∀p,p',l_p.∀prog : Program p p' l_p.
 ∀t_prog,m,keep.trans_prog … prog = 〈t_prog,m,keep〉 → 
-(cast_return_to_cost_labels keep) ⊆ (labels_of_prog p p' prog).
-#p #p' * #env #main #t_prog #m #keep whd in match trans_prog; normalize nodelta
+(cast_return_to_cost_labels l_p keep) ⊆ (labels_of_prog p p' l_p prog).
+#p #p' #l_p * #env #main #t_prog #m #keep whd in match trans_prog; normalize nodelta
 @pair_elim * #env1 #fresh * #m1 #keep1 #EQenv1 normalize nodelta #EQ destruct
 lapply EQenv1 -EQenv1 lapply keep1 -keep1 lapply m1 -m1 lapply fresh -fresh
-lapply env1 -env1 generalize in match (fresh_for_prog ???); elim env
+lapply env1 -env1 generalize in match (fresh_for_prog ????); elim env
 [ #n #t_env #n1 #m #keep whd in ⊢ (??%? → ?); #EQ destruct whd in match (append ???);
   @subset_def #x #H whd in match (labels_of_prog); normalize nodelta
@@ -1460 +1152 @@
 | #x #xs #IH #n #t_env #n1 #m #keep whd in ⊢ (??%? → ?); @pair_elim
   * #t_env_tail #fresh_tail * #t_m_tail #t_keep_tail 
-  change with (translate_env ????) in match (foldr ?????); #EQt_env_tail
+  change with (translate_env ?????) in match (foldr ?????); #EQt_env_tail
   normalize nodelta #EQ1 destruct >cast_return_append @subset_append
   [ >cast_return_append @subset_append
@@ -1467 +1159 @@
       >memb_append_l2 // @(lab_to_keep_in_domain … H)
     | whd in match labels_of_prog; normalize nodelta whd in match (foldr ?????);
-      change with (labels_of_prog ?? (mk_Program ?? xs ?)) in match (foldr ?????);
+      change with (labels_of_prog ??? (mk_Program ??? xs ?)) in match (foldr ?????);
       @subset_append_h1 @(transitive_subset … (IH … EQt_env_tail))
       >cast_return_append @subset_append_h1 //
     ]
   | whd in match labels_of_prog; normalize nodelta whd in match (foldr ?????);
-    change with (labels_of_prog ?? (mk_Program ?? xs ?)) in match (foldr ?????);
+    change with (labels_of_prog ??? (mk_Program ??? xs ?)) in match (foldr ?????);
     @subset_append_h1 @(transitive_subset … (IH … EQt_env_tail))
      >cast_return_append @subset_append_h2 //
@@ -1479 +1171 @@
 qed.
 
-lemma fresh_call_post_trans_ok : ∀p.∀i : Instructions p.∀n,l.
-n ≤ fresh … (call_post_trans … i n l).
-#p #i elim i //
-qed.
-
-lemma fresh_translate_env_ok : ∀p,p'.∀env,t_env : list (env_item p p').∀n,n1,m,keep.
-translate_env … env n = 〈t_env,n1,m,keep〉 → n ≤ n1.
-#p #p' #env elim env
+lemma fresh_call_post_trans_ok : ∀p,l_p.∀i : Instructions p l_p.∀n,l.
+n ⊑^{l_p} fresh … (call_post_trans … i n l).
+#p #l_p #i elim i //
+qed.
+
+lemma fresh_translate_env_ok : ∀p,p',l_p.∀env,t_env : list (env_item p p' l_p).∀n,n1,m,keep.
+translate_env … env n = 〈t_env,n1,m,keep〉 → n ⊑^{l_p} n1.
+#p #p' #l_p #env elim env
 [ #t_env #n #n1 #m #keep whd in ⊢ (??%? → ?); #EQ destruct // ]
 #x #xs #IH #t_env #n #n1 #m #keep whd in ⊢ (??%? → ?);
-change with (translate_env ????) in match (foldr ?????); @pair_elim
+change with (translate_env ?????) in match (foldr ?????); @pair_elim
 * #t_env_tail #fresh_tail * #t_m_tail #t_keep_tail #EQt_env_tail normalize nodelta
-#EQ destruct @(transitive_le … (IH … EQt_env_tail)) @fresh_call_post_trans_ok
+#EQ destruct @(trans_po_rel … (IH … EQt_env_tail)) @fresh_call_post_trans_ok
 qed.
  
@@ -1498 +1190 @@
 no_duplicates_labels … prog → 
 let 〈t_prog,m,keep〉 ≝ trans_prog … prog in 
-∀f,env_it.lookup p p (env … prog) f = return env_it → 
+∀f,env_it.lookup p p p (env … prog) f = return env_it → 
 let dom ≝ get_labels_of_code … (f_body … env_it) in 
-∃env_it',n.is_fresh_for_return keep n ∧lookup p p (env … t_prog) f = return env_it' ∧ 
+∃env_it',n.is_fresh_for_return p keep n ∧lookup p p p (env … t_prog) f = return env_it' ∧ 
 let info ≝ call_post_trans … (f_body … env_it) n (nil ?) in
 t_code … info = f_body … env_it' ∧
-get_element … m (a_call (f_lab … env_it')) = (a_call (f_lab … env_it')) :: gen_labels … info ∧
+get_element … m (a_call … (f_lab … env_it')) = (a_call … (f_lab … env_it')) :: gen_labels … info ∧
 f_sig … env_it = f_sig … env_it' ∧ f_lab … env_it = f_lab … env_it' ∧
-same_fresh_map_on dom m (lab_map … info) ∧ same_to_keep_on dom keep (lab_to_keep … info).
+same_fresh_map_on … dom m (lab_map … info) ∧ same_to_keep_on … dom keep (lab_to_keep … info).
 #p #prog inversion(trans_prog … prog) * #t_prog0 #m0 #keep0 #EQt_prog
 lapply EQt_prog normalize nodelta
@@ -1512 +1204 @@
 whd in match trans_prog; normalize nodelta 
 @pair_elim
-cut(fresh_for_prog ?? prog ≤ fresh_for_prog ?? (mk_Program … env main)) [ >EQprog //]
-generalize in match (fresh_for_prog ???) in ⊢ (??% → %);
+cut(fresh_for_prog ??? prog ⊑^{p} fresh_for_prog ??? (mk_Program … env main)) [ >EQprog //]
+generalize in match (fresh_for_prog ????) in ⊢ (????% → %);
 lapply t_prog0 lapply m0 lapply keep0
 elim env in ⊢ (?→ ? → ? → ? → ? → %);
@@ -1519 +1211 @@
 * #hd_sig #hd_lab #hd_code #tail #IH #keep #m #t_prog #fresh1 #Hfresh1 * #env' #fresh * #m' #keep' 
 normalize in ⊢ (% → ?); normalize nodelta @pair_elim * #env_tail #fresh_tail
-* #m_tail #keep_tail change with (translate_env ????) in ⊢ (??%? → ?); #EQtail normalize nodelta #EQ1 destruct(EQ1) #EQ2 destruct(EQ2)
+* #m_tail #keep_tail change with (translate_env ?????) in ⊢ (??%? → ?); #EQtail normalize nodelta #EQ1 destruct(EQ1) #EQ2 destruct(EQ2)
 whd in ⊢ (% → ?); whd in match (foldr ?????); * #Hhd_lab #H lapply(no_duplicates_append_r … H) 
-change with (no_duplicates_labels p p (mk_Program p p tail main)) in match
-(no_duplicates_labels p p (mk_Program p p tail main)); #no_dup_tail
+change with (no_duplicates_labels p p p (mk_Program p p p tail main)) in match
+(no_duplicates_labels p p p (mk_Program p p p tail main)); #no_dup_tail
 lapply(no_duplicates_append_l … H) #no_dup_head normalize nodelta 
 #f #env_it whd in ⊢ (??%? → ?); @eq_function_name_elim normalize nodelta
@@ -1534 +1226 @@
         @(fresh_for_subset … (labels_of_prog … prog))
         [ @(lab_to_keep_in_prog … EQkeep1) | @is_fresh_fresh_for_prog ]
-       | @(transitive_le … (fresh_translate_env_ok … EQtail)) // 
+       | @(trans_po_rel … (fresh_translate_env_ok … EQtail)) // 
       ]
     | whd in ⊢ (??%?); @eq_function_name_elim [2: * #H @⊥ @H %] #_ normalize nodelta
@@ -1583 +1275 @@
         >memb_append_l2 // >IH %
     ] 
-    >memb_append_l12 // inversion(memb ???) // #ABS @(memb_no_duplicates_append … (a_return_post x) … H)
+    >memb_append_l12 // inversion(memb ???) // #ABS @(memb_no_duplicates_append … (a_return_post … x) … H)
     // @⊥
     (* subproof with no nice statement *)
@@ -1599 +1291 @@
     #H1 #H2 #H3 cases(memb_append … H3) -H3
     [ #H3 change with ([?]@?) in match (?::?) in H2;
-      lapply(no_duplicates_append_commute … H2) -H2 * #_ #H4 @(memb_no_duplicates_append … (a_return_post x) … H4)
+      lapply(no_duplicates_append_commute … H2) -H2 * #_ #H4 @(memb_no_duplicates_append … (a_return_post … x) … H4)
       [ whd in match (append ???); >memb_append_l1 // >(lab_to_keep_in_domain … (eq_true_to_b … H3)) % 
       | //
@@ -1630 +1322 @@
    % [2: #x #Hx <same_to_keep // >associative_append @memb_append_l22 
         inversion(memb ???) // #ABS lapply(lab_to_keep_in_domain … (eq_true_to_b … ABS))
-        #ABS1 @(memb_no_duplicates_append … (a_return_post x) … H) // 
+        #ABS1 @(memb_no_duplicates_append … (a_return_post … x) … H) // 
         cases(lookup_ok_append … Henv_it) #l1 * #l2 * #EQ1 #EQ2 destruct(EQ1 EQ2)
         >foldr_map_append >memb_append_l2 // >foldr_map_append >memb_append_l1 //
@@ -1658 +1350 @@
    >associative_append
    @get_element_append_r1 % >domain_of_associative_list_append #ABS cases(memb_append … ABS)
-         [ whd in match (memb ???); inversion(a_call (f_lab … new_env_it)== a_call hd_lab) 
+         [ whd in match (memb ???); inversion(a_call … (f_lab … new_env_it)== a_call … hd_lab) 
            #EQ_hdlab normalize nodelta
            [2: whd in ⊢ (??%? → ?); #EQ destruct ]  
@@ -1665 +1357 @@
            * #ABS1 @ABS1 >memb_append_l2 // >memb_append_l2 //
            >memb_append_l1 // whd in ⊢ (??%?); >EQ_f_lab >(\b (refl …)) // 
-         | #ABS1 @(memb_no_duplicates_append … (a_call (f_lab … new_env_it)) … H) 
+         | #ABS1 @(memb_no_duplicates_append … (a_call … (f_lab … new_env_it)) … H) 
            [ @(lab_map_in_domain … (eq_true_to_b … ABS1))
            | cases(lookup_ok_append … Henv_it)
@@ -1676 +1368 @@
 qed.
 
-lemma len_append : ∀S : abstract_status.∀st1,st2,st3 : S.
-∀t1 : raw_trace … st1 st2.∀t2 : raw_trace … st2 st3.
-len … (t1 @ t2) = len … t1 + len …  t2.
-#S #st1 #st2 #st3 #t1 elim t1 normalize //
-qed.
 (*
 axiom permute_ok : ∀A.∀l1,l2,l3,l4,l5,l6,l7,l8,l9,x,y.
@@ -1689 +1376 @@
    (((x ::l4 @y ::l3) @l8) @l9)).
 *)   
-lemma append_premeasurable : ∀S : abstract_status.
-∀st1,st2,st3 : S.∀t1 : raw_trace … st1 st2.∀t2: raw_trace … st2 st3.
-pre_measurable_trace … t1 → pre_measurable_trace … t2 → 
-pre_measurable_trace … (t1 @ t2).
-#S #st1 #st2 #st3 #t1 #t2 #Hpre lapply t2 -t2 elim Hpre -Hpre //
-[ #s1 #s2 #s3 #l #prf #tl #Hclass #Hcost #pre_tl #IH #t2 #pr3_t2
-  %2 // @IH //
-| #s1 #s2 #s3 #l #Hclass #prf #tl #ret_l #pre_tl #IH #t2 #pre_t2 %3 // @IH //
-| #s1 #s2 #s3 #l #prf #tl #Hclass #call #callp #pre_tl #IH #t2 #pre_t2 %4 // @IH //
-| #s1 #s2 #s3 #s4 #s5 #l1 #l2 #prf1 #tl1 #tl2 #prf2 #Hclass1 #Hclass3 #call_l1
-  #nopost #pre_tl1 #pre_tl2 #succ #unlab #IH1 #IH2 #t2 #pre_t2
-  normalize >append_associative in ⊢ (????(???????%)); %5 // @IH2 //
-]
-qed.
-    
-lemma correctness_lemma : ∀p,p',prog.
-no_duplicates_labels … prog → 
-let 〈t_prog,m,keep〉 ≝ trans_prog … prog in
-∀s1,s2,s1' : state p.∀abs_top,abs_tail.
-∀t : raw_trace (operational_semantics … p' prog) s1 s2.
-pre_measurable_trace … t → 
-state_rel … m keep abs_top abs_tail s1 s1' → 
-∃abs_top'.∃s2'.∃t' : raw_trace (operational_semantics … p' t_prog) s1' s2'.
-state_rel  … m keep abs_top' abs_tail s2 s2' ∧
-is_permutation ? ((abs_top @ (map_labels_on_trace m (get_costlabels_of_trace … t))) @ abs_tail)  
-                 (((get_costlabels_of_trace … t') @ abs_top' ) @ abs_tail) ∧
- len … t = len … t' ∧ 
- (∀k.∀i.option_hd … (cont … s2) = Some ? 〈ret_act (None ?),i〉 → 
- cont … s1 = k @ cont … s2 → 
-∃k'.cont … s1' = k' @ cont … s2' ∧ |k| = |k'|) 
-∧ pre_measurable_trace … t' ∧
-(pre_silent_trace … t → pre_silent_trace … t').
-#p #p' #prog #no_dup @pair_elim * #t_prog #m #keep #EQtrans
-#s1 #s2 #s1' #abs_top #abs_tail #t #Hpre lapply abs_top -abs_top lapply abs_tail
--abs_tail lapply s1' -s1' elim Hpre
-[ #st #Hst #s1' #abs_tail #abs_top #H %{abs_top} %{s1'} %{(t_base …)}
-  cut(? : Prop)
-  [3: #Hpre' % 
-  [ %
-   [ %
-    [ % [2: %] %{H} whd in match (get_costlabels_of_trace ????); >append_nil
-      @is_permutation_eq
-    | #k #i #_ #EQcont_st %{[ ]} % // @sym_eq @eq_f @append_l1_injective_r //
-    ]
-  | @Hpre'
-  ]
- | #_ %1 /2 by head_of_premeasurable_is_not_io/
- ]
- | skip
- ]
-   %1 whd in H; cases(check_continuations ?????) in H; [*] ** #H1 #abs_top_cont 
-    #abs_tail_cont normalize nodelta **** #_ #rel #_ #H2 #_ normalize
-    inversion(code ??) normalize nodelta
-    [|#r_t| #seq #lbl #i #_ | #cond #ltrue #i1 #lfalse #i2 #i3 #_ #_ #_ 
-     | #cond #ltrue #i1 #lfalse #i2 #_ #_ | #f #act_p #rlbl #i #_ 
-     | #lin #io #lout #i #_ ]
-    #EQcode_s1' normalize nodelta [|*: % #EQ destruct] <H2
-    >EQcode_s1' in rel; whd in ⊢ (??%% → ?); #EQ destruct(EQ)
-    normalize in Hst; <e1 in Hst; normalize nodelta //
-| #st1 #st2 #st3 #lab whd in ⊢ (% → ?); #H inversion H in ⊢ ?; #st11 #st12
-  [ * #lab1 #new_code #new_cont #EQcode11 #EQcont11 #EQcode12 #EQcont12 #EQstore
-    #Hio11 #EQio12 #Hl1 #EQ1 #EQ2 #EQ3 #EQ4 destruct #tl #class_st11 * #opt_l #EQ destruct(EQ) 
-    #pre_tl #IH #s1' #abs_tail #abs_top whd in match state_rel in ⊢ (% → ?); normalize nodelta >EQcont11 in ⊢ (% → ?);
-    whd in match check_continuations; normalize nodelta whd in match (foldr2 ???????);
-    inversion (cont ? s1') [ #_ *] * #l1' #new_code' #new_cont' #_ #EQconts1'
-    normalize nodelta change with (check_continuations ?????) in match (foldr2 ???????); 
-    inversion(check_continuations ?????) [ #_ *] ** #H1 #l2 #ll2 #EQHl2 
-    >m_return_bind normalize nodelta inversion (call_post_clean ?????) [ #_ ***** ]
-    * #l3 #code_c_st12 #EQcode_c_st12 normalize nodelta
-    cases l1' in EQconts1'; (*in Hio11 Hl1 EQcont11 H;*) normalize nodelta
-    [ #x #y #_ (*#_ #_ #_ #H*) *****
-    | #x #_ cases (ret_costed_abs ??) normalize nodelta [|#c] ******[|*] #EQ @⊥ >EQ in Hl1;
-      normalize * /2/ ] *
-    [ #EQconts1' normalize nodelta ****** #EQ destruct(EQ)
-      #HH1 #EQ destruct(EQ) >EQcode11 in ⊢ (% → ?); inversion(code … s1')
-      [
-      | #x 
-      | #seq #lbl #i #_ 
-      | #cond #ltrue #i1 #lfalse #i2 #i3 #_ #_ #_
-      | #cond #ltrue #i1 #lfalse #i2 #_ #_
-      | #f #act_p #ret_post #i #_
-      | #l_in #io #l_out #i #_
-      ]
-      [|*: #_ whd in ⊢ (??%% → ?); [ #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)]
-           cases(call_post_clean ?????) normalize nodelta
-           [1,3,5,7,9: #EQ destruct(EQ)] 
-        [ * #z1 #z2 cases lbl normalize nodelta [|#z3 cases(?==?) normalize nodelta] 
-          whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-        | * #z1 #z2 cases(call_post_clean ?????) [| * #z3 #z4 ] whd in ⊢ (??%% → ?);
-          [2: cases(call_post_clean ?????) normalize nodelta 
-          [| * #z5 #z6 cases(?∧?) normalize nodelta]] whd in ⊢ (??%% → ?);
-          #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-        | * #z1 #z2 cases(call_post_clean ?????) 
-          [| * #z3 #z4 >m_return_bind cases(?∧?) normalize nodelta]
-          whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-        | * #z1 #z2 cases ret_post normalize nodelta 
-          [| #z3 cases(memb ???) normalize nodelta [ cases(?==?) normalize nodelta] ]
-          whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-        | * #z1 #z2 cases(?∧?) normalize nodelta
-          whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-        ]
-      ]
-      #EQcodes1' whd in ⊢ (??%% → ?); #EQ destruct(EQ) #EQstore11 #EQio11 #EQ destruct(EQ)
-      cases(IH (mk_state ? new_code' new_cont' (store … s1') false) ll2 abs_top …)
-      [2: whd whd in match check_continuations; normalize nodelta 
-         change with (check_continuations ?????) in match (foldr2 ???????); >EQHl2
-         normalize nodelta % // % // % // % // @EQcode_c_st12 ]
-      #abs_top' * #st3' * #t' *****
-      #Hst3st3' #EQcosts #EQlen #stack_safety #pre_t' #Hsil
-      %{abs_top'} %{st3'} %{(t_ind … (cost_act (None ?)) …  t')}
-      [ @hide_prf whd @(empty ????? 〈(cost_act (None ?)),?〉)
-        [3: assumption |4: assumption |*:] /3 by nmk/ ]
-      % [ % 
-      [ % [%   [2: whd in ⊢ (??%%); >EQlen % ] %{Hst3st3'} @EQcosts]
-      * [| #hd #tl] #i #EQcont_st3 >EQcont11 #EQ whd in EQ : (???%);
-      [ <EQ in EQcont_st3; whd in ⊢ (??%% → ?); #EQ1 destruct ]
-      destruct cases(stack_safety … EQcont_st3 … e0) #k1 *
-      #EQk1 #EQlength %{(〈cost_act (None ?),new_code'〉::k1)} 
-      % [ >EQk1 % | whd in ⊢ (??%%); @eq_f // ] ]
-      %2 // [2: % //] normalize >EQcodes1' normalize nodelta <EQio11
-      normalize in class_st11; >EQcode11 in class_st11; // ]
-      #H inversion H in ⊢ ?;
-      [ #H1 #H2 #H3 #H4 #H5 #H6 destruct ] #H8 #H9 #H10 #H11 #H12 #H13 #H14 #H15 #H16 #H17 #H18 #H19
-      destruct %2
-      [ % whd in ⊢ (??%% → ?); >EQcodes1' normalize nodelta <EQio11 inversion(io_info … H8)
-        normalize nodelta [2: #_ #EQ destruct] #ABS lapply class_st11 whd in match (as_classify ??);
-        >EQcode11 normalize nodelta >ABS normalize nodelta * /2/
-      ]
-      @Hsil //
-    | #lbl #EQconts1' normalize nodelta ******* #EQ destruct(EQ)
-      #HH1 #EQ destruct(EQ) #EQget_el >EQcode11 in ⊢ (% → ?); 
-      inversion(code … s1')
-      [
-      | #x 
-      | #seq #lbl #i #_ 
-      | #cond #ltrue #i1 #lfalse #i2 #i3 #_ #_ #_
-      | #cond #ltrue #i1 #lfalse #i2 #_ #_
-      | #f #act_p #ret_post #i #_
-      | #l_in #io #l_out #i #_
-      ]
-      [|*: #_ whd in ⊢ (??%% → ?); 
-           [ #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-           | cases(call_post_clean ?????) normalize nodelta
-             [| * #z2 #z3 cases lbl normalize nodelta
-                [| #z4 cases(?==?) normalize nodelta] ]
-             whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-           | cases(call_post_clean ?????) normalize nodelta
-             [| * #z2 #z3 cases(call_post_clean ?????)
-               [| * #z4 #z5 >m_return_bind cases(call_post_clean ?????)
-                  [| * #z6 #z7 >m_return_bind cases(?∧?) normalize nodelta ]]]
-             whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-           |  cases(call_post_clean ?????) normalize nodelta
-             [| * #z2 #z3 cases(call_post_clean ?????)
-                [| * #z4 #z5 >m_return_bind cases(?∧?) normalize nodelta ]]
-             whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-           | cases(call_post_clean ?????) normalize nodelta
-             [| * #z1 #z2 cases ret_post normalize nodelta
-                [| #z3 cases(memb ???) normalize nodelta 
-                   [ cases (?==?) normalize nodelta]]]
-             whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-           | cases(call_post_clean ?????) normalize nodelta
-             [| * #z1 #z2 cases(?∧?) normalize nodelta ]
-             whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-           ] 
-      ]
-      #EQcodes1' whd in ⊢ (??%% → ?); #EQ destruct(EQ) #EQstore1 #EQio #EQ destruct(EQ)
-      cases(IH (mk_state ? new_code' new_cont' (store … s1') false) ll2 l3 …)
-      [2: whd whd in match check_continuations; normalize nodelta
-         change with (check_continuations ?????) in match (foldr2 ???????); 
-         >EQHl2 in ⊢ (match % with [ _⇒ ? | _ ⇒ ?]);
-         normalize nodelta % // % // % // % // @EQcode_c_st12 ]
-      #abs_top' * #st3' * #t' ***** #Hst3st3' #EQcost #EQlen #stack_safety
-      #pre_t' #Hsil
-      %{abs_top'} %{st3'}
-      %{(t_ind … (cost_act (Some ? lbl)) … t')}
-      [ @hide_prf whd @(empty ????? 〈(cost_act (Some ? lbl)),?〉)
-        [3: assumption |4: assumption |*:] /3 by nmk/ ]
-     cut(? : Prop)
-     [3: #Hpre' %
-      [ % 
-      [ % [% [2: whd in ⊢ (??%%); >EQlen % ] %{Hst3st3'}
-          >(map_labels_on_trace_append … [lbl]) (*CSC: funzionava prima*)
-          whd in match (map_labels_on_trace ? [lbl]); >append_nil >EQget_el
-          @is_permutation_cons @EQcost
-        | * [| #hd #tl] #i #EQcont_st3 >EQcont11 #EQ whd in EQ : (???%);
-          [ <EQ in EQcont_st3; whd in ⊢ (??%% → ?); #EQ1 destruct ]
-          destruct cases(stack_safety … EQcont_st3 … e0) #k1 *
-          #EQk1 #EQlength %{(〈cost_act (Some ? lbl),new_code'〉::k1)} 
-          % [ >EQk1 % | whd in ⊢ (??%%); @eq_f // ]
-        ]]
-      @Hpre' ]
-      #h inversion h in ⊢ ?; [ #H21 #H22 #H23 #H24 #H25 #H26 destruct] 
-      #H28 #H29 #H30 #H31 #H32 #H33 #H34 #H35 #H36 #H37 #H38 #H39 destruct
-      |skip |
-      %2 // [2: % //] normalize >EQcodes1' normalize nodelta <EQio
-      normalize in class_st11; >EQcode11 in class_st11; //
-    ]]
-  | #seq #i #mem * [|#lbl] #EQcode_st11 #EQeval_seq #EQ destruct(EQ) #EQcont
-    #EQ destruct(EQ) #EQio11 #EQio12 #EQ1 #EQ2 #EQ3 #EQ4 destruct #t #Hst11
-    #_ #Hpre_t #IH #s1' #abs_tail #abs_top whd in ⊢ (% → ?);
-    inversion(check_continuations ?????) normalize nodelta [1,3: #_ *]
-    ** #H1 #abs_top_cont #abs_tail_cont #EQcheck normalize nodelta ****
-    #HH1 [ >EQcode_st11 in ⊢ (% → ?); | >EQcode_st11 in ⊢ (% → ?); ]
-    inversion(code ??) 
-    [1,2,4,5,6,7,8,9,11,12,13,14:
-      [1,7: #_ whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ) 
-      |2,8: #r_t #_ whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-      |3,9: #cond #ltrue #i1 #lfalse #i2 #i3 #_ #_ #_ #_
-            whd in ⊢ (??%% → ?); cases(call_post_clean ?????)
-            [2,4: * #z1 #z2 normalize nodelta cases (call_post_clean ?????)
-                [2,4: * #z3 #z4 >m_return_bind cases(call_post_clean ?????)
-                     [2,4: * #z5 #z6 >m_return_bind cases(?∧?) normalize nodelta ]]] 
-            whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-      |4,10:  #cond #ltrue #i1 #lfalse #i2 #_ #_ #_
-            whd in ⊢ (??%% → ?); cases(call_post_clean ?????)
-            [2,4: * #z1 #z2 normalize nodelta cases (call_post_clean ?????)
-                [2,4: * #z3 #z4 >m_return_bind cases(?∧?) normalize nodelta ]] 
-            whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-      |5,11: #f #act_p #lbl #i #_ #_ whd in ⊢ (??%% → ?); cases(call_post_clean ?????)
-             normalize nodelta 
-             [2,4: * #z1 #z2 cases lbl normalize nodelta
-               [2,4: #l1 cases(memb ???) normalize nodelta
-                 [1,3: cases(?==?) normalize nodelta ]]]
-            whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-      |6,12: #lin #io #lout #i #_ #_ whd in ⊢ (??%% → ?); cases(call_post_clean ?????)
-             normalize nodelta
-             [2,4: * #z1 #z2 cases(?∧?) normalize nodelta]
-             whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-      ]
-    ]
-    #seq1 #opt_l #i' #_ #EQcode_s1'
-    change with (m_bind ?????) in ⊢ (??%? → ?);
-    inversion(call_post_clean ????) [1,3: #_ whd in ⊢ (??%% → ?); #EQ destruct]
-    * #gen_labs #i'' #EQclean >m_return_bind inversion(opt_l) normalize nodelta
-    [2,4: #lab1 ] #EQ destruct(EQ)
-    [1,2: inversion(?==?) normalize nodelta #EQget_el ]
-    whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-    #EQstore #EQinfo #EQ destruct(EQ)
-    cases(IH … (mk_state ? i' (cont … s1') (store … st12) (io_info … s1')) abs_tail_cont ?)
-    [3,6: whd 
-       [ <EQcont in ⊢ (match % with [_ ⇒ ? | _⇒ ?]); >EQcheck in ⊢ (match % with [_ ⇒ ? | _⇒ ?]); 
-       | <EQcont in ⊢ (match % with [_ ⇒ ? | _⇒ ?]); >EQcheck in ⊢ (match % with [_ ⇒ ? | _⇒ ?]);
-       ]
-       normalize nodelta % // % // % // % // assumption
-    |2,5:
-    ]
-    #abs_top1 * #s2' * #t' ***** #Hst3_s2' #EQcosts #EQlen #stack_safety 
-    #pre_t' #Hsil %{abs_top1} %{s2'} %{(t_ind … t')}
-    [1,4: @hide_prf @(seq_sil … EQcode_s1') //
-    |2,5:
-    ]
-    cut(? : Prop)
-    [3,6: #Hpre'
-       % 
-    
-    [1,3: % [1,3: % [1,3: % [2,4: whd in ⊢ (??%%); @eq_f @EQlen ] %{Hst3_s2'} [2: @EQcosts]
-        whd in ⊢ (??%%); whd in match (get_costlabels_of_trace ????);
-        whd in match (map_labels_on_trace ??); >(\P EQget_el) @is_permutation_cons
-        @EQcosts
-      |*: #k #i #EQcont_st3 >EQcont #EQ 
-          cases(stack_safety … EQcont_st3 … EQ) #k1 * #EQk1 #EQlength %{k1} % //
-      ]]
-      @Hpre'
-      |*: #h inversion h in ⊢ ?; 
-          [1,3: #H41 #H42 #H43 #H44 #H45 #H46 destruct
-          |*: #H55 #H56 #H57 #H58 #H59 #H60 #H61 #H62 #H63 #H64 #H65 #H66 destruct
-              %2 [ /2 by head_of_premeasurable_is_not_io/ ] @Hsil //
-          ]
-          ] |1,4:]
-    %2 // [2,4: % //] normalize >EQcode_s1' normalize nodelta % #EQ destruct
-  |
-   #cond #ltrue #i_true #lfalse #i_false #i #mem #EQcode_st11 #EQcond #EQcont_st12
-    #EQ1 #EQ2 destruct(EQ1 EQ2) #EQio_st11 #EQio_st12 #EQ1 #EQ2 #EQ3 #EQ4 destruct #t
-    #Hclass #_ #Hpre #IH #s1' #abs_tail #abs_top whd in ⊢ (% → ?); inversion(check_continuations ?????)
-    [ #_ *] ** #H1 #abs_top_cont #abs_tail_cont #EQcheck normalize nodelta **** #HH1
-    >EQcode_st11 in ⊢ (% → ?); inversion(code ??)
-    [1,2,3,5,6,7:
-     [ #_ whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ) 
-     | #r_t #_ whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-     | #seq #lbl #i #_ #_ whd in ⊢ (??%% → ?); cases(call_post_clean ?????)
-       normalize nodelta [2: * #z1 #z2 cases lbl normalize nodelta 
-       [2: #l1 cases(?==?) normalize nodelta]]
-       whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-     | #cond #ltrue #i1 #lfalse #i2 #_ #_ #_
-       whd in ⊢ (??%% → ?); cases(call_post_clean ?????)
-       [2,4: * #z1 #z2 normalize nodelta cases (call_post_clean ?????)
-       [2,4: * #z3 #z4 >m_return_bind cases(?∧?) normalize nodelta ]] 
-       whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-     | #f #act_p #lbl #i #_ #_ whd in ⊢ (??%% → ?); cases(call_post_clean ?????)
-             normalize nodelta 
-             [2,4: * #z1 #z2 cases lbl normalize nodelta
-               [2,4: #l1 cases(memb ???) normalize nodelta
-                 [1,3: cases(?==?) normalize nodelta ]]]
-            whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-     | #lin #io #lout #i #_ #_ whd in ⊢ (??%% → ?); cases(call_post_clean ?????)
-             normalize nodelta
-             [2,4: * #z1 #z2 cases(?∧?) normalize nodelta]
-             whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-      ]
-    ]
-    #cond1 #ltrue1 #i_true1 #lfalse1 #ifalse1 #i' #_ #_ #_
-    #EQcode_s1' whd in ⊢ (??%% → ?); inversion(call_post_clean ?????) normalize nodelta
-    [ #_ #EQ destruct ] * #gen_lab_i' #i'' #EQi'' inversion(call_post_clean ????)
-    [ #_ whd in ⊢ (??%% → ?); #EQ destruct] * #gen_lab_ifalse1 #i_false' #EQi_false'
-    >m_return_bind inversion(call_post_clean ????) [ #_ whd in ⊢ (??%% → ?); #EQ destruct]
-    * #gen_lab_i_true' #i_true' #EQi_true' >m_return_bind inversion(?==?) normalize nodelta
-    [2: #_ #EQ destruct] #EQget_ltrue1 inversion(?==?) normalize nodelta #EQget_lfalse1
-    whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ) #EQstore11 #EQio11
-    #EQ destruct(EQ) 
-    cases(IH … 
-     (mk_state ? i_true1 (〈cost_act (None ?),i'〉 :: cont … s1') (store … st12) (io_info … st12)) 
-     abs_tail_cont gen_lab_i_true')
-    [2: whd whd in match (check_continuations ?????); 
-        >EQcont_st12 in ⊢ (match % with [_ ⇒ ? | _ ⇒ ?]); whd in match (foldr2 ???????);
-        change with (check_continuations ?????) in match (foldr2 ???????); 
-        >EQcheck in ⊢ (match % with [_ ⇒ ? | _ ⇒ ?]); normalize nodelta
-        >EQi'' normalize nodelta % // % // % // % [2: assumption ] % // % // 
-    ] #abs_top1 * #s2' * #t' ***** #Hst3_s2' #EQcost #EQlen
-      #stack_safety #pre_t' #Hsil %{abs_top1}
-    %{s2'} %{(t_ind … t')}
-    [ @hide_prf @(cond_true … EQcode_s1') //
-    |
-    ] % [ 
-    % [ % 
-    [ % [2: whd in ⊢ (??%%); @eq_f // ] %{Hst3_s2'} 
-      whd in match (get_costlabels_of_trace ????); whd in match(map_labels_on_trace ??);
-      >(\P EQget_ltrue1) whd in match (get_costlabels_of_trace ????) in ⊢ (???%); @is_permutation_cons
-      assumption
-    |  #k #i1 #EQcont_st3 #EQcont_st11
-       cases(stack_safety … (〈cost_act (None NonFunctionalLabel),i〉::k) … EQcont_st3 …)
-       [2: >EQcont_st12 >EQcont_st11 % ] 
-       * [|#hd1 #tl1] * #EQk1 whd in ⊢ (??%% → ?); #EQlength destruct 
-       %{tl1} % // whd in EQk1 : (??%%); destruct //
-    ]]
-    %2 // [2: % //] normalize >EQcode_s1' normalize nodelta % #EQ destruct
-    ]
-    #h inversion h in ⊢ ?; 
-    [#H1 #H2 #H3 #H4 #H5 #H6 destruct 
-    | #H8 #H9 #H10 #H11 #H12 #H13 #H14 #H15 #H16 #H17 #H18 #H19 destruct
-    ]
-  | #cond #ltrue #i_true #lfalse #i_false #i #mem #EQcode_st11 #EQcond #EQcont_st12
-    #EQ1 #EQ2 destruct(EQ1 EQ2) #EQio_st11 #EQio_st12 #EQ1 #EQ2 #EQ3 #EQ4 destruct #t
-    #Hclass #_ #Hpre #IH #s1' #abs_tail #abs_top whd in ⊢ (% → ?); inversion(check_continuations ?????)
-    [ #_ *] ** #H1 #abs_top_cont #abs_tail_cont #EQcheck normalize nodelta **** #HH1
-    >EQcode_st11 in ⊢ (% → ?); inversion(code ??)
-    [1,2,3,5,6,7: 
-     [ #_ whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ) 
-     | #r_t #_ whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-     | #seq #lbl #i #_ #_ whd in ⊢ (??%% → ?); cases(call_post_clean ?????)
-       normalize nodelta [2: * #z1 #z2 cases lbl normalize nodelta 
-       [2: #l1 cases(?==?) normalize nodelta]]
-       whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-     | #cond #ltrue #i1 #lfalse #i2 #_ #_ #_
-       whd in ⊢ (??%% → ?); cases(call_post_clean ?????)
-       [2,4: * #z1 #z2 normalize nodelta cases (call_post_clean ?????)
-       [2,4: * #z3 #z4 >m_return_bind cases(?∧?) normalize nodelta ]] 
-       whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-     | #f #act_p #lbl #i #_ #_ whd in ⊢ (??%% → ?); cases(call_post_clean ?????)
-             normalize nodelta 
-             [2,4: * #z1 #z2 cases lbl normalize nodelta
-               [2,4: #l1 cases(memb ???) normalize nodelta
-                 [1,3: cases(?==?) normalize nodelta ]]]
-            whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-     | #lin #io #lout #i #_ #_ whd in ⊢ (??%% → ?); cases(call_post_clean ?????)
-             normalize nodelta
-             [2,4: * #z1 #z2 cases(?∧?) normalize nodelta]
-             whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-      ]
-    ] #cond1 #ltrue1 #i_true1 #lfalse1 #ifalse1 #i' #_ #_ #_
-    #EQcode_s1' whd in ⊢ (??%% → ?); inversion(call_post_clean ?????) normalize nodelta
-    [ #_ #EQ destruct ] * #gen_lab_i' #i'' #EQi'' inversion(call_post_clean ????)
-    [ #_ whd in ⊢ (??%% → ?); #EQ destruct] * #gen_lab_ifalse1 #i_false' #EQi_false'
-    >m_return_bind inversion(call_post_clean ????) [ #_ whd in ⊢ (??%% → ?); #EQ destruct]
-    * #gen_lab_i_true' #i_true' #EQi_true' >m_return_bind inversion(?==?) normalize nodelta
-    [2: #_ #EQ destruct] #EQget_ltrue1 inversion(?==?) normalize nodelta #EQget_lfalse1
-    whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ) #EQstore11 #EQio11
-    #EQ destruct(EQ) 
-    cases(IH … 
-     (mk_state ? ifalse1 (〈cost_act (None ?),i'〉 :: cont … s1') (store … st12) (io_info … st12)) 
-     abs_tail_cont gen_lab_ifalse1)
-    [2: whd whd in match (check_continuations ?????); 
-        >EQcont_st12 in ⊢ (match % with [_ ⇒ ? | _ ⇒ ?]); whd in match (foldr2 ???????);
-        change with (check_continuations ?????) in match (foldr2 ???????); 
-        >EQcheck in ⊢ (match % with [_ ⇒ ? | _ ⇒ ?]); normalize nodelta
-        >EQi'' normalize nodelta % // % // % // % [2: assumption ] % // % // 
-    ] #abs_top1 * #s2' * #t' ***** #Hst3_s2' #EQcost #EQlen #stack_safety
-    #pre_t' #Hsil
-    %{abs_top1} %{s2'} %{(t_ind … t')}
-    [ @hide_prf @(cond_false … EQcode_s1') //
-    |
-    ] % [
-    % [ % 
-    [ % [2: whd in ⊢ (??%%); @eq_f // ] %{Hst3_s2'} 
-      whd in match (get_costlabels_of_trace ????); whd in match(map_labels_on_trace ??);
-      >(\P EQget_lfalse1) whd in match (get_costlabels_of_trace ????) in ⊢ (???%); @is_permutation_cons
-      assumption
-    | #k #i1 #EQcont_st3 #EQcont_st11 
-      cases(stack_safety … (〈cost_act (None NonFunctionalLabel),i〉::k) … EQcont_st3 …)
-      [2: >EQcont_st12 >EQcont_st11 % ] 
-      * [|#hd1 #tl1] * #EQk1 whd in ⊢ (??%% → ?); #EQlength destruct 
-      %{tl1} % // whd in EQk1 : (??%%); destruct //
-    ] ]
-    %2 // [2,4: % //] normalize >EQcode_s1' normalize nodelta % #EQ destruct ]
-    #h inversion h in ⊢ ?;
-    [ #H21 #H22 #H23 #H24 #H25 #H26 destruct
-    | #H28 #H29 #H30 #H31 #H32 #H33 #H34 #H35 #H36 #H37 #H38 #H39 destruct
-    ]
- | #cond #ltrue #i_true #lfalse #i_false #store #EQcode_st11 #EQev_loop #EQcont_st12 #EQ1 #EQ2 destruct
-   #EQio_11 #EQio_12 #EQ1 #EQ2 #EQ3 #EQ4 destruct #t #Hclass11 #_ #Hpre #IH #s1' #abs_top #abs_tail
-   whd in ⊢ (% → ?); inversion(check_continuations ?????) [ #_ * ] ** #H1 #abs_top_cont #abs_tail_cont
-   #EQcheck normalize nodelta **** #HH1 >EQcode_st11 in ⊢ (% → ?); inversion(code ??)
-   [1,2,3,4,6,7:
-     [ #_ whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ) 
-     | #r_t #_ whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-     | #seq #lbl #i #_ #_ whd in ⊢ (??%% → ?); cases(call_post_clean ?????)
-       normalize nodelta [2: * #z1 #z2 cases lbl normalize nodelta 
-       [2: #l1 cases(?==?) normalize nodelta]]
-       whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-     | #cond #ltrue #i1 #lfalse #i2 #i3 #_ #_ #_ #_
-            whd in ⊢ (??%% → ?); cases(call_post_clean ?????)
-            [2,4: * #z1 #z2 normalize nodelta cases (call_post_clean ?????)
-                [2,4: * #z3 #z4 >m_return_bind cases(call_post_clean ?????)
-                     [2,4: * #z5 #z6 >m_return_bind cases(?∧?) normalize nodelta ]]] 
-            whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-     | #f #act_p #lbl #i #_ #_ whd in ⊢ (??%% → ?); cases(call_post_clean ?????)
-             normalize nodelta 
-             [2,4: * #z1 #z2 cases lbl normalize nodelta
-               [2,4: #l1 cases(memb ???) normalize nodelta
-                 [1,3: cases(?==?) normalize nodelta ]]]
-            whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-     | #lin #io #lout #i #_ #_ whd in ⊢ (??%% → ?); cases(call_post_clean ?????)
-             normalize nodelta
-             [2,4: * #z1 #z2 cases(?∧?) normalize nodelta]
-             whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-      ]
-   ] #cond1 #ltrue1 #i_true1 #lfalse1 #i_false1 #_ #_
-   #EQcode_s1' whd in ⊢ (??%% → ?); inversion(call_post_clean ?????) normalize nodelta
-   [ #_ #EQ destruct] * #gen_ifalse1 #i_false2 #EQi_false2 inversion(call_post_clean ?????)
-   [ #_ whd in ⊢ (??%% → ?); #EQ destruct ] * #gen_itrue1 #i_true2 #EQi_true2 >m_return_bind
-   inversion (?==?) normalize nodelta [2: #_ #EQ destruct] #EQget_ltrue1
-   inversion(?==?) #EQget_lfalse1 whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) 
-   -EQ #EQ destruct(EQ) #EQstore_11 #EQ_info11 #EQ destruct
-   cases(IH … 
-    (mk_state ? i_true1 
-     (〈cost_act (None ?),LOOP … cond ltrue i_true1 lfalse i_false1〉 ::
-        cont … s1') (store … st12) (io_info … st12)) abs_tail_cont gen_itrue1)
-   [2: whd >EQcont_st12 whd in match (check_continuations ?????);
-       whd in match (foldr2 ???????);
-       change with (check_continuations ?????) in match (foldr2 ???????);
-       >EQcheck normalize nodelta whd in match (call_post_clean ?????);
-       >EQi_false2 normalize nodelta >EQi_true2 >m_return_bind >EQget_ltrue1
-       >EQget_lfalse1 normalize nodelta % // % // % // % [2: assumption] % //
-       % //
-   ]
-   #abs_cont1 * #s2' * #t' ***** #Hst3_s2' #EQcosts #EQlen #stack_safety
-   #pre_t' #Hsil %{abs_cont1} %{s2'} %{(t_ind … t')}
-   [ @hide_prf @(loop_true … EQcode_s1') // |] % [
-   % [ %
-   [ % [2: whd in ⊢ (??%%); @eq_f //] %{Hst3_s2'}
-     whd in match (get_costlabels_of_trace ????); whd in match(map_labels_on_trace ??);
-      >(\P EQget_ltrue1) whd in match (get_costlabels_of_trace ????) in ⊢ (???%); 
-     @is_permutation_cons assumption
-   | #k #i1 #EQcont_st3 #EQcont_st11
-      cases(stack_safety … (〈cost_act (None NonFunctionalLabel), LOOP p cond ltrue (code p st12) lfalse i_false〉::k) … EQcont_st3 …)
-      [2: >EQcont_st12 >EQcont_st11 % ] 
-      * [|#hd1 #tl1] * #EQk1 whd in ⊢ (??%% → ?); #EQlength destruct 
-      %{tl1} % // whd in EQk1 : (??%%); destruct //
-   ] ]
-   %2 // [2,4: % //] normalize >EQcode_s1' normalize nodelta % #EQ destruct ]
-   #h inversion h in ⊢ ?;
-   [ #H41 #H42 #H43 #H44 #H45 #H46 destruct
-   | #H48 #H49 #H50 #H51 #H52 #H53 #H54 #H55 #H56 #H57 #H58 #H59 destruct
-   ]
- | #cond #ltrue #i_true #lfalse #i_false #mem #EQcode_st11 #EQev_loop #EQcont_st12 #EQ1 #EQstore11 destruct
-   #EQio_11 #EQio_12 #EQ1 #EQ2 #EQ3 #EQ4 destruct #t #Hclass11 #_ #Hpre #IH #s1' #abs_top #abs_tail
-   whd in ⊢ (% → ?); inversion(check_continuations ?????) [ #_ * ] ** #H1 #abs_top_cont #abs_tail_cont
-   #EQcheck normalize nodelta **** #HH1 >EQcode_st11 in ⊢ (% → ?); inversion(code ??)
-   [1,2,3,4,6,7:
-     [ #_ whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ) 
-     | #r_t #_ whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-     | #seq #lbl #i #_ #_ whd in ⊢ (??%% → ?); cases(call_post_clean ?????)
-       normalize nodelta [2: * #z1 #z2 cases lbl normalize nodelta 
-       [2: #l1 cases(?==?) normalize nodelta]]
-       whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-     | #cond #ltrue #i1 #lfalse #i2 #i3 #_ #_ #_ #_
-            whd in ⊢ (??%% → ?); cases(call_post_clean ?????)
-            [2,4: * #z1 #z2 normalize nodelta cases (call_post_clean ?????)
-                [2,4: * #z3 #z4 >m_return_bind cases(call_post_clean ?????)
-                     [2,4: * #z5 #z6 >m_return_bind cases(?∧?) normalize nodelta ]]] 
-            whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-     | #f #act_p #lbl #i #_ #_ whd in ⊢ (??%% → ?); cases(call_post_clean ?????)
-             normalize nodelta 
-             [2,4: * #z1 #z2 cases lbl normalize nodelta
-               [2,4: #l1 cases(memb ???) normalize nodelta
-                 [1,3: cases(?==?) normalize nodelta ]]]
-            whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-     | #lin #io #lout #i #_ #_ whd in ⊢ (??%% → ?); cases(call_post_clean ?????)
-             normalize nodelta
-             [2,4: * #z1 #z2 cases(?∧?) normalize nodelta]
-             whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-      ]
-   ] #cond1 #ltrue1 #i_true1 #lfalse1 #i_false1 #_ #_
-   #EQcode_s1' whd in ⊢ (??%% → ?); inversion(call_post_clean ?????) normalize nodelta
-   [ #_ #EQ destruct] * #gen_ifalse1 #i_false2 #EQi_false2 inversion(call_post_clean ?????)
-   [ #_ whd in ⊢ (??%% → ?); #EQ destruct ] * #gen_itrue1 #i_true2 #EQi_true2 >m_return_bind
-   inversion (?==?) normalize nodelta [2: #_ #EQ destruct] #EQget_ltrue1
-   inversion(?==?) #EQget_lfalse1 whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) 
-   -EQ #EQ destruct(EQ) #EQstore_11 #EQ_info11 #EQ destruct
-   cases(IH … 
-    (mk_state ? i_false1 
-     (cont … s1') (store … st12) (io_info … st12)) abs_tail_cont gen_ifalse1)
-   [2: whd >EQcont_st12 whd in match (check_continuations ?????);
-       whd in match (foldr2 ???????);
-       change with (check_continuations ?????) in match (foldr2 ???????);
-       >EQcheck normalize nodelta whd in match (call_post_clean ?????);
-       >EQi_false2 normalize nodelta >EQi_true2 
-        % // % // % // % [2: %] //
-   ]
-   #abs_cont1 * #s2' * #t' ***** #Hst3_s2' #EQcosts #EQlen #stack_safety 
-   #pre_t' #Hsil %{abs_cont1} %{s2'} %{(t_ind … t')}
-   [ @hide_prf @(loop_false … EQcode_s1') // |] % [
-   % [ %
-   [ % [2: whd in ⊢ (??%%); @eq_f //] %{Hst3_s2'}
-     whd in match (get_costlabels_of_trace ????); whd in match(map_labels_on_trace ??);
-     >(\P EQget_lfalse1) whd in match (get_costlabels_of_trace ????) in ⊢ (???%); 
-     @is_permutation_cons assumption
-   | #k #i #EQcont_st3 <EQcont_st12 #EQ 
-     cases(stack_safety … EQcont_st3 … EQ) #k1 * #EQk1 #EQlength %{k1} % //
-   ]]
-   %2 // [2,4: % //] normalize >EQcode_s1' normalize nodelta % #EQ destruct]
-   #h inversion h in ⊢ ?;
-   [ #H61 #H62 #H63 #H64 #H65 #H66 destruct
-   | #H68 #H69 #H70 #H71 #H72 #H73 #H74 #H75 #H76 #H77 #H78 #H79 destruct
-   ]
- | #lin #io #lout #i #mem #EQcode_st11 #EQev_io #EQcost_st12 #EQcont_st12
-   #EQ destruct #EQio_12 #EQ1 #EQ2 #EQ3 #EQ4 destruct #t #Hclass_11 #_ #Hpre
-   #IH #s1' #abs_top #abs_tail whd in ⊢ (% → ?); inversion(check_continuations ?????)
-   [#_ *] ** #H1 #abs_top_cont #abs_tail_cont #EQcheck normalize nodelta ****
-   #HH1 >EQcode_st11 in ⊢ (% → ?); inversion(code ??)
-   [1,2,3,4,5,6:
-     [ #_ whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ) 
-     | #r_t #_ whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-     | #seq #lbl #i #_ #_ whd in ⊢ (??%% → ?); cases(call_post_clean ?????)
-       normalize nodelta [2: * #z1 #z2 cases lbl normalize nodelta 
-       [2: #l1 cases(?==?) normalize nodelta]]
-       whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-     | #cond #ltrue #i1 #lfalse #i2 #i3 #_ #_ #_ #_
-            whd in ⊢ (??%% → ?); cases(call_post_clean ?????)
-            [2,4: * #z1 #z2 normalize nodelta cases (call_post_clean ?????)
-                [2,4: * #z3 #z4 >m_return_bind cases(call_post_clean ?????)
-                     [2,4: * #z5 #z6 >m_return_bind cases(?∧?) normalize nodelta ]]] 
-            whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-     | #cond #ltrue #i1 #lfalse #i2 #_ #_ #_
-       whd in ⊢ (??%% → ?); cases(call_post_clean ?????)
-       [2,4: * #z1 #z2 normalize nodelta cases (call_post_clean ?????)
-       [2,4: * #z3 #z4 >m_return_bind cases(?∧?) normalize nodelta ]] 
-       whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-     | #f #act_p #lbl #i #_ #_ whd in ⊢ (??%% → ?); cases(call_post_clean ?????)
-             normalize nodelta 
-             [2,4: * #z1 #z2 cases lbl normalize nodelta
-               [2,4: #l1 cases(memb ???) normalize nodelta
-                 [1,3: cases(?==?) normalize nodelta ]]]
-            whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-      ]
-   ] #lin1 #io1 #lout1 #i1 #_ #EQcode_s1'
-   whd in ⊢ (??%% → ?); inversion(call_post_clean ?????) normalize nodelta
-   [ #_ #EQ destruct] * #gen_lab #i2 #EQ_i2 inversion(?==?) normalize nodelta
-   [2: #_ #EQ destruct] #EQget_lout1 inversion(?==?) #EQget_lin1 normalize nodelta
-   whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ) 
-   #EQstore11 #EQinfo11 #EQ destruct
-   cases(IH …
-    (mk_state ? (EMPTY p) (〈cost_act (Some ? lout),i1〉::cont … s1') (store … st12) true)
-    abs_tail_cont [ ])
-   [2: whd >EQcont_st12 whd in match (check_continuations ?????);
-       whd in match (foldr2 ???????);
-       change with (check_continuations ?????) in match (foldr2 ???????);
-       >EQcheck normalize nodelta >EQ_i2 normalize nodelta % // % // % // % 
-       [2: >EQcost_st12 % ] % [ % // % //] >(\P EQget_lout1) %
-   ]
-   #abs_cont1 * #s2' * #t' ***** #Hst3_s2' #EQcosts #EQlen #stack_safety 
-   #pre_t' #Hsil %{abs_cont1} %{s2'} %{(t_ind … t')}
-   [ @hide_prf @(io_in … EQcode_s1') // |] % [
-   % [ % 
-   [ % [2: whd in ⊢ (??%%); @eq_f //] %{Hst3_s2'}
-     whd in match (get_costlabels_of_trace ????); whd in match(map_labels_on_trace ??);
-     >(\P EQget_lin1) whd in match (get_costlabels_of_trace ????) in ⊢ (???%); 
-     @is_permutation_cons assumption
-   | #k #i1 #EQcont_st3 #EQcont_st11 
-      cases(stack_safety … (〈cost_act (Some ? lout),i〉::k) … EQcont_st3 …)
-      [2: >EQcont_st12 >EQcont_st11 %] 
-      * [|#hd1 #tl1] * #EQk1 whd in ⊢ (??%% → ?); #EQlength destruct 
-      %{tl1} % // whd in EQk1 : (??%%); destruct //
-   ]]
-   %2 // [2,4: % //] normalize >EQcode_s1' normalize nodelta % #EQ destruct ]
-   #h inversion h in ⊢ ?;
-   [ #H81 #H82 #H83 #H84 #H85 #H86 destruct
-   | #H88 #H89 #H90 #H91 #H92 #H93 #H94 #H95 #H96 #H97 #H98 #H99 destruct
-   ]
-  | #f #act_p #r_lb #cd #mem #env_it #EQ1 #EQ2 #EQ3 #EQ4 #EQ5 #EQ6 #EQ7 #EQ8 #EQ9 #EQ10
-    #EQ11 #EQ12 destruct #tl #_ * #x #EQ destruct(EQ)
-  | #r_t #mem #con #rb #i #EQ1 #EQ2 #EQ3 #EQ4 #EQ5 #EQ6 #EQ7 #EQ8 #EQ9 #EQ10 #EQ11 #EQ12
-    destruct #t #_ * #nf #EQ destruct
-  ]
-| #st1 #st2 #st3 #lab #st1_noio #H inversion H in ⊢ ?; 
-  [1,2,3,4,5,6,7,8: 
-    [ #x1 #x2 #x3 #x4 #x5 #x6 #x7 #x8 #x9 #x10 #x11 #x12 #x13 #x14 #x15 #x16
-    | #x1 #x2 #x3 #x4 #x5 #x6 #x7 #x8 #x9 #x10 #x11 #x12 #x13 #x14 #x15 #x16 #x17
-    | #x1 #x2 #x3 #x4 #x5 #x6 #x7 #x8 #x9 #x10 #x11 #x12 #x13 #x14 #x15 #x16 #x17 #x18 #x19 #x20
-    | #x1 #x2 #x3 #x4 #x5 #x6 #x7 #x8 #x9 #x10 #x11 #x12 #x13 #x14 #x15 #x16 #x17 #x18 #x19 #x20   
-    | #x1 #x2 #x3 #x4 #x5 #x6 #x7 #x8 #x9 #x10 #x11 #x12 #x13 #x14 #x15 #x16 #x17 #x18 #x19
-    | #x1 #x2 #x3 #x4 #x5 #x6 #x7 #x8 #x9 #x10 #x11 #x12 #x13 #x14 #x15 #x16 #x17 #x18 #x19
-    | #x1 #x2 #x3 #x4 #x5 #x6 #x7 #x8 #x9 #x10 #x11 #x12 #x13 #x14 #x15 #x16 #x18
-    | #x1 #x2 #x3 #x4 #x5 #x6 #x7 #x8 #x9 #x10 #x11 #x12 #x13 #x14 #x15 #x16 #x18 #x19 #x20 #x21
-    ]
-    destruct #tl * #y #EQ destruct(EQ) @⊥ >EQ in x12; * #ABS @ABS %
-  ]
-  #st11 #st12 #r_t #mem #cont * [|#x] #i #EQcode_st11 #EQcont_st11 #EQ destruct(EQ) 
-  #EQio_11 #EQio_12 #EQev_ret #EQ1 #EQ2 #EQ3 #EQ4 #EQ5 #EQ6 destruct(EQ1 EQ2 EQ3 EQ4 EQ5 EQ6)
-  #t * #lbl #EQ destruct(EQ) #pre_t #IH #s1' #abs_tail #abs_top whd in ⊢ (% → ?);
-  inversion(check_continuations …) [#_ *] ** #H1 #abs_top_cont #abs_tail_cont 
-  >EQcont_st11 in ⊢ (% → ?); inversion(cont … s1') [ #_ whd in ⊢ (??%% → ?); #EQ destruct(EQ)]
-  * #act_lab #i #cont_s1'' #_ #EQcont_s1' whd in ⊢ (??%% → ?); 
-  change with (check_continuations ?????) in match (foldr2 ???????);
-  inversion(check_continuations ?????) normalize nodelta [ #_ whd in ⊢ (??%% → ?); #EQ destruct]
-  ** #H2 #abs_top_cont' #abs_tail_cont' #EQcheck normalize nodelta
-  inversion(call_post_clean ?????) normalize nodelta [ #_ whd in ⊢ (??%% → ?); #EQ destruct *****]
-  * #gen_labs #i' #EQi' inversion act_lab normalize nodelta
-  [ #f #lab | * [| #lbl1 ]| * [| #nf_l]] #EQ destruct(EQ) 
-  [1,6: whd in ⊢ (??%% → ?); #EQ destruct ***** 
-  |4,5: normalize nodelta whd in ⊢ (??%% → ?); #EQ destruct(EQ) ****** [2: *] #EQ destruct
-  ] 
-  whd in match ret_costed_abs; normalize nodelta 
-  [ whd in ⊢ (??%% → ?); #EQ destruct(EQ) ****** #EQ destruct(EQ) ]
-  inversion (memb ???) normalize nodelta #Hlbl1 whd in ⊢ (??%% → ?); #EQ destruct(EQ)
-  ****** [ * ] #EQ destruct(EQ) #HH2 #EQ destruct #EQget_el >EQcode_st11 in ⊢ (% → ?);
-  inversion(code … s1') 
-  [1,3,4,5,6,7: 
-     [ #_ whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ) 
-     | #seq #lbl #i #_ #_ whd in ⊢ (??%% → ?); cases(call_post_clean ?????)
-       normalize nodelta [2: * #z1 #z2 cases lbl normalize nodelta 
-       [2: #l1 cases(?==?) normalize nodelta]]
-       whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-     | #cond #ltrue #i1 #lfalse #i2 #i3 #_ #_ #_ #_
-            whd in ⊢ (??%% → ?); cases(call_post_clean ?????)
-            [2,4: * #z1 #z2 normalize nodelta cases (call_post_clean ?????)
-                [2,4: * #z3 #z4 >m_return_bind cases(call_post_clean ?????)
-                     [2,4: * #z5 #z6 >m_return_bind cases(?∧?) normalize nodelta ]]] 
-            whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-     | #cond #ltrue #i1 #lfalse #i2 #_ #_ #_
-       whd in ⊢ (??%% → ?); cases(call_post_clean ?????)
-       [2,4: * #z1 #z2 normalize nodelta cases (call_post_clean ?????)
-       [2,4: * #z3 #z4 >m_return_bind cases(?∧?) normalize nodelta ]] 
-       whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-     | #f #act_p #lbl #i #_ #_ whd in ⊢ (??%% → ?); cases(call_post_clean ?????)
-             normalize nodelta 
-             [2,4: * #z1 #z2 cases lbl normalize nodelta
-               [2,4: #l1 cases(memb ???) normalize nodelta
-                 [1,3: cases(?==?) normalize nodelta ]]]
-            whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-     | #lin #io #lout #i #_ #_ whd in ⊢ (??%% → ?); cases(call_post_clean ?????)
-             normalize nodelta
-             [2,4: * #z1 #z2 cases(?∧?) normalize nodelta]
-             whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-      ]
-  ]
-   #r_t' #EQcode_s1' 
-  whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ) 
-  #EQstore11 #EQio_111 #EQ destruct
-  cases(IH … (mk_state ? i cont_s1'' (store … st12) (io_info … st12)) abs_tail_cont gen_labs) 
-  [2: whd >EQcheck normalize nodelta % // % // % // % // @EQi' ] 
-  #abs_top1 * #s2' * #t' ***** #Hst3_s2' #EQcosts #EQlen #stack_safety
-  #pre_t' #Hsil %{abs_top1} %{s2'} %{(t_ind … t')}
-  [ @hide_prf @(ret_instr … EQcode_s1' … EQcont_s1') //
-  | ] % [
-  % [ %
-  [ % [2: whd in ⊢ (??%%); @eq_f // ] %{Hst3_s2'} 
-    whd in match (get_costlabels_of_trace ????); 
-    whd in match (get_costlabels_of_trace ????) in ⊢ (???%);
-    whd in match (map_labels_on_trace ??); >EQget_el @is_permutation_cons
-    assumption 
-  | * [| #hd #tl] #i1 #EQcont_st3 >EQcont_st11 #EQ whd in EQ : (???%);
-    [ <EQ in EQcont_st3; whd in ⊢ (??%% → ?); #EQ1 destruct ]
-    destruct cases(stack_safety … EQcont_st3 … e0) #k1 *
-    #EQk1 #EQlength %{(〈ret_act (Some ? lbl1),i〉::k1)} 
-    % [ >EQk1 % | whd in ⊢ (??%%); @eq_f // ]
-  ]]
-  %3 // [2,4: % //] normalize >EQcode_s1' normalize nodelta % #EQ destruct ]
-  #h inversion h in ⊢ ?; 
-  [ #H101 #H102 #H103 #H104 #H105 #H106 destruct
-  | #H108 #H109 #H110 #H111 #H112 #H113 #H114 #H115 #H116 #H117 #H118 #H119 destruct
-  ]
-| #st1 #st2 #st3 #lab #H inversion H in ⊢ ?; #st11 #st12
-  [1,2,3,4,5,6,7,9:
-    [ #x1 #x2 #x3 #x4 #x5 #x6 #x7 #x8 #x9 #x10 #x11 #x12 #x13 #x14 #x15 #x16
-    | #x1 #x2 #x3 #x4 #x5 #x6 #x7 #x8 #x9 #x10 #x11 #x12 #x13 #x14 #x15 #x16 #x17
-    | #x1 #x2 #x3 #x4 #x5 #x6 #x7 #x8 #x9 #x10 #x11 #x12 #x13 #x14 #x15 #x16 #x17 #x18 #x19 #x20
-    | #x1 #x2 #x3 #x4 #x5 #x6 #x7 #x8 #x9 #x10 #x11 #x12 #x13 #x14 #x15 #x16 #x17 #x18 #x19 #x20   
-    | #x1 #x2 #x3 #x4 #x5 #x6 #x7 #x8 #x9 #x10 #x11 #x12 #x13 #x14 #x15 #x16 #x17 #x18 #x19
-    | #x1 #x2 #x3 #x4 #x5 #x6 #x7 #x8 #x9 #x10 #x11 #x12 #x13 #x14 #x15 #x16 #x17 #x18 #x19
-    | #x1 #x2 #x3 #x4 #x5 #x6 #x7 #x8 #x9 #x10 #x11 #x12 #x13 #x14 #x15 #x16 #x18
-    | #x1 #x2 #x3 #x4 #x5 #x6 #x7 #x8 #x9 #x10 #x11 #x12 #x13 #x14 #x15 #x16 #x18 #x19 #x20
-    ]
-    destruct * #z1 * #z2 #EQ destruct(EQ) whd in ⊢ (?% → ?); >x3 in ⊢ (% → ?); *
-  | #f #act_p #opt_l #i #mem #env_it #EQcode11 #EQenv_it #EQmem
-    #EQ destruct(EQ) #EQcode12 #EQcont12 #EQio11 #EQio12 #EQ1 #EQ2 #EQ3 
-    destruct(EQ1 EQ2 EQ3) #EQ destruct(EQ) #tl #_ #_ whd in ⊢ (?% → ?); >EQcode11 in ⊢ (% → ?);
-    normalize nodelta cases opt_l in EQcode11 EQcont12; normalize nodelta [ #x #y *]
-    #lbl #EQcode11 #EQcont12 * #pre_tl #IH #st1' #abs_top #abs_tail
-    whd in ⊢ (% → ?); inversion(check_continuations ????) [ #_ *] ** #H1 
-    #abs_top_cont #abs_tail_cont #EQcheck
-    normalize nodelta **** #HH1 >EQcode11 in ⊢ (% → ?); inversion(code … st1')
-    [1,2,3,4,5,7: 
-     [ #_ whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-     | #r_t #_ whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ) 
-     | #seq #lbl #i #_ #_ whd in ⊢ (??%% → ?); cases(call_post_clean ?????)
-       normalize nodelta [2: * #z1 #z2 cases lbl normalize nodelta 
-       [2: #l1 cases(?==?) normalize nodelta]]
-       whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-     | #cond #ltrue #i1 #lfalse #i2 #i3 #_ #_ #_ #_
-            whd in ⊢ (??%% → ?); cases(call_post_clean ?????)
-            [2,4: * #z1 #z2 normalize nodelta cases (call_post_clean ?????)
-                [2,4: * #z3 #z4 >m_return_bind cases(call_post_clean ?????)
-                     [2,4: * #z5 #z6 >m_return_bind cases(?∧?) normalize nodelta ]]] 
-            whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-     | #cond #ltrue #i1 #lfalse #i2 #_ #_ #_
-       whd in ⊢ (??%% → ?); cases(call_post_clean ?????)
-       [2,4: * #z1 #z2 normalize nodelta cases (call_post_clean ?????)
-       [2,4: * #z3 #z4 >m_return_bind cases(?∧?) normalize nodelta ]] 
-       whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-     | #lin #io #lout #i #_ #_ whd in ⊢ (??%% → ?); cases(call_post_clean ?????)
-             normalize nodelta
-             [2,4: * #z1 #z2 cases(?∧?) normalize nodelta]
-             whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-     ]
-    ] #f' #act_p' #opt_l' #i' #_
-    #EQcode_st1' #EQclean #EQstore #EQio #EQ destruct(EQ)
-    lapply(trans_env_ok … no_dup) >EQtrans normalize nodelta #H
-    cases(H … EQenv_it) -H #env_it' * #fresh' ** #is_fresh_fresh' 
-    #EQenv_it' ***** #EQtrans 
-    #EQgen_labels #EQsignature #EQlab_env_it #same_map #same_keep
-    change with (m_bind ?????) in EQclean : (??%?); inversion(call_post_clean ?????) in EQclean;
-    [ #_ whd in ⊢ (??%% → ?); #EQ destruct] * #abs_top'' #i'' #EQi' >m_return_bind
-    inversion opt_l' in EQcode_st1'; [| #lbl'] #EQopt_l' #EQcode_st1' normalize nodelta
-    [2: inversion(memb ???) normalize nodelta #Hlbl_keep
-        [  inversion (get_element ????) normalize nodelta [ #_ whd in ⊢ (??%% → ?); #EQ destruct]
-           #lbl'' #l3' #_ #EQget_el whd in match (eqb ???); inversion (eqb ???) normalize nodelta
-          [2: #_ whd in ⊢ (??%% → ?); #EQ destruct] #H cases(eqb_true ? lbl'' lbl') #H1 #_
-          lapply(H1 H) -H -H1 #EQ destruct(EQ) inversion(eqb_list ???) normalize nodelta
-          [2: #_ whd in ⊢ (??%% → ?); #EQ destruct] #H cases(eqb_true (DeqSet_List ?) l3' abs_top'')
-          #H1 #_ lapply(H1 H) -H -H1 #EQ destruct(EQ) whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ
-          #EQ destruct(EQ)
-          cases(IH (mk_state ? (f_body … env_it') (〈ret_act opt_l',i'〉 :: (cont … st1')) (store ? st12) false) (abs_tail_cont) (gen_labels … (call_post_trans … (f_body … env_it) fresh' (nil ?))))
-          [2: whd >EQcont12
-            change with (m_bind ??? (check_continuations ?????) ?) in match (check_continuations ?????);
-            >EQcheck >m_return_bind normalize nodelta >EQi' normalize nodelta >EQopt_l'
-            whd in match ret_costed_abs; normalize nodelta >Hlbl_keep normalize nodelta
-            % // % // % // % [/5 by conj/] >EQgen_labels >EQcode12 <EQtrans
-            @(inverse_call_post_trans … is_fresh_fresh') 
-            [2: % |*: [2,3: /2 by / ] 
-                cases(lookup_ok_append … EQenv_it) #env1 * #env2 * #EQ1 #EQ2
-                whd in no_dup; destruct >EQ1 in no_dup; >foldr_map_append >foldr_map_append
-                #no_dup lapply(no_duplicates_append_r … no_dup) #H1 
-                lapply(no_duplicates_append_l … H1) whd in match (foldr ?????); -H1
-                change with ([?]@?) in match (?::?); #H1 
-                lapply(no_duplicates_append_r … H1) >append_nil //
-            ]
-          ]
-          #abs_top''' * #st3' * #t' ***** #Hst3st3' #EQcosts #EQlen #stack_safety 
-          #pre_t' #Hsil %{abs_top'''}
-          %{st3'} %{(t_ind … (call_act f (f_lab … env_it')) …  t')}
-          [ @hide_prf @call /2 width=10 by jmeq_to_eq/ ] % [ 
-          % [ %
-          [ % [2: whd in ⊢ (??%%); >EQlen %]
-            %{Hst3st3'} >map_labels_on_trace_append whd in match (get_costlabels_of_trace ????) in ⊢ (???%);
-            >EQlab_env_it >associative_append whd in match (append ???); >associative_append
-            >associative_append in ⊢ (???%); >(associative_append … [?]) in ⊢ (???%);
-            whd in match (map_labels_on_trace ??); >EQgen_labels @is_permutation_cons
-            >append_nil whd in match (append ???) in ⊢ (???%); //
-          | #k #i1 #EQcont_st3 #EQcont_st11
-            cases(stack_safety … (〈ret_act (Some ? lbl),i〉::k) … EQcont_st3 …)
-            [2: >EQcont12 >EQcont_st11 % ] 
-            * [|#hd1 #tl1] * #EQk1 whd in ⊢ (??%% → ?); #EQlength destruct 
-            %{tl1} % // whd in EQk1 : (??%%); destruct //
-          ]]
-          %4 // [2,4: % [2: % // |]] normalize >EQcode_st1' normalize nodelta % #EQ destruct
-          ]
-          #h inversion h in ⊢ ?;
-          [ #H121 #H122 #H123 #H124 #H125 #H126 destruct 
-          | #H128 #H129 #H130 #H131 #H132 #H133 #H134 #H135 #H136 #H137 #H138 #H139 destruct
-          ]
-        | whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-        ]
-    | whd in ⊢ (??%% → ?); #EQ destruct(EQ)
-    ]
-  ]
-| #st1 #st2 #st3 #st4 #st5 #l1 #l2 #H inversion H in ⊢ ?;
-  [1,2,3,4,5,6,7,9: 
-    [ #x1 #x2 #x3 #x4 #x5 #x6 #x7 #x8 #x9 #x10 #x11 #x12 #x13 #x14 #x15 #x16
-    | #x1 #x2 #x3 #x4 #x5 #x6 #x7 #x8 #x9 #x10 #x11 #x12 #x13 #x14 #x15 #x16 #x17
-    | #x1 #x2 #x3 #x4 #x5 #x6 #x7 #x8 #x9 #x10 #x11 #x12 #x13 #x14 #x15 #x16 #x17 #x18 #x19 #x20
-    | #x1 #x2 #x3 #x4 #x5 #x6 #x7 #x8 #x9 #x10 #x11 #x12 #x13 #x14 #x15 #x16 #x17 #x18 #x19 #x20   
-    | #x1 #x2 #x3 #x4 #x5 #x6 #x7 #x8 #x9 #x10 #x11 #x12 #x13 #x14 #x15 #x16 #x17 #x18 #x19
-    | #x1 #x2 #x3 #x4 #x5 #x6 #x7 #x8 #x9 #x10 #x11 #x12 #x13 #x14 #x15 #x16 #x17 #x18 #x19
-    | #x1 #x2 #x3 #x4 #x5 #x6 #x7 #x8 #x9 #x10 #x11 #x12 #x13 #x14 #x15 #x16 #x18
-    | #x1 #x2 #x3 #x4 #x5 #x6 #x7 #x8 #x9 #x10 #x11 #x12 #x13 #x14 #x15 #x16 #x18 #x19 #x20
-    ]
-    destruct #t1 #t2 #prf #_ #_ * #y1 * #y2 #EQ destruct(EQ) @⊥ >EQ in x12; * #H @H %
-  ]
-  #st11 #st12 #f #act_p #opt_l #i #mem #env_it #EQcode11 #EQenv_it #EQmem
-  #EQ destruct(EQ) #EQcode12 #EQcont12 #EQio11 #EQio12 #EQ1 #EQ2 #EQ3 
-  destruct(EQ1 EQ2 EQ3) #EQ destruct(EQ) #t1 #t2 #H inversion H in ⊢ ?;
-  [1,2,3,4,5,6,7,8: 
-    [ #x1 #x2 #x3 #x4 #x5 #x6 #x7 #x8 #x9 #x10 #x11 #x12 #x13 #x14 #x15 #x16
-    | #x1 #x2 #x3 #x4 #x5 #x6 #x7 #x8 #x9 #x10 #x11 #x12 #x13 #x14 #x15 #x16 #x17
-    | #x1 #x2 #x3 #x4 #x5 #x6 #x7 #x8 #x9 #x10 #x11 #x12 #x13 #x14 #x15 #x16 #x17 #x18 #x19 #x20
-    | #x1 #x2 #x3 #x4 #x5 #x6 #x7 #x8 #x9 #x10 #x11 #x12 #x13 #x14 #x15 #x16 #x17 #x18 #x19 #x20   
-    | #x1 #x2 #x3 #x4 #x5 #x6 #x7 #x8 #x9 #x10 #x11 #x12 #x13 #x14 #x15 #x16 #x17 #x18 #x19
-    | #x1 #x2 #x3 #x4 #x5 #x6 #x7 #x8 #x9 #x10 #x11 #x12 #x13 #x14 #x15 #x16 #x17 #x18 #x19
-    | #x1 #x2 #x3 #x4 #x5 #x6 #x7 #x8 #x9 #x10 #x11 #x12 #x13 #x14 #x15 #x16 #x18
-    | #x1 #x2 #x3 #x4 #x5 #x6 #x7 #x8 #x9 #x10 #x11 #x12 #x13 #x14 #x15 #x16 #x18 #x19 #x20 #x21
-    ]
-    destruct #_ #_ #_ #_ #_ #_ #_ whd in ⊢ (% → ?); #EQ destruct(EQ)
-    @⊥ >EQ in x12; * #H @H %
-  ]
-   #st41 #st42 #r_t #mem1 #new_cont #opt_l1 #cd #EQcode41 #EQcont41 #EQ destruct(EQ)
-   #EQio41 #EQio42 #EQmem1 #EQ1 #EQ2 #EQ3 #EQ4 #EQ5 #EQ6 destruct #st11_noio 
-   #st41_noio #_ whd in ⊢ (?(?%) → ?); >EQcode11 in ⊢ (% → ?); normalize nodelta
-   inversion(opt_l) in ⊢(% → ?); normalize nodelta [2: #lbl #_ * ] #EQopt_l destruct(EQopt_l) 
-   #_ #Hpre_t1 #Hpre_t2 whd in ⊢ (% → ?); * #EQcont11_42 >EQcode11 in ⊢ (% → ?);
-   normalize nodelta #EQ destruct(EQ) whd in ⊢ (% → ?); 
-   #EQ destruct #IH1 #IH2 #st1' #abs_top #abs_tail
-    whd in ⊢ (% → ?); inversion(check_continuations ????) [ #_ *] ** #H1 
-    #abs_top_cont #abs_tail_cont #EQcheck
-    normalize nodelta **** #HH1 >EQcode11 in ⊢ (% → ?); inversion(code … st1')
-    [1,2,3,4,5,7:
-     [ #_ whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-     | #r_t #_ whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ) 
-     | #seq #lbl #i #_ #_ whd in ⊢ (??%% → ?); cases(call_post_clean ?????)
-       normalize nodelta [2: * #z1 #z2 cases lbl normalize nodelta 
-       [2: #l1 cases(?==?) normalize nodelta]]
-       whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-     | #cond #ltrue #i1 #lfalse #i2 #i3 #_ #_ #_ #_
-            whd in ⊢ (??%% → ?); cases(call_post_clean ?????)
-            [2,4: * #z1 #z2 normalize nodelta cases (call_post_clean ?????)
-                [2,4: * #z3 #z4 >m_return_bind cases(call_post_clean ?????)
-                     [2,4: * #z5 #z6 >m_return_bind cases(?∧?) normalize nodelta ]]] 
-            whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-     | #cond #ltrue #i1 #lfalse #i2 #_ #_ #_
-       whd in ⊢ (??%% → ?); cases(call_post_clean ?????)
-       [2,4: * #z1 #z2 normalize nodelta cases (call_post_clean ?????)
-       [2,4: * #z3 #z4 >m_return_bind cases(?∧?) normalize nodelta ]] 
-       whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-     | #lin #io #lout #i #_ #_ whd in ⊢ (??%% → ?); cases(call_post_clean ?????)
-             normalize nodelta
-             [2,4: * #z1 #z2 cases(?∧?) normalize nodelta]
-             whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-     ]
-    ] #f' #act_p' #opt_l' #i' #_
-    #EQcode_st1' #EQclean #EQstore #EQio #EQ destruct(EQ)
-    lapply(trans_env_ok … no_dup) >EQtrans normalize nodelta #H
-    cases(H … EQenv_it) -H #env_it' * #fresh' ** #is_fresh_fresh' #EQenv_it' ***** #EQtrans 
-    #EQgen_labels #EQsignature #EQlab_env_it #same_map #same_keep
-    change with (m_bind ?????) in EQclean : (??%?); inversion(call_post_clean ?????) in EQclean;
-    [ #_ whd in ⊢ (??%% → ?); #EQ destruct] * #abs_top'' #i'' #EQi' >m_return_bind
-    inversion opt_l' in EQcode_st1'; [| #lbl'] #EQopt_l' #EQcode_st1' normalize nodelta
-    [ whd in ⊢ (??%% → ?); #EQ destruct(EQ) ] destruct(EQopt_l') 
-    inversion(memb ???) normalize nodelta #Hlbl_keep'
-    [ cases(?==?) normalize nodelta ]
-     whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct
-     cases(IH1 
-            (mk_state ? 
-              (f_body … env_it') 
-              (〈ret_act (Some ? lbl'),i'〉 :: (cont … st1')) 
-              (store ? st12) false) 
-            (abs_top''@abs_tail_cont) 
-            (gen_labels … (call_post_trans … (f_body … env_it) fresh' (nil ?))))
-     [2: whd >EQcont12
-         change with (m_bind ??? (check_continuations ?????) ?) in match (check_continuations ?????);
-          >EQcheck >m_return_bind normalize nodelta >EQi' normalize nodelta
-          whd in match ret_costed_abs; normalize nodelta >Hlbl_keep' normalize nodelta
-          % // % // % // % [/5 by conj/] >EQcode12 <EQtrans
-          @(inverse_call_post_trans … fresh') 
-          [2: % |*: [2,3: /2 by / ] 
-              cases(lookup_ok_append … EQenv_it) #env1 * #env2 * #EQ1 #EQ2
-              whd in no_dup; destruct >EQ1 in no_dup; >foldr_map_append >foldr_map_append
-              #no_dup lapply(no_duplicates_append_r … no_dup) #H1 
-              lapply(no_duplicates_append_l … H1) whd in match (foldr ?????); -H1
-              change with ([?]@?) in match (?::?); #H1 
-              lapply(no_duplicates_append_r … H1) >append_nil //
-          ]
-     ]
-     #abs_top''' * #st41' * #t1' ***** #Hst41st41' #EQcosts #EQlen #stack_safety1
-     #pre_t1' #Hsil1
-     whd in Hst41st41'; inversion(check_continuations …) in Hst41st41'; [ #_ * ]
-     ** #H2 #abs_top_cont' #abs_tail_cont' >EQcont41 in ⊢ (% → ?); 
-     whd in ⊢ (??%? → ?); inversion(cont … st41') normalize nodelta 
-     [ #_ #EQ destruct(EQ) ] * #act_lbl #i'' #cont_st42' #_ #EQcont_st41'
-     change with (check_continuations ?????) in match (foldr2 ???????);
-     inversion(check_continuations ?????) [ #_ whd in ⊢ (??%% → ?); #EQ destruct]
-     ** #H3 #abs_top_cont'' #abs_tail_cont'' #EQ_contst42 >m_return_bind
-     normalize nodelta inversion(call_post_clean ?????) normalize nodelta
-     [ #_ whd in ⊢ (??%% → ?); #EQ destruct ***** ] * #abs_top'''' #i'''
-     #EQ_clean_i'' inversion(act_lbl) normalize nodelta 
-     [1,3,4:
-       [ #x1 #x2 #EQ whd in ⊢ (??%% → ?); #EQ1 destruct *****
-       | * [|#x1] #EQ destruct normalize nodelta whd in ⊢ (??%% → ?);
-         #EQ destruct ****** [2: *] #EQ destruct
-       ]
-     ]
-     cut(act_lbl = ret_act (Some ? lbl') ∧ cont_st42' = cont … st1' ∧ i'' = i') 
-     [ cases(stack_safety1 [ ] …)
-       [3: >EQcont41 in ⊢ (??%?); % |4: normalize // |5: % |2:] * [|#x #xs] *
-       whd in ⊢ (??%% → ??%% → ?); #EQ1 #EQ2 destruct > EQcont_st41' in EQ1; 
-       #EQ destruct(EQ) /3 by conj/
-     ]
-     ** #EQ1 #EQ2 #EQ3 destruct #x #EQ destruct whd in match ret_costed_abs; normalize nodelta
-     >Hlbl_keep' normalize nodelta
-     whd in ⊢ (??%% → ?); #EQ destruct ****** #_ #HH3 #EQ destruct(EQ)
-     >EQcode41 in ⊢ (% → ?); inversion(code … st41') 
-     [1,3,4,5,6,7:
-       [ #_ whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ) 
-       | #seq #lbl #i #_ #_ whd in ⊢ (??%% → ?); cases(call_post_clean ?????)
-         normalize nodelta [2: * #z1 #z2 cases lbl normalize nodelta 
-         [2: #l1 cases(?==?) normalize nodelta]]
-         whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-       | #cond #ltrue #i1 #lfalse #i2 #i3 #_ #_ #_ #_
-            whd in ⊢ (??%% → ?); cases(call_post_clean ?????)
-            [2,4: * #z1 #z2 normalize nodelta cases (call_post_clean ?????)
-                [2,4: * #z3 #z4 >m_return_bind cases(call_post_clean ?????)
-                     [2,4: * #z5 #z6 >m_return_bind cases(?∧?) normalize nodelta ]]] 
-            whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-       | #cond #ltrue #i1 #lfalse #i2 #_ #_ #_
-         whd in ⊢ (??%% → ?); cases(call_post_clean ?????)
-         [2,4: * #z1 #z2 normalize nodelta cases (call_post_clean ?????)
-         [2,4: * #z3 #z4 >m_return_bind cases(?∧?) normalize nodelta ]] 
-         whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-       | #f #act_p #lbl #i #_ #_ whd in ⊢ (??%% → ?); cases(call_post_clean ?????)
-             normalize nodelta 
-             [2,4: * #z1 #z2 cases lbl normalize nodelta
-               [2,4: #l1 cases(memb ???) normalize nodelta
-                 [1,3: cases(?==?) normalize nodelta ]]]
-            whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-       | #lin #io #lout #i #_ #_ whd in ⊢ (??%% → ?); cases(call_post_clean ?????)
-             normalize nodelta
-             [2,4: * #z1 #z2 cases(?∧?) normalize nodelta]
-             whd in ⊢ (??%% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ)
-       ]   
-     ] #r_t' #EQcode_st41' whd in ⊢ (??%% → ?);
-     #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct(EQ) #EQstore_st41' #EQinfo_st41'
-     #EQ1 >EQcont11_42 in EQcheck; >EQ_contst42 in ⊢ (% → ?);
-     #EQ destruct(EQ) >EQi' in EQ_clean_i''; #EQ destruct(EQ)
-     cases(IH2 
-             (mk_state ? i' (cont … st1') (store … st42) (io_info … st42))
-             abs_tail_cont abs_top'''')
-     [2: whd >EQ_contst42 normalize nodelta % // % // % // % // @EQi' ]
-     #abs_top_1 * #st5' * #t2' ***** #Hst5_st5' #EQcosts' 
-     #EQlen'  #stack_safety2 #pre_t2' #Hsil2 %{abs_top_1} %{st5'} %{(t_ind … (t1' @ (t_ind … t2')))}
-     [3: @hide_prf @(call …  EQcode_st1' …  EQenv_it') //
-     |1: @hide_prf @(ret_instr … EQcode_st41' … EQcont_st41') //
-     |2,4: skip
-     ] % [
-     % [ % 
-     [ % [2: whd in ⊢ (??%%); @eq_f >len_append >len_append @eq_f2 //
-           whd in ⊢ (??%%); @eq_f // ]
-       %{Hst5_st5'} whd in match (map_labels_on_trace ??);
-       change with (map_labels_on_trace ??) in match (foldr ?????);
-       >map_labels_on_trace_append >get_cost_label_append
-       whd in match (get_costlabels_of_trace ??? (t_ind …));
-       whd in match (get_costlabels_of_trace ??? (t_ind …));
-       >get_cost_label_append
-       whd in match (get_costlabels_of_trace ??? (t_ind …));
-       >map_labels_on_trace_append >EQlab_env_it >EQgen_labels
-       whd in match (map_labels_on_trace ? [ ]);
-       whd in match (append ? (nil ?) ?);
-       cut (∀A.∀l: list A. [ ] @ l = l) [//] #nil_append
-       >nil_append >nil_append >nil_append @(permute_ok … EQcosts EQcosts')
-     | #k #i #EQcont_st3 #EQ
-       cases(stack_safety2 … EQcont_st3 … EQ) #k1 * #EQk1 #EQlength %{k1} % //
-     ]]
-     %4
-     [ normalize >EQcode_st1' normalize nodelta % #EQ destruct
-     | %{f} % //
-     | whd in ⊢ (?%); >EQcode_st1' normalize nodelta @I
-     | @append_premeasurable // %3 // 
-       [ whd in match (as_classify ??); >EQcode_st41' normalize nodelta % #EQ destruct
-       | whd %{lbl'} %
-       ]
-     ]
-  ] #h inversion h in ⊢ ?;
-  [ #H141 #H142 #H143 #H144 #H145 #H146 destruct
-  |#H148 #H149 #H150 #H151 #H152 #H153 #H154 #H155 #H156 #H157 #H158 #H159 destruct
-  ]
-]  
-qed.
-
-
-lemma silent_in_silent : ∀p,p',prog.
-no_duplicates_labels … prog → 
-let 〈t_prog,m,keep〉 ≝ trans_prog … prog in
-∀s1,s2,s1' : state p.∀abs_top,abs_tail.
-∀t : raw_trace (operational_semantics … p' prog) s1 s2.
-silent_trace … t → 
-state_rel … m keep abs_top abs_tail s1 s1' → 
-∃abs_top'.∃s2'.∃t' : raw_trace (operational_semantics … p' t_prog) s1' s2'.
-state_rel  … m keep abs_top' abs_tail s2 s2' ∧
-silent_trace … t'.
-#p #p' #prog #no_dup @pair_elim * #t_prog #m #keep #EQt_prog normalize nodelta
-#s1 #s2 #s1' #abs_top #abs_tail #t *
-[2: cases t -s1 -s2 [2: #H81 #H82 #H83 #H84 #H85 #H86 #H87 #H88 cases H87 #H cases(H I)]
-#st #_ #H %{abs_top} %{s1'} %{(t_base …)} % // %2 % * ]
-#H #H1 lapply(correctness_lemma p p' prog no_dup) >EQt_prog normalize nodelta #H2
-cases(H2 … (pre_silent_is_premeasurable … H) … H1)  -H2 #abs_top' * #s2' * #t' ***** #REL'
-#_ #_ #_ #_ #H2 %{abs_top'} %{s2'} %{t'} %{REL'} % @H2 //
-qed.
+

LTS/Simulation.ma

@@ -4 +4 @@
 discriminator option.
 
-record relations (S1,S2 : abstract_status) : Type[0] ≝
+record relations (p : label_params) (S1,S2 : abstract_status p) : Type[0] ≝
  { Srel: S1 → S2 → Prop
  ; Crel: S1 → S2 → Prop
  }.
 
-definition Rrel ≝ λS1,S2 : abstract_status.λrel : relations S1 S2.λs,s'.
- ∀s1,s1'. as_syntactical_succ S1 s1 s → Crel … rel s1 s1' → as_syntactical_succ S2 s1' s'.
-
-record simulation_conditions (S1,S2 : abstract_status) (rel : relations S1 S2) : Prop ≝
+definition Rrel ≝ λp.λS1,S2 : abstract_status p.λrel : relations … S1 S2.λs,s'.
+ ∀s1,s1'. as_syntactical_succ … S1 s1 s → Crel … rel s1 s1' → as_syntactical_succ … S2 s1' s'.
+
+record simulation_conditions (p : label_params) (S1,S2 : abstract_status p) 
+(rel : relations …S1 S2) : Prop ≝
  { initial_is_initial :
    ∀s1,s2.Srel … rel s1 s2 → (bool_to_Prop (as_initial … s1) →  bool_to_Prop (as_initial … s2))
@@ -21 +22 @@
  ; simulate_tau:
      ∀s1:S1.∀s2:S2.∀s1':S1.
-      as_execute … (cost_act (None ?))  s1 s1'→
+      as_execute … (cost_act … (None ?))  s1 s1'→
       Srel … rel s1 s2 → as_classify … s1 ≠ cl_io → as_classify … s1' ≠ cl_io → 
-      ∃s2'. ∃t: raw_trace S2 s2 s2'.
+      ∃s2'. ∃t: raw_trace … S2 s2 s2'.
         Srel … rel s1' s2' ∧ silent_trace … t
  ; simulate_label:
      ∀s1:S1.∀s2:S2.∀l.∀s1':S1.
-      as_execute S1 (cost_act (Some ? l)) s1 s1' →
+      as_execute … S1 (cost_act … (Some ? l)) s1 s1' →
       as_classify … s1 ≠ cl_io → as_classify … s1' ≠ cl_io → 
       Srel … rel s1 s2 →
       ∃s2',s2'',s2'''.
-       ∃t1: raw_trace S2 s2 s2'.
-       as_execute … (cost_act (Some ? l)) s2' s2'' ∧
+       ∃t1: raw_trace … S2 s2 s2'.
+       as_execute … (cost_act … (Some ? l)) s2' s2'' ∧
        ∃t3: raw_trace … s2'' s2'''.
         Srel … rel  s1' s2''' ∧ silent_trace … t1 ∧ pre_silent_trace … t3
@@ -38 +39 @@
      ∀s1:S1.∀s2:S2.∀s1':S1.∀f,l.
       is_call_post_label … s1 →
-      as_execute … (call_act f l) s1 s1' →
+      as_execute … (call_act … f l) s1 s1' →
       as_classify … s1 ≠ cl_io → as_classify … s1' ≠ cl_io → 
       Srel … rel s1 s2 →
       ∃s2',s2'',s2'''.
-       ∃t1: raw_trace S2 s2 s2'.
-       as_execute … (call_act f l) s2' s2'' ∧
+       ∃t1: raw_trace … S2 s2 s2'.
+       as_execute … (call_act … f l) s2' s2'' ∧
        bool_to_Prop(is_call_post_label … s2') ∧
-       ∃t3: raw_trace S2 s2'' s2'''.
+       ∃t3: raw_trace … S2 s2'' s2'''.
         Srel … rel s1' s2''' ∧ silent_trace … t1 ∧ pre_silent_trace … t3
  ; simulate_ret_l:
      ∀s1:S1.∀s2:S2.∀s1':S1.∀l.
-      as_execute S1 (ret_act (Some ? l)) s1 s1' →
+      as_execute … S1 (ret_act … (Some ? l)) s1 s1' →
       as_classify … s1 ≠ cl_io → as_classify … s1' ≠ cl_io → 
       Srel  … rel s1 s2 →
       ∃s2',s2'',s2'''.
-       ∃t1: raw_trace S2 s2 s2'.
-       as_execute … (ret_act (Some ? l)) s2' s2'' ∧
-       ∃t3: raw_trace S2 s2'' s2'''.
+       ∃t1: raw_trace … S2 s2 s2'.
+       as_execute p S2 (ret_act p (Some ? l)) s2' s2'' ∧
+       ∃t3: raw_trace … S2 s2'' s2'''.
         Srel … rel s1' s2''' ∧ silent_trace … t1 ∧ pre_silent_trace … t3
  ; simulate_call_n:
      ∀s1:S1.∀s2:S2.∀s1':S1.∀f,l.
-      as_execute … (call_act f l) s1 s1' →
+      as_execute … (call_act … f l) s1 s1' →
       ¬ is_call_post_label … s1 →
       as_classify … s1 ≠ cl_io → as_classify … s1' ≠ cl_io → 
       Srel … rel s1 s2 →
       ∃s2',s2'',s2'''.
-       ∃t1: raw_trace S2 s2 s2'.
+       ∃t1: raw_trace … S2 s2 s2'.
        bool_to_Prop (¬ is_call_post_label … s2') ∧
-       as_execute … (call_act f l) s2' s2'' ∧
-       ∃t3: raw_trace S2 s2'' s2'''.
+       as_execute … (call_act … f l) s2' s2'' ∧
+       ∃t3: raw_trace … S2 s2'' s2'''.
         Srel … rel s1' s2''' ∧ silent_trace … t1 ∧ pre_silent_trace … t3 
         ∧ Crel … rel s1 s2'
  ; simulate_ret_n:
      ∀s1:S1.∀s2:S2.∀s1':S1.
-      as_execute … (ret_act (None ?)) s1 s1' →
+      as_execute … (ret_act … (None ?)) s1 s1' →
       as_classify … s1 ≠ cl_io → as_classify … s1' ≠ cl_io → 
       Srel … rel s1 s2 →
       ∃s2',s2'',s2''': S2.
-       ∃t1: raw_trace S2 s2 s2'.
-       as_execute … (ret_act (None ?)) s2' s2''  ∧
-       ∃t3: raw_trace S2 s2'' s2'''.
+       ∃t1: raw_trace … S2 s2 s2'.
+       as_execute … (ret_act … (None ?)) s2' s2''  ∧
+       ∃t3: raw_trace … S2 s2'' s2'''.
         Srel … rel s1' s2''' ∧ pre_silent_trace … t1 ∧ pre_silent_trace … t3 
         ∧ Rrel … rel s1' s2''
@@ -104 +105 @@
 qed.
 
-lemma simulate_labelled_action : ∀S1,S2 : abstract_status.
-∀rel : relations S1 S2.
+lemma simulate_labelled_action : ∀p.∀S1,S2 : abstract_status p.
+∀rel : relations … S1 S2.
 ∀s1,s2 : S1.∀s1' : S2.
-∀l : ActionLabel.
+∀l : ActionLabel p.
 simulation_conditions … rel → 
-is_costlabelled_act l → 
-(is_call_act l → is_call_post_label … s1) → 
+is_costlabelled_act … l → 
+(is_call_act … l → is_call_post_label … s1) → 
 as_execute … l s1 s2 → 
 Srel … rel s1 s1' → 
@@ -119 +120 @@
 silent_trace … t_pre ∧ silent_trace … t_post ∧
 as_execute … l pre_em post_em ∧
-(is_call_act l → is_call_post_label … pre_em) ∧
+(is_call_act … l → is_call_post_label … pre_em) ∧
 Srel … rel s2 s2'.
-#S1 #S2 #rel #s1 #s2 #s1' *
+#p #S1 #S2 #rel #s1 #s2 #s1' *
 [ #f #c | * [|#lbl] | * [|#lbl]]
 #sim * #Hcall #prf #REL * #Hio
@@ -162 +163 @@
 
 
-theorem simulates_pre_mesurable:
- ∀S1,S2 : abstract_status.∀rel : relations S1 S2.
- ∀s1,s1' : S1. ∀t1: raw_trace S1 s1 s1'.
+theorem simulates_pre_mesurable: ∀p.
+ ∀S1,S2 : abstract_status p.∀rel : relations … S1 S2.
+ ∀s1,s1' : S1. ∀t1: raw_trace … S1 s1 s1'.
   simulation_conditions … rel → 
   pre_measurable_trace … t1 →
@@ -175 +176 @@
     (measurable_suffix … t1 → measurable_suffix … t2) ∧
     (silent_trace … t1 → silent_trace … t2).
-#S1 #S2 #rel #s1 #s1' #t1 #sim #H elim H -t1 -s1 -s1'
+#p #S1 #S2 #rel #s1 #s1' #t1 #sim #H elim H -t1 -s1 -s1'
 [ #st #Hst #s2 #Hs2 #Rsts2 %{s2} %{(t_base …)} %
  [ % [ % // % // % //] * #s_em ** [ #sx | #x1 #x2 #x3 #l1 #prf1 #tl1] * #t_pre * #s_post * #t_post * #sil_tpost
@@ -243 +244 @@
     | #Hsuff cases(measurable_suffix_tind … Hsuff)
       [ * #_ #sil_tl lapply(Hs sil_tl) #sil_ts3 %{s2''} %{t_s2''} %{s2'''} %{(t_s2'''' @ t_s3)}
-      % [ /3 by or_introl, append_silent/ ] %{(cost_act (Some ? lbl))} %{(exe_s2''')} % // % // * #f * #c #EQ destruct
-      | #H @measurable_suffix_append change with ((t_ind ?????? t_s2'''')@t_s3) in ⊢ (????%);
+      % [ /3 by or_introl, append_silent/ ] %{(cost_act … (Some ? lbl))} %{(exe_s2''')} % // % // * #f * #c #EQ destruct
+      | #H @measurable_suffix_append change with ((t_ind ??????? t_s2'''')@t_s3) in ⊢ (?????%);
         @measurable_suffix_append /2/
       ]
@@ -279 +280 @@
  |  #Hsuff cases(measurable_suffix_tind … Hsuff)
       [ * #_ #sil_tl lapply(Hs sil_tl) #sil_ts3 %{st1} %{t1} %{st2} %{(t2 @ t_fin)}
-      % [ /3 by or_introl, append_silent/ ] %{(ret_act (Some ? ret_lab))} %{(exe_s2'')} % // % // * #f * #c #EQ destruct
-      | #H @measurable_suffix_append change with ((t_ind ?????? t2)@t_fin) in ⊢ (????%);
+      % [ /3 by or_introl, append_silent/ ] %{(ret_act … (Some ? ret_lab))} %{(exe_s2'')} % // % // * #f * #c #EQ destruct
+      | #H @measurable_suffix_append change with ((t_ind ??????? t2)@t_fin) in ⊢ (?????%);
         @measurable_suffix_append /2/
       ]
@@ -317 +318 @@
    | #Hsuff cases(measurable_suffix_tind … Hsuff)
       [ * #_ #sil_tl lapply(Hs sil_tl) #sil_ts3 %{s'} %{t1} %{s2''} %{(t2 @ t_fin)}
-      % [ /3 by or_introl, append_silent/ ] %{(call_act f lab)} %{(exe_s2'')} % // % //
-      | #H @measurable_suffix_append change with ((t_ind ?????? t2)@t_fin) in ⊢ (????%);
+      % [ /3 by or_introl, append_silent/ ] %{(call_act … f lab)} %{(exe_s2'')} % // % //
+      | #H @measurable_suffix_append change with ((t_ind ??????? t2)@t_fin) in ⊢ (?????%);
         @measurable_suffix_append /2/
       ]
@@ -381 +382 @@
      #st #EQ1 #EQ2 #EQ3 destruct normalize in ⊢ (% → ?); #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct
      #ABS1 >ABS1 in Hst1; [2: /3 by ex_intro/] *
-   | #Hsuff @measurable_suffix_append change with (t_ind ??????? @ ?) in ⊢ (????%); @measurable_suffix_append
-     change with (t_ind ??????? @ ?) in ⊢ (????%); @measurable_suffix_append @Hm2
+   | #Hsuff @measurable_suffix_append change with (t_ind ???????? @ ?) in ⊢ (?????%); @measurable_suffix_append
+     change with (t_ind ???????? @ ?) in ⊢ (?????%); @measurable_suffix_append @Hm2
      cases(measurable_suffix_append_case … Hsuff)
      [ * #_ * [2: * #H cases(H I)] #H inversion H in ⊢ ?; 
@@ -403 +404 @@
 qed.
 
-lemma silent_in_silent : ∀S1,S2 : abstract_status.∀rel : relations S1 S2.
- ∀s1,s1' : S1. ∀t1: raw_trace S1 s1 s1'.
+lemma silent_in_silent : ∀p.∀S1,S2 : abstract_status p.∀rel : relations … S1 S2.
+ ∀s1,s1' : S1. ∀t1: raw_trace … S1 s1 s1'.
   simulation_conditions … rel →
   ∀s2 : S2.Srel … rel s1 s2 → 
@@ -411 +412 @@
     silent_trace … t2 ∧
     Srel … rel s1' s2'.
+    #p
 #S1 #S2 #rel #s1 #s1' #t1 #sim #s2 #REL *
 [ #pre_sil_ti0 cases(simulates_pre_mesurable … sim … (pre_silent_is_premeasurable … pre_sil_ti0) … REL) 
@@ -423 +425 @@
 qed.
 
-lemma tail_of_premeasurable_is_not_io : ∀S : abstract_status.
+lemma tail_of_premeasurable_is_not_io : ∀p.∀S : abstract_status p.
 ∀s1,s2 : S.∀t : raw_trace … s1 s2.
 pre_measurable_trace … t → 
-as_classify … s2 ≠ cl_io.
+as_classify … s2 ≠ cl_io. #p
 #S #s1 #s2 #t #H elim H //
 qed.
 
 theorem simulates_measurable:
- ∀S1,S2: abstract_status.
- 
- ∀rel: relations S1 S2. simulation_conditions … rel →
+ ∀p.
+ ∀S1,S2: abstract_status p.
+ 
+ ∀rel: relations … S1 S2. simulation_conditions … rel →
  
  ∀si,sn: S1. ∀t: raw_trace … si sn.
@@ -451 +454 @@
  
  ∃s1',s2'. measurable … s1' s2' … t'.
-#S1 #S2 #rel #sim_rel #si #sn #t #s1 #s3 #Hmeas #s1' #Hclass #Rsi_si'
+#p #S1 #S2 #rel #sim_rel #si #sn #t #s1 #s3 #Hmeas #s1' #Hclass #Rsi_si'
 cases Hmeas -Hmeas #s0 * #s2 * #ti0 * #t12 * #t3n * #l1 * #l2 * #prf1 * #prf2 *******
 #pre_t12 #EQ destruct #Hl1 #Hl2 #Hcall_fin #sil_ti0 #sil_t3n #Hcall_init
@@ -469 +472 @@
 #sn' * #t_3n' * #sil_t3n' #Rsn_sn' %{sn'} 
 %{(ti0'@ t_s0'' @ (t_ind … prf1' (t_s1''@t12' @ t_s2'' @ (t_ind … prf2' (t_s3'' @ t_3n')))))}
-% [ % // cases daemon (*TODO*) ]
+% [ % // >(get_cost_label_invariant_for_append_silent_trace_l … sil_ti0)
+    >(get_cost_label_invariant_for_append_silent_trace_l … sil_ti0')
+    >(get_cost_label_invariant_for_append_silent_trace_l … sil_ts0'')
+    whd in ⊢ (??%%); @eq_f2 //
+    >(get_cost_label_invariant_for_append_silent_trace_l … sil_ts1'')
+    >get_cost_label_append >get_cost_label_append in ⊢ (???%); @eq_f2 //
+    >(get_cost_label_invariant_for_append_silent_trace_l … sil_ts2'')
+    whd in ⊢ (??%%); @eq_f2 //
+    >(get_cost_label_invariant_for_append_silent_trace_l … sil_ts3'')
+    >(get_cost_label_silent_is_empty … sil_t3n') >(get_cost_label_silent_is_empty … sil_t3n) % ]
 %{s1''} %{s3''} whd %{s0''} %{s2''} %{(ti0' @t_s0'')} %{(t_s1'' @ t12' @ t_s2'')}
 %{(t_s3'' @ t_3n')} %{l1} %{l2} %{prf1'} %{prf2'} % [2: /2/]
 % [2: /2 by append_silent/] % [2: /2 by append_silent/] % [2: /2/] % // % // % //
 @append_premeasurable_silent /2/
-qed. 
-
-
+qed.
+
+

LTS/Traces.ma

@@ -17 +17 @@
 include "basics/deqsets.ma".
 include "../src/ASM/Util.ma".
+include "basics/finset.ma".
+include "../src/utilities/hide.ma".
+include "utils.ma".
+
+(*Label parameters*)
+
+record label_params : Type[1] ≝ 
+{ label_type :> monoid
+; abelian_magg : is_abelian … label_type
+; succ_label : label_type → label_type
+; po_label : partial_order label_type
+; no_maps_in_id : ∀x.succ_label x ≠ x
+; le_lab_ok : ∀x,y.po_label … (op … x (succ_label y)) (succ_label (op … x y))
+; magg_def : ∀x,y.po_label … x (op … x y)
+; monotonic_magg : ∀x,y,z.po_label … x y → po_label … (op … x z) (op … y z)
+}.
+
+notation "hvbox(a break ⊑ ^ {b} break term 46 c)" 
+  non associative with precedence 45
+for @{ 'lab_leq $a $b $c}.
+
+interpretation "label 'less or equal to'" 'lab_leq x y z = (po_rel ? (po_label y) x z).
+
+lemma max_1 : ∀p : label_params.∀n,m,k : p.k ⊑^{p} m → k ⊑^{p} op … p m n.
+#p #m #n #k #H /2 by magg_def, trans_po_rel/ 
+qed.
+
+lemma max_2 : ∀p : label_params.∀n,m,k: p.k ⊑^{p} n → k ⊑^{p} op … p m n.
+#p #m #n #k #H >(abelian_magg … p) /2 by magg_def, trans_po_rel/
+qed.
+
+lemma lab_po_rel_succ : ∀p : label_params.∀x : p.x ⊑^{p} succ_label … x.
+#p #x @(trans_po_rel … (op … p … x (succ_label … (e … p)))) [ @(magg_def … p)] 
+@(trans_po_rel … (le_lab_ok … p …)) >neutral_r //
+qed.
+
+(*flat labels*)
+
+definition deqnat_monoid ≝ mk_monoid DeqNat max O ???.
+@hide_prf // [* //] #x #y #z normalize inversion(leb x y) normalize nodelta
+#leb_xy
+[ inversion(leb y z) normalize nodelta #leb_yz
+  [ >(le_to_leb_true …) // @(transitive_le … y) @leb_true_to_le //
+  | >leb_xy %
+  ]
+| inversion(leb x z) normalize nodelta #leb_xz
+  [ >(le_to_leb_true … y z) normalize nodelta [>leb_xz %] @(transitive_le … x) /2 by leb_true_to_le/
+    lapply(not_le_to_lt … (leb_false_to_not_le … leb_xy)) #H1 /2/
+  | cases(leb y z) normalize nodelta [ >leb_xz | >leb_xy ] //
+  ]
+]
+qed.
+
+definition part_order_nat ≝ mk_partial_order ℕ le ???.
+/2 by le_to_le_to_eq, transitive_le, le_n/
+qed.
+
+definition flat_labels ≝ mk_label_params deqnat_monoid ? S part_order_nat ????.
+@hide_prf
+[ normalize #x #y @leb_elim normalize nodelta
+  [2: #H >le_to_leb_true //  lapply(not_le_to_lt …  H) #H1 /2/
+  | * -y [ >le_to_leb_true //] #y #H >not_le_to_leb_false // @lt_to_not_le /2 by le_to_lt_to_lt/
+  ]
+| normalize #x /2 by sym_not_eq/
+| normalize #x #y @(leb_elim … x y) normalize nodelta
+  [ #H >le_to_leb_true /3 by le_to_lt_to_lt, monotonic_pred, le_n/
+  | #H @leb_elim normalize nodelta [ #H1 @le_S_S lapply(not_le_to_lt …  H) #H3 /2/ ]
+    #_ /2/
+  ]
+| normalize #x #y @leb_elim //
+| normalize #x #y #z #H @(leb_elim … y z) 
+  [ #H1 >(le_to_leb_true … (transitive_le … H H1)) //
+  | #H1 normalize cases(leb ??) normalize /3 by not_le_to_lt, lt_to_le/
+  ]
+]
+qed.
 
 (*LABELS*)
@@ -23 +99 @@
  | a_function_id : ℕ → FunctionName.
  
-inductive CallCostLabel : Type[0] ≝ 
- | a_call_label : ℕ → CallCostLabel.
+inductive CallCostLabel (p : label_params) : Type[0] ≝ 
+ | a_call_label : p → CallCostLabel p.
  
-inductive ReturnPostCostLabel : Type[0] ≝ 
- | a_return_cost_label : ℕ → ReturnPostCostLabel.
+inductive ReturnPostCostLabel (p : label_params) : Type[0] ≝ 
+ | a_return_cost_label : p → ReturnPostCostLabel p.
  
-inductive NonFunctionalLabel : Type[0] ≝ 
- | a_non_functional_label : ℕ → NonFunctionalLabel.
+inductive NonFunctionalLabel (p : label_params) : Type[0] ≝ 
+ | a_non_functional_label : p → NonFunctionalLabel p.
  
-inductive CostLabel : Type[0] ≝ 
- | a_call : CallCostLabel → CostLabel
- | a_return_post : ReturnPostCostLabel → CostLabel
- | a_non_functional_label : NonFunctionalLabel → CostLabel.
+inductive CostLabel (p : label_params) : Type[0] ≝ 
+ | a_call : CallCostLabel p → CostLabel p
+ | a_return_post : ReturnPostCostLabel p → CostLabel p
+ | a_non_functional_label : NonFunctionalLabel p → CostLabel p.
 
 coercion a_call.
@@ -41 +117 @@
 coercion a_non_functional_label.
 
-definition eq_nf_label : NonFunctionalLabel → NonFunctionalLabel → bool ≝
-λx,y.match x with [ a_non_functional_label n ⇒ 
-                    match y with [a_non_functional_label m ⇒ eqb n m ] ].
-
-lemma eq_fn_label_elim : ∀P : bool → Prop.∀l1,l2 : NonFunctionalLabel.
-(l1 = l2 → P true) → (l1 ≠ l2 → P false) → P (eq_nf_label l1 l2).
-#P * #l1 * #l2 #H1 #H2 normalize @eqb_elim /3/ * #H3 @H2 % #EQ destruct @H3 % qed.
-
-definition DEQNonFunctionalLabel ≝ mk_DeqSet NonFunctionalLabel eq_nf_label ?.
+definition eq_nf_label : ∀p.NonFunctionalLabel p → NonFunctionalLabel p → bool ≝
+λp,x,y.match x with [ a_non_functional_label n ⇒ 
+                    match y with [a_non_functional_label m ⇒ eqb … n m ] ].
+
+lemma eq_fn_label_elim : ∀P : bool → Prop.∀p.∀l1,l2 : NonFunctionalLabel p.
+(l1 = l2 → P true) → (l1 ≠ l2 → P false) → P (eq_nf_label … l1 l2).
+#P #p * #l1 * #l2 #H1 #H2 normalize inversion(?==?) #H 
+[ @H1 >(\P H) %
+| @H2 % #EQ destruct lapply(\Pf H) * #H3 @H3 %
+]
+qed. 
+ 
+definition DEQNonFunctionalLabel ≝ λp.mk_DeqSet (NonFunctionalLabel p) (eq_nf_label p) ?.
 #x #y @eq_fn_label_elim [ #EQ destruct /2/] * #H % [ #EQ destruct] #H1 @⊥ @H 
 assumption 
 qed.
 
-unification hint  0 ≔ ; 
-    X ≟ DEQNonFunctionalLabel
+unification hint  0 ≔ p; 
+    X ≟ (DEQNonFunctionalLabel p)
 (* ---------------------------------------- *) ⊢ 
-    NonFunctionalLabel ≡ carr X.
-
-unification hint  0 ≔ p1,p2; 
-    X ≟ DEQNonFunctionalLabel
+    (NonFunctionalLabel p) ≡ carr X.
+
+unification hint  0 ≔ p,p1,p2; 
+    X ≟ (DEQNonFunctionalLabel p)
 (* ---------------------------------------- *) ⊢ 
-    eq_nf_label p1 p2 ≡ eqb X p1 p2.
+    eq_nf_label p p1 p2 ≡ eqb X p1 p2.
 
 definition eq_function_name : FunctionName → FunctionName → bool ≝ 
@@ -86 +166 @@
     eq_function_name p1 p2 ≡ eqb X p1 p2.
 
-definition eq_return_cost_lab : ReturnPostCostLabel → ReturnPostCostLabel → bool ≝ 
-λc1,c2.match c1 with [a_return_cost_label n ⇒ match c2 with [ a_return_cost_label m ⇒ eqb n m]].
-
-lemma eq_return_cost_lab_elim : ∀P : bool → Prop.∀c1,c2.(c1 = c2 → P true) → 
-(c1 ≠ c2 → P false) → P (eq_return_cost_lab c1 c2).
-#P * #c1 * #c2 #H1 #H2 normalize @eqb_elim /2/ * #H @H2 % #EQ destruct @H % qed.
-
-definition DEQReturnPostCostLabel ≝ mk_DeqSet ReturnPostCostLabel eq_return_cost_lab ?.
+definition eq_return_cost_lab :∀p.ReturnPostCostLabel p → ReturnPostCostLabel p → bool ≝ 
+λp,c1,c2.match c1 with [a_return_cost_label n ⇒ match c2 with [ a_return_cost_label m ⇒ eqb … n m]].
+
+lemma eq_return_cost_lab_elim : ∀P : bool → Prop.∀p.∀c1,c2.(c1 = c2 → P true) → 
+(c1 ≠ c2 → P false) → P (eq_return_cost_lab p c1 c2).
+#P #p * #l1 * #l2 #H1 #H2 normalize inversion(?==?) #H 
+[ @H1 >(\P H) %
+| @H2 % #EQ destruct lapply(\Pf H) * #H3 @H3 %
+]
+qed.
+
+definition DEQReturnPostCostLabel ≝ λp.mk_DeqSet (ReturnPostCostLabel p) (eq_return_cost_lab …) ?.
 #x #y @eq_return_cost_lab_elim [ #EQ destruct /2/] * #H % [ #EQ destruct] #H1 @⊥ @H 
 assumption 
 qed.
 
-unification hint  0 ≔ ; 
-    X ≟ DEQReturnPostCostLabel
+unification hint  0 ≔ p ; 
+    X ≟ (DEQReturnPostCostLabel p)
 (* ---------------------------------------- *) ⊢ 
-    ReturnPostCostLabel ≡ carr X.
-
-unification hint  0 ≔ p1,p2; 
-    X ≟ DEQReturnPostCostLabel
+    (ReturnPostCostLabel p) ≡ carr X.
+
+unification hint  0 ≔ p,p1,p2; 
+    X ≟ (DEQReturnPostCostLabel p)
 (* ---------------------------------------- *) ⊢ 
-    eq_return_cost_lab p1 p2 ≡ eqb X p1 p2.
-
-definition eq_call_cost_lab : CallCostLabel → CallCostLabel → bool ≝ 
-λc1,c2.match c1 with [a_call_label x ⇒ match c2 with [a_call_label y ⇒ eqb x y ]].
-
-lemma eq_call_cost_lab_elim : ∀P : bool → Prop.∀c1,c2.(c1 = c2 → P true) → 
-(c1 ≠ c2 → P false) → P (eq_call_cost_lab c1 c2).
-#P * #c1 * #c2 #H1 #H2 normalize @eqb_elim /2/ * #H @H2 % #EQ destruct @H % qed.
-
-definition DEQCallCostLabel ≝ mk_DeqSet CallCostLabel eq_call_cost_lab ?.
+    eq_return_cost_lab p p1 p2 ≡ eqb X p1 p2.
+
+definition eq_call_cost_lab : ∀p.(CallCostLabel p) → (CallCostLabel p) → bool ≝ 
+λp,c1,c2.match c1 with [a_call_label x ⇒ match c2 with [a_call_label y ⇒ eqb … x y ]].
+
+lemma eq_call_cost_lab_elim : ∀P : bool → Prop.∀p.∀c1,c2.(c1 = c2 → P true) → 
+(c1 ≠ c2 → P false) → P (eq_call_cost_lab p c1 c2).
+#P #p * #l1 * #l2 #H1 #H2 normalize inversion(?==?) #H 
+[ @H1 >(\P H) %
+| @H2 % #EQ destruct lapply(\Pf H) * #H3 @H3 %
+]
+qed. 
+
+definition DEQCallCostLabel ≝ λp.mk_DeqSet (CallCostLabel p) (eq_call_cost_lab p) ?.
 #x #y @eq_call_cost_lab_elim [ #EQ destruct /2/] * #H % [ #EQ destruct] #H1 @⊥ @H 
 assumption 
 qed.
 
-unification hint  0 ≔ ; 
-    X ≟ DEQCallCostLabel
+unification hint  0 ≔ p; 
+    X ≟ (DEQCallCostLabel p)
 (* ---------------------------------------- *) ⊢ 
-    CallCostLabel ≡ carr X.
-
-unification hint  0 ≔ p1,p2; 
-    X ≟ DEQCallCostLabel
+    (CallCostLabel p) ≡ carr X.
+
+unification hint  0 ≔ p,p1,p2; 
+    X ≟ (DEQCallCostLabel p)
 (* ---------------------------------------- *) ⊢ 
-    eq_call_cost_lab p1 p2 ≡ eqb X p1 p2.
-
-definition eq_costlabel : CostLabel → CostLabel → bool ≝ 
-λc1.match c1 with
+    eq_call_cost_lab p p1 p2 ≡ eqb X p1 p2.
+
+definition eq_costlabel :∀p. (CostLabel p) → (CostLabel p) → bool ≝ 
+λp,c1.match c1 with
   [ a_call x1 ⇒ λc2.match c2 with [a_call y1 ⇒ x1 == y1 | _ ⇒ false ]
   | a_return_post x1 ⇒ 
@@ -139 +227 @@
   ].
 
-lemma eq_costlabel_elim : ∀P : bool → Prop.∀c1,c2.(c1 = c2 → P true) → 
-(c1 ≠ c2 → P false) → P (eq_costlabel c1 c2).
-#P * #c1 * #c2 #H1 #H2 whd in match (eq_costlabel ??);
+lemma eq_costlabel_elim : ∀P : bool → Prop.∀p.∀c1,c2.(c1 = c2 → P true) → 
+(c1 ≠ c2 → P false) → P (eq_costlabel p c1 c2).
+#P #p * #c1 * #c2 #H1 #H2 whd in match (eq_costlabel ??);
 try (@H2 % #EQ destruct) 
-[ change with (eq_call_cost_lab ??) in ⊢ (?%); @eq_call_cost_lab_elim
+[ change with (eq_call_cost_lab ???) in ⊢ (?%); @eq_call_cost_lab_elim
   [ #EQ destruct @H1 % | * #H @H2 % #EQ destruct @H % ]
-| change with (eq_return_cost_lab ??) in ⊢ (?%);
+| change with (eq_return_cost_lab ???) in ⊢ (?%);
    @eq_return_cost_lab_elim
    [ #EQ destruct @H1 % | * #H @H2 % #EQ destruct @H % ]
-| change with (eq_nf_label ??) in ⊢ (?%); @eq_fn_label_elim
+| change with (eq_nf_label ???) in ⊢ (?%); @eq_fn_label_elim
   [ #EQ destruct @H1 % | * #H @H2 % #EQ destruct @H % ]
 ]
@@ -154 +242 @@
 
 
-definition DEQCostLabel ≝ mk_DeqSet CostLabel eq_costlabel ?.
+definition DEQCostLabel ≝ λp.mk_DeqSet (CostLabel p) (eq_costlabel p) ?.
 #x #y @eq_costlabel_elim [ #EQ destruct /2/] * #H % [ #EQ destruct] #H1 @⊥ @H 
 assumption 
 qed.
 
-unification hint  0 ≔ ; 
-    X ≟ DEQCostLabel
+unification hint  0 ≔ p ; 
+    X ≟ (DEQCostLabel p)
 (* ---------------------------------------- *) ⊢ 
-    CostLabel ≡ carr X.
-
-unification hint  0 ≔ p1,p2; 
-    X ≟ DEQCostLabel
+    (CostLabel p) ≡ carr X.
+
+unification hint  0 ≔ p,p1,p2; 
+    X ≟ (DEQCostLabel p)
 (* ---------------------------------------- *) ⊢ 
-    eq_costlabel p1 p2 ≡ eqb X p1 p2.
-
-inductive ActionLabel : Type[0] ≝ 
- | call_act : FunctionName → CallCostLabel → ActionLabel
- | ret_act : option(ReturnPostCostLabel) → ActionLabel
- | cost_act : option NonFunctionalLabel → ActionLabel.
+    eq_costlabel p p1 p2 ≡ eqb X p1 p2.
+
+inductive ActionLabel (p : label_params) : Type[0] ≝ 
+ | call_act : FunctionName → CallCostLabel p → ActionLabel p
+ | ret_act : option(ReturnPostCostLabel p) → ActionLabel p
+ | cost_act : option (NonFunctionalLabel p) → ActionLabel p.
  
-definition is_cost_label : ActionLabel → Prop ≝ 
-λact.match act with [ cost_act nf ⇒ True | _ ⇒ False ].
-
-definition is_non_silent_cost_act : ActionLabel → Prop ≝ 
-λact. ∃l. act = cost_act (Some ? l).
-
-definition is_cost_act : ActionLabel → Prop ≝ 
-λact.∃l.act = cost_act l.
-
-definition is_call_act : ActionLabel → Prop ≝ 
-λact.∃f,l.act = call_act f l.
-
-definition is_labelled_ret_act : ActionLabel → Prop ≝ 
-λact.∃l.act = ret_act (Some ? l).
-
-definition is_unlabelled_ret_act : ActionLabel → Prop ≝ 
-λact.act = ret_act (None ?).
-
-definition is_costlabelled_act : ActionLabel → Prop ≝ 
-λact.match act with [ call_act _ _ ⇒ True
+definition eq_ActionLabel : ∀p.ActionLabel p → ActionLabel p → bool ≝ 
+λp,c1,c2.
+match c1 with
+[ call_act f l ⇒ match c2 with [ call_act f' l' ⇒ f == f' ∧ l == l' | _ ⇒ false]
+| ret_act x ⇒ match c2 with [ret_act y ⇒ match x with [ None ⇒ match y with [ None ⇒ true | _ ⇒ false]
+                                                      | Some l ⇒ match y with [ Some l' ⇒ l == l' | _ ⇒ false]
+                                                      ]
+                            | _ ⇒ false
+                            ]
+| cost_act x ⇒ match c2 with [cost_act y ⇒ match x with [ None ⇒ match y with [ None ⇒ true | _ ⇒ false]
+                                                        | Some l ⇒ match y with [ Some l' ⇒ l == l' | _ ⇒ false]
+                                                        ]
+                             | _ ⇒ false
+                             ]
+].
+
+definition is_cost_label : ∀p.ActionLabel p → Prop ≝ 
+λp,act.match act with [ cost_act nf ⇒ True | _ ⇒ False ].
+
+definition is_non_silent_cost_act : ∀p.ActionLabel p → Prop ≝ 
+λp,act. ∃l. act = cost_act … (Some ? l).
+
+definition is_cost_act : ∀p.ActionLabel p → Prop ≝ 
+λp,act.∃l.act = cost_act … l.
+
+definition is_call_act : ∀p.ActionLabel p → Prop ≝ 
+λp,act.∃f,l.act = call_act … f l.
+
+definition is_labelled_ret_act : ∀p.(ActionLabel p) → Prop ≝ 
+λp,act.∃l.act = ret_act … (Some ? l).
+
+definition is_unlabelled_ret_act : ∀p.ActionLabel p → Prop ≝ 
+λp,act.act = ret_act … (None ?).
+
+definition is_costlabelled_act : ∀p.ActionLabel p → Prop ≝ 
+λp,act.match act with [ call_act _ _ ⇒ True
                     | ret_act x ⇒ match x with [ Some _ ⇒ True | None ⇒ False ]
                     | cost_act x ⇒ match x with [ Some _ ⇒ True | None ⇒ False ]
                     ].
                     
-lemma is_costlabelled_act_elim : 
-∀P : ActionLabel → Prop.
-(∀l. is_costlabelled_act l → P l) → 
-(∀l. ¬is_costlabelled_act l → P l) → 
-∀l.P l.
+definition is_ret_call_act : ∀p.ActionLabel p → Prop ≝ 
+λp,a.match a with [ret_act _ ⇒ True | call_act _ _ ⇒ True | _ ⇒ False ].
+
+definition is_silent_cost_act_b : ∀p.ActionLabel p → bool ≝ 
+λp,act. match act with
+ [ cost_act x ⇒ match x with [None ⇒ true | _ ⇒ false ] | _ ⇒ false].
+                    
+lemma is_costlabelled_act_elim : ∀p. 
+∀P : ActionLabel p → Prop.
+(∀l. is_costlabelled_act p l → P l) → 
+(∀l. ¬is_costlabelled_act p l → P l) → 
+∀l.P l. #p
 #P #H1 #H2 * /2/
 [ * /2/ @H2 % *] * /2/ @H2 %*
 qed.
+
+lemma eq_a_call_label : ∀p.
+∀c1,c2.c1 == c2 → a_call p c1 == a_call p c2.
+#p #c1 #c2 #EQ cases(eqb_true ? c1 c2) #H1 #_ lapply(H1 (eq_true_to_b … EQ)) -EQ
+#EQ destruct >(\b (refl …)) @I
+qed.
+
+lemma eq_a_non_functional_label : ∀p.
+∀c1,c2.c1 == c2 → a_non_functional_label p c1 == a_non_functional_label p c2.
+#p #c1 #c2 #EQ cases(eqb_true (DEQNonFunctionalLabel ?) c1 c2) #H1 #_ lapply(H1 (eq_true_to_b … EQ)) -EQ
+#EQ destruct >(\b (refl …)) @I
+qed.
+
+(* TOOLS FOR FRESHING LABELS *)
+
+definition fresh_nf_label : ∀p : label_params.p → NonFunctionalLabel p × p ≝ 
+λp,x.〈a_non_functional_label … (succ_label … p x),(succ_label … p x)〉.
+
+definition fresh_cc_labe : ∀p : label_params.p → CallCostLabel p × p ≝ 
+λp,x.〈a_call_label … (succ_label … p x),(succ_label … p x)〉.
+
+definition fresh_rc_label : ∀p : label_params.p → ReturnPostCostLabel p × p ≝ 
+λp,x.〈a_return_cost_label … (succ_label … p x),(succ_label … p x)〉.
 
 
@@ -215 +349 @@
  | cl_other : status_class.
  
-record abstract_status : Type[2] ≝ 
+record abstract_status (p : label_params) : Type[2] ≝ 
  { as_status :> Type[0]
- ; as_execute : ActionLabel → relation as_status
+ ; as_execute : (ActionLabel p) → relation as_status
  ; as_syntactical_succ : relation as_status
  ; as_classify : as_status → status_class
@@ -225 +359 @@
  ; jump_emits : ∀s1,s2,l.
       as_classify … s1 = cl_jump → 
-      as_execute l s1 s2 → is_non_silent_cost_act l
+      as_execute l s1 s2 → is_non_silent_cost_act … l
  ; io_entering : ∀s1,s2,l.as_classify … s2 = cl_io → 
-      as_execute l s1 s2 → is_non_silent_cost_act l
+      as_execute l s1 s2 → is_non_silent_cost_act … l
  ; io_exiting : ∀s1,s2,l.as_classify … s1 = cl_io → 
-     as_execute l s1 s2 → is_non_silent_cost_act l
+     as_execute l s1 s2 → is_non_silent_cost_act … l
  }.
 
 (* RAW TRACES *)
 
-inductive raw_trace (S : abstract_status) : S → S → Type[0] ≝ 
-  | t_base : ∀st : S.raw_trace S st st
-  | t_ind : ∀st1,st2,st3 : S.∀l : ActionLabel.
-             as_execute S l st1 st2 → raw_trace S st2 st3 → 
-             raw_trace S st1 st3.
-
-let rec append_on_trace (S : abstract_status) (st1 : S) (st2 : S) (st3 : S)
-(t1 : raw_trace S st1 st2) on t1 : raw_trace S st2 st3 → raw_trace S st1 st3 ≝ 
+inductive raw_trace (p : label_params) (S : abstract_status p) : S → S → Type[0] ≝ 
+  | t_base : ∀st : S.raw_trace … S st st
+  | t_ind : ∀st1,st2,st3 : S.∀l : ActionLabel p.
+             as_execute … S l st1 st2 → raw_trace … S st2 st3 → 
+             raw_trace … S st1 st3.
+             
+
+let rec append_on_trace (p : label_params) (S : abstract_status p) (st1 : S) (st2 : S) (st3 : S)
+(t1 : raw_trace … S st1 st2) on t1 : raw_trace …  S st2 st3 → raw_trace … S st1 st3 ≝ 
 match t1
-return λst1,st2,tr.raw_trace S st2 st3 → raw_trace S st1 st3
+return λst1,st2,tr.raw_trace … S st2 st3 → raw_trace … S st1 st3
 with
 [ t_base st ⇒ λt2.t2
@@ -249 +384 @@
 ].
 
-interpretation "trace_append" 'append t1 t2 = (append_on_trace ???? t1 t2).
-
-lemma append_nil_is_nil : ∀S : abstract_status.
+interpretation "trace_append" 'append t1 t2 = (append_on_trace ????? t1 t2).
+
+let rec len (p : label_params) (s : abstract_status p) (st1 : s) (st2 : s) (t : raw_trace p s st1 st2)
+on t : ℕ ≝ 
+match t with
+[ t_base s ⇒ O
+| t_ind s1 s2 s3 l prf lt ⇒ S (len … lt)
+].
+
+lemma len_append : ∀p.∀S : abstract_status p.∀st1,st2,st3 : S.
+∀t1 : raw_trace … st1 st2.∀t2 : raw_trace … st2 st3.
+len  ???? (t1 @ t2)  = (len  ????  t1) + (len  ???? t2).
+#p #S #st1 #st2 #st3 #t1 elim t1 normalize //
+qed.
+
+lemma append_nil_is_nil : ∀p. ∀S : abstract_status p.
 ∀s1,s2 : S.∀t1 : raw_trace … s1 s2.∀t2 : raw_trace … s2 s1.
 t1 @ t2 = t_base … s1 → s1 = s2 ∧ t1 ≃ t_base … s1 ∧ t2 ≃ t_base … s1.
-#S #s1 #s2 #t1 elim t1 -t1 -s1 -s2
+#p #S #s1 #s2 #t1 elim t1 -t1 -s1 -s2
 [ #st #t2 normalize #EQ destruct /3 by refl_jmeq, conj/]
 #s1 #s2 #s3 #l #prf #t2 #IH #t2 normalize #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct
 qed.
 
-lemma append_associative : ∀S,st1,st2,st3,st4.
-∀t1 : raw_trace S st1 st2.∀t2 : raw_trace S st2 st3.
-∀t3 : raw_trace S st3 st4.(t1 @ t2) @ t3 = t1 @ (t2 @ t3).
-#S #st1 #st2 #st3 #st4 #t1 elim t1 -t1
+lemma append_associative : ∀p.∀S,st1,st2,st3,st4.
+∀t1 : raw_trace p S st1 st2.∀t2 : raw_trace … S st2 st3.
+∀t3 : raw_trace … S st3 st4.(t1 @ t2) @ t3 = t1 @ (t2 @ t3).
+#p #S #st1 #st2 #st3 #st4 #t1 elim t1 -t1
 [ #st #t2 #t3 %] #st1' #st2' #st3' #l #prf #tl #IH #t2 #t3 whd in ⊢ (??%%); >IH %
 qed.
 
-definition trace_prefix: ∀S : abstract_status.∀st1,st2,st3 : S.raw_trace … st1 st2 → 
+definition trace_prefix: ∀p.∀S : abstract_status p.∀st1,st2,st3 : S.raw_trace … st1 st2 → 
 raw_trace … st1 st3 → Prop≝ 
-λS,st1,st2,st3,t1,t2.∃t3 : raw_trace … st2 st3.t2 = t1 @ t3.
-
-definition trace_suffix : ∀S : abstract_status.∀st1,st2,st3 : S.raw_trace … st2 st3 → 
+λp,S,st1,st2,st3,t1,t2.∃t3 : raw_trace … st2 st3.t2 = t1 @ t3.
+
+definition trace_suffix : ∀p.∀S : abstract_status p.∀st1,st2,st3 : S.raw_trace … st2 st3 → 
 raw_trace … st1 st3 → Prop≝ 
-λS,st1,st2,st3,t1,t2.∃t3 : raw_trace … st1 st2.t2 = t3 @ t1.
-
-definition actionlabel_to_costlabel ≝ 
-λl : ActionLabel.match l with
+λp,S,st1,st2,st3,t1,t2.∃t3 : raw_trace … st1 st2.t2 = t3 @ t1.
+
+definition actionlabel_to_costlabel ≝ λp.
+λl : ActionLabel p.match l with
     [ call_act f c ⇒ [ c ]
     | ret_act x ⇒ match x with 
-                  [ Some c ⇒ [ a_return_post c ]
+                  [ Some c ⇒ [ a_return_post … c ]
                   | None ⇒ []
                   ]
     | cost_act x ⇒ match x with 
-                  [ Some c ⇒ [ a_non_functional_label c ]
+                  [ Some c ⇒ [ a_non_functional_label  … c ]
                   | None ⇒ [] 
                   ]
    ].
 
-let rec get_costlabels_of_trace (S : abstract_status) (st1 : S) (st2 : S)
-(t : raw_trace S st1 st2) on t : list CostLabel ≝ 
+let rec get_costlabels_of_trace (p : label_params) (S : abstract_status p) (st1 : S) (st2 : S)
+(t : raw_trace p S st1 st2) on t : list (CostLabel p) ≝ 
 match t with
 [ t_base st ⇒ [ ]
 | t_ind st1' st2' st3' l prf t' ⇒ 
     let tl ≝ get_costlabels_of_trace … t' in
-    actionlabel_to_costlabel l  @ tl
+    actionlabel_to_costlabel … l  @ tl
 ].
 
-lemma get_cost_label_append : ∀S : abstract_status.∀st1,st2,st3 : S.
+lemma get_cost_label_append : ∀p.∀S : abstract_status p.∀st1,st2,st3 : S.
 ∀t1 : raw_trace … st1 st2. ∀t2 : raw_trace … st2 st3.
 get_costlabels_of_trace … (t1 @ t2) = 
  append … (get_costlabels_of_trace … t1) (get_costlabels_of_trace … t2).
-#S #st1 #st2 #st3 #t1 elim t1 [ #st #t2 % ] #st1' #st2' #st3' *
+#p #S #st1 #st2 #st3 #t1 elim t1 [ #st #t2 % ] #st1' #st2' #st3' *
 [#f * #l | * [| * #l] | *  [| #l] ] #prf #tl #IH #t2 normalize try @eq_f @IH
 qed.
 
-lemma append_tind_commute : ∀S : abstract_status.∀st1,st2,st3,st4 : S.∀l.
-    ∀prf : as_execute … l st1 st2. ∀t1 : raw_trace S st2 st3.
-    ∀t2 : raw_trace S st3 st4.t_ind … prf (t1 @ t2) = (t_ind … prf t1) @ t2.
-#S #st1 #st2 #st3 #st4 #l #prf #t1 #t2 % qed.
+lemma append_tind_commute : ∀p.∀S : abstract_status p.∀st1,st2,st3,st4 : S.∀l.
+    ∀prf : as_execute … l st1 st2. ∀t1 : raw_trace p S st2 st3.
+    ∀t2 : raw_trace p S st3 st4.t_ind … prf (t1 @ t2) = (t_ind … prf t1) @ t2.
+#p #S #st1 #st2 #st3 #st4 #l #prf #t1 #t2 % qed.
 
 lemma get_costlabelled_is_costlabelled :
-∀S : abstract_status.∀s1,s2,s3 : S. ∀l.
+∀p.∀S : abstract_status p.∀s1,s2,s3 : S. ∀l.
 ∀prf : as_execute … l s1 s2.∀t : raw_trace … s2 s3.
-is_costlabelled_act l → 
+is_costlabelled_act p l → 
 |get_costlabels_of_trace … (t_ind … prf t)| = 1 + |get_costlabels_of_trace … t|.
-#S #s1 #s2 #s3 * normalize 
+#p #S #s1 #s2 #s3 * normalize 
   [ /2 by monotonic_pred/
   | * normalize /2 by lt_to_le, monotonic_pred/ #_ #t *
@@ -323 +471 @@
 (*SILENT TRACES*)
 
-inductive pre_silent_trace (S : abstract_status) :
-∀st1,st2 : S.raw_trace S st1 st2 → Prop ≝ 
-| silent_empty : ∀st : S.as_classify … st ≠ cl_io → pre_silent_trace … (t_base S st)
-| silent_cons : ∀st1,st2,st3 : S.∀prf : as_execute S (cost_act (None ?)) st1 st2.
-                ∀tl : raw_trace S st2 st3. as_classify … st1 ≠ cl_io → pre_silent_trace … tl → 
+inductive pre_silent_trace (p : label_params) (S : abstract_status p) :
+∀st1,st2 : S.raw_trace p S st1 st2 → Prop ≝ 
+| silent_empty : ∀st : S.as_classify … st ≠ cl_io → pre_silent_trace … (t_base p S st)
+| silent_cons : ∀st1,st2,st3 : S.∀prf : as_execute p S (cost_act  … (None ?)) st1 st2.
+                ∀tl : raw_trace p S st2 st3. as_classify … st1 ≠ cl_io → pre_silent_trace … tl → 
                 pre_silent_trace … (t_ind … prf … tl).
                 
-definition is_trace_non_empty : ∀S : abstract_status.∀st1,st2.
-raw_trace S st1 st2 → bool ≝ 
-λS,st1,st2,t.match t with [ t_base _ ⇒ false | _ ⇒ true ].
-
-definition silent_trace : ∀S:abstract_status.∀s1,s2 : S.
-raw_trace S s1 s2 → Prop ≝ λS,s1,s2,t.pre_silent_trace … t ∨ 
+definition is_trace_non_empty : ∀p.∀S : abstract_status p.∀st1,st2.
+raw_trace p S st1 st2 → bool ≝ 
+λp,S,st1,st2,t.match t with [ t_base _ ⇒ false | _ ⇒ true ].
+
+definition silent_trace : ∀p.∀S:abstract_status p.∀s1,s2 : S.
+raw_trace p S s1 s2 → Prop ≝ λp,S,s1,s2,t.pre_silent_trace … t ∨ 
 ¬ (bool_to_Prop (is_trace_non_empty … t)).
 
-lemma pre_silent_io : ∀S : abstract_status.
+lemma pre_silent_io : ∀p.∀S : abstract_status p.
 ∀s1,s2 : S. ∀t : raw_trace … s1 s2. pre_silent_trace … t → 
 as_classify … s2 ≠ cl_io.
-#S #s1 #s2 #t elim t [ #st #H inversion H // #st1 #st2 #st3 #prf #tl #H1 #sil_tl #_ #EQ1 #EQ2 #EQ3 destruct]
+#p #S #s1 #s2 #t elim t [ #st #H inversion H // #st1 #st2 #st3 #prf #tl #H1 #sil_tl #_ #EQ1 #EQ2 #EQ3 destruct]
 #st1 #st2 #st3 #l #prf #tl #IH #H inversion H // 
 #st1' #st2' #st3' #prf' #tl' #Hclass #silent_tl' #_ #EQ1 #EQ2 destruct
@@ -347 +495 @@
 qed.
 
-lemma append_silent : ∀S : abstract_status.
+lemma append_silent : ∀p.∀S : abstract_status p.
 ∀s1,s2,s3 : S. ∀t1 : raw_trace … s1 s2.
 ∀t2 : raw_trace … s2 s3.silent_trace … t1 → 
 silent_trace … t2 → 
 silent_trace … (t1 @ t2).
-#S #s1 #s2 #s3 #t1 elim t1 -t1 -s1 -s2
+#p #S #s1 #s2 #s3 #t1 elim t1 -t1 -s1 -s2
 [ #st #t2 #_ * /2 by or_introl, or_intror/ ]
 #st1 #st2 #st3 #l #prf #tl #IH #t2 *
@@ -364 +512 @@
 qed.
 
-lemma silent_append_l2 : ∀S : abstract_status.
+lemma silent_append_l2 : ∀p.∀S : abstract_status p.
 ∀s1,s2,s3 :S.∀t1 : raw_trace … s1 s2.∀t2 : raw_trace … s2 s3.
 silent_trace … (t1 @ t2) → silent_trace … t2.
-#S #s1 #s2 #s3 #t1 elim t1 // -s1 -s2
+#p #S #s1 #s2 #s3 #t1 elim t1 // -s1 -s2
 #st1 #st2 #st3 #l #prf #tl #IH #t2 * [2: * #H cases(H I)]
 #H @IH % inversion H in ⊢ ?;
@@ -375 +523 @@
 qed.
 
-lemma silent_append_l1 : ∀S : abstract_status.
+lemma silent_append_l1 : ∀p.∀S : abstract_status p.
 ∀s1,s2,s3 :S.∀t1 : raw_trace … s1 s2.∀t2 : raw_trace … s2 s3.
 silent_trace … (t1 @ t2) → silent_trace … t1.
-#S #s1 #s2 #s3 #t1 elim t1 -s1 -s2
+#p #S #s1 #s2 #s3 #t1 elim t1 -s1 -s2
 [ #st #t2 #_ %2 % *]
 #st1 #st2 #st3 #l #prf #tl #IH #t2 * [2: * #H cases(H I)] #H
@@ -391 +539 @@
 qed.
 
-lemma get_cost_label_silent_is_empty : ∀S : abstract_status.
-∀st1,st2.∀t : raw_trace S st1 st2.silent_trace … t → get_costlabels_of_trace … t = [ ].
-#S #st1 #st2 #t elim t [//] #s1 #s2 #s3 #l #prf #tl #IH * [2: * #ABS @⊥ @ABS % ]
+lemma get_cost_label_silent_is_empty : ∀p.∀S : abstract_status p.
+∀st1,st2.∀t : raw_trace p S st1 st2.silent_trace … t → get_costlabels_of_trace … t = [ ].
+#p #S #st1 #st2 #t elim t [//] #s1 #s2 #s3 #l #prf #tl #IH * [2: * #ABS @⊥ @ABS % ]
 #H inversion H
 [#s #cl #EQ1 #EQ2 #EQ3 destruct] #s1' #s2' #s3' #prf' #tl' #cl' #Htl #_ #EQ1 #EQ2 #EQ3
@@ -399 +547 @@
 qed.
 
-lemma get_cost_label_invariant_for_append_silent_trace_l :∀S : abstract_status.
-∀st1,st2,st3 : S.∀t1 : raw_trace S st1 st2.∀t2 : raw_trace S st2 st3.
+lemma get_cost_label_invariant_for_append_silent_trace_l :∀p.∀S : abstract_status p.
+∀st1,st2,st3 : S.∀t1 : raw_trace … st1 st2.∀t2 : raw_trace … st2 st3.
 silent_trace … t1 → 
 get_costlabels_of_trace … (t1 @ t2) = get_costlabels_of_trace … t2.
-#S #st1 #st2 #st3 #t1 elim t1
+#p #S #st1 #st2 #st3 #t1 elim t1
 [#st #t2 #_ %] #st1' #st2' #st3' #l' #prf #tl #IH #t2 * 
 [2: whd in match is_trace_non_empty; normalize nodelta * #ABS @⊥ @ABS %]
@@ -409 +557 @@
 #st1'' #st2'' #st3'' #prf'' #tl'' #Hclass #Htl'' #_ #EQ1 #EQ2 #EQ3 destruct
 #_ whd in ⊢ (??%?); >IH [%] %1 assumption
-qed. 
-
-lemma silent_suffix_cancellable : ∀S : abstract_status.
+qed.
+
+lemma silent_suffix_cancellable : ∀p.∀S : abstract_status p.
 ∀s1,s2,s2',s3,s3',s4 : S.∀l,l'.
 ∀t1 : raw_trace … s1 s2. ∀prf : as_execute … l s2 s3.
@@ -417 +565 @@
 ∀t1' :raw_trace … s1 s2'.∀prf' : as_execute … l' s2' s3'.
 ∀t2' : raw_trace … s3' s4.
-is_costlabelled_act l → is_costlabelled_act l' → 
+is_costlabelled_act … l → is_costlabelled_act … l' → 
 silent_trace … t2 → silent_trace … t2' → 
 t1 @ (t_ind … prf t2) = t1' @ (t_ind … prf' t2') → 
 s2 = s2' ∧ l = l' ∧ t1 ≃ t1'.
-#S #s1 #s2 #s2' #s3 #s3' #s4 #l #l' #t1 #prf #t2 #t1' #prf' #t2' #Hl #Hl' #sil_t2 #sil_t2'
+#p #S #s1 #s2 #s2' #s3 #s3' #s4 #l #l' #t1 #prf #t2 #t1' #prf' #t2' #Hl #Hl' #sil_t2 #sil_t2'
 lapply prf -prf lapply prf' -prf' lapply t1' -t1' elim t1
 [ normalize #st * normalize 
@@ -445 +593 @@
 (*PRE-MEASURABLE TRACES*)
 
-inductive pre_measurable_trace (S : abstract_status) :
-∀st1,st2 : S.raw_trace ? st1 st2 → Prop ≝ 
- | pm_empty : ∀st : S. as_classify … st ≠ cl_io → pre_measurable_trace … (t_base ? st)
- | pm_cons_cost_act : ∀st1,st2,st3 : S.∀l : ActionLabel.
-                      ∀prf : as_execute S l st1 st2.∀tl : raw_trace S st2 st3.
-                      as_classify … st1 ≠ cl_io → is_cost_act l → pre_measurable_trace … tl → 
+inductive pre_measurable_trace (p : label_params) (S : abstract_status p) :
+∀st1,st2 : S.raw_trace … st1 st2 → Prop ≝ 
+ | pm_empty : ∀st : S. as_classify … st ≠ cl_io → pre_measurable_trace … (t_base … st)
+ | pm_cons_cost_act : ∀st1,st2,st3 : S.∀l : ActionLabel p.
+                      ∀prf : as_execute … l st1 st2.∀tl : raw_trace … st2 st3.
+                      as_classify … st1 ≠ cl_io → is_cost_act … l → pre_measurable_trace … tl → 
                       pre_measurable_trace … (t_ind … prf … tl)
- | pm_cons_lab_ret : ∀st1,st2,st3 : S.∀l : ActionLabel.
+ | pm_cons_lab_ret : ∀st1,st2,st3 : S.∀l : ActionLabel p.
                       as_classify … st1 ≠ cl_io → 
-                      ∀prf : as_execute S l st1 st2.∀tl : raw_trace S st2 st3.
-                      is_labelled_ret_act l → pre_measurable_trace … tl → 
+                      ∀prf : as_execute … l st1 st2.∀tl : raw_trace … st2 st3.
+                      is_labelled_ret_act … l → pre_measurable_trace … tl → 
                       pre_measurable_trace … (t_ind … prf … tl)
- | pm_cons_post_call : ∀st1,st2,st3 : S.∀l : ActionLabel.
-                      ∀prf : as_execute S l st1 st2.∀tl : raw_trace S st2 st3.
-                      as_classify … st1 ≠ cl_io → is_call_act l → is_call_post_label … st1 → 
+ | pm_cons_post_call : ∀st1,st2,st3 : S.∀l : ActionLabel p.
+                      ∀prf : as_execute … l st1 st2.∀tl : raw_trace … st2 st3.
+                      as_classify … st1 ≠ cl_io → is_call_act … l → is_call_post_label … st1 → 
                       pre_measurable_trace … tl → 
                       pre_measurable_trace … (t_ind … prf … tl)
  | pm_balanced_call : ∀st1,st2,st3,st4,st5.∀l1,l2.
-                      ∀prf : as_execute S l1 st1 st2.∀t1 : raw_trace S st2 st3.
-                      ∀t2 : raw_trace S st4 st5.∀prf' : as_execute S l2 st3 st4.
+                      ∀prf : as_execute … l1 st1 st2.∀t1 : raw_trace … st2 st3.
+                      ∀t2 : raw_trace … st4 st5.∀prf' : as_execute … l2 st3 st4.
                       as_classify … st1 ≠ cl_io → as_classify … st3 ≠ cl_io 
-                      →  is_call_act l1 → ¬ is_call_post_label … st1 → 
+                      →  is_call_act … l1 → ¬ is_call_post_label … st1 → 
                       pre_measurable_trace … t1 → pre_measurable_trace … t2 → 
-                      as_syntactical_succ S st1 st4 → 
-                      is_unlabelled_ret_act l2 → 
+                      as_syntactical_succ … st1 st4 → 
+                      is_unlabelled_ret_act … l2 → 
                       pre_measurable_trace … (t_ind … prf … (t1 @ (t_ind … prf' … t2))).
-                      
-lemma pre_measurable_trace_inv : ∀S : abstract_status.
-∀st1,st2 : S.∀t : raw_trace … st1 st2. pre_measurable_trace … t → 
-(st1 = st2 ∧ as_classify … st1 ≠ cl_io ∧ t ≃ t_base … st1) ∨
-(∃st1' : S.∃l.∃prf : as_execute S l st1 st1'.∃tl. 
- t = t_ind … prf … tl ∧ as_classify … st1 ≠ cl_io ∧ is_cost_act l ∧ 
- pre_measurable_trace … tl) ∨
-(∃st1' : S.∃l.∃prf : as_execute S l st1 st1'.∃tl.
- t = t_ind … prf … tl ∧ 
- as_classify … st1 ≠ cl_io ∧ is_labelled_ret_act l ∧ pre_measurable_trace … tl) ∨
-(∃st1' : S .∃l.∃prf : as_execute S l st1 st1'.∃tl.
- t = t_ind … prf … tl ∧ as_classify … st1 ≠ cl_io ∧ is_call_act l ∧
- (bool_to_Prop (is_call_post_label … st1)) ∧ pre_measurable_trace … tl) ∨
-(∃st1',st1'',st1''' : S.∃l1,l2.∃prf : as_execute S l1 st1 st1'. 
- ∃t1 : raw_trace S st1' st1''.∃t2 : raw_trace S st1''' st2.
- ∃prf' : as_execute S l2 st1'' st1'''.
- t = t_ind … prf … (t1 @ (t_ind … prf' … t2)) ∧ as_classify … st1 ≠cl_io ∧
- as_classify … st1'' ≠ cl_io ∧ is_call_act l1 ∧ 
- bool_to_Prop (¬ is_call_post_label … st1) ∧
- pre_measurable_trace … t1 ∧ pre_measurable_trace … t2 ∧ 
- as_syntactical_succ S st1 st1''' ∧ is_unlabelled_ret_act l2).
-#S #st1 #st2 #t #H inversion H
-[ #st #Hclass #EQ1 #EQ2 destruct #EQ destruct #_ %%%%% // % //
-| #st1' #st2' #st3' #l #prf #tl #Hst1' #Hl #Htl #_ #EQ1 #EQ2 #EQ3 destruct #_
-  %%%%2 %{st2'} %{l} %{prf} %{tl} % // % // % //
-| #st1' #st2' #st3' #l #Hst1 #prf #tl #Hl #Htl #_ #EQ1 #EQ2 #EQ3 destruct #_
-  %%%2 %{st2'} %{l} %{prf} %{tl} % // % // % //
-| #st1' #st2' #st3' #l #prf #tl #Hst1 #Hl #H1st1 #Htl #_ #EQ1 #EQ2 #EQ3 destruct #_
-  % %2 %{st2'} %{l} %{prf} %{tl} % // % // % // % //
-| #st1' #st2' #st3' #st4' #st5' #l1 #l2 #prf #t1 #t2 #prf' #Hst1' #Hst3' #Hl1 
-  #H1st1'  #Ht1 #Ht2 #succ #Hl2 #_ #_ #EQ1 #EQ2 #EQ3 destruct #_ %2
-  %{st2'} %{st3'} %{st4'} %{l1} %{(ret_act (None ?))} %{prf} %{t1} %{t2}
-  %{prf'} /12 by conj/
-]
-qed.
-
-lemma append_premeasurable_silent : ∀S : abstract_status.
-∀st1',st1,st2 : S.∀t : raw_trace S st1 st2.∀t' : raw_trace S st1' st1.
+
+lemma append_premeasurable : ∀p.∀S : abstract_status p.
+∀st1,st2,st3 : S.∀t1 : raw_trace … st1 st2.∀t2: raw_trace … st2 st3.
+pre_measurable_trace … t1 → pre_measurable_trace … t2 → 
+pre_measurable_trace … (t1 @ t2).
+#p #S #st1 #st2 #st3 #t1 #t2 #Hpre lapply t2 -t2 elim Hpre -Hpre //
+[ #s1 #s2 #s3 #l #prf #tl #Hclass #Hcost #pre_tl #IH #t2 #pr3_t2
+  %2 // @IH //
+| #s1 #s2 #s3 #l #Hclass #prf #tl #ret_l #pre_tl #IH #t2 #pre_t2 %3 // @IH //
+| #s1 #s2 #s3 #l #prf #tl #Hclass #call #callp #pre_tl #IH #t2 #pre_t2 %4 // @IH //
+| #s1 #s2 #s3 #s4 #s5 #l1 #l2 #prf1 #tl1 #tl2 #prf2 #Hclass1 #Hclass3 #call_l1
+  #nopost #pre_tl1 #pre_tl2 #succ #unlab #IH1 #IH2 #t2 #pre_t2
+  normalize >append_associative in ⊢ (?????(????????%)); %5 // @IH2 //
+]
+qed.
+
+lemma append_premeasurable_silent : ∀p.∀S : abstract_status p.
+∀st1',st1,st2 : S.∀t : raw_trace … st1 st2.∀t' : raw_trace … st1' st1.
 pre_measurable_trace … t → silent_trace … t' →  
 pre_measurable_trace … (t' @ t).
-#S #st1' #st1 #st2 #t #t' lapply t -t elim t'
-[ #st #t #Hpre #_ whd in ⊢ (????%); assumption]
+#p #S #st1' #st1 #st2 #t #t' lapply t -t elim t'
+[ #st #t #Hpre #_ whd in ⊢ (?????%); assumption]
 #s1 #s2 #s3 #l #prf #tl #IH #t #Hpre * [2: * #H @⊥ @H %] #H inversion H in ⊢ ?;
 [ #s #H1 #EQ1 #EQ2 destruct #EQ destruct]
 #s1' #s2' #s3' #prf' #tl' #Hclass #silent_tl' #_ #EQ1 #EQ2 #EQ3 
-destruct #_ whd in ⊢ (????%); %2 
+destruct #_ whd in ⊢ (?????%); %2 
 [ assumption
 | %{(None ?)} %
@@ -524 +652 @@
 qed.
 
-lemma pre_silent_is_premeasurable : ∀S : abstract_status.
-∀st1,st2 : S. ∀t : raw_trace S st1 st2.pre_silent_trace … t 
+lemma pre_silent_is_premeasurable : ∀p.∀S : abstract_status p.
+∀st1,st2 : S. ∀t : raw_trace … st1 st2.pre_silent_trace … t 
 → pre_measurable_trace … t.
-#S #st1 #st2 #t elim t 
+#p #S #st1 #st2 #t elim t 
 [ #st #H inversion H in ⊢ ?; [ #st' #Hst #EQ1 #EQ2 #EQ3 destruct #_ %1 @Hst ]
 #st' #st'' #st''' #prf #tl #Hst'' #pre_tl #_ #EQ1 #EQ2 #EQ3 destruct ]
@@ -536 +664 @@
 qed.
 
-lemma append_silent_premeasurable : ∀S : abstract_status.
-∀st1',st1,st2 : S.∀t : raw_trace S st1 st2.∀t' : raw_trace S st1' st1.
+lemma append_silent_premeasurable : ∀p.∀S : abstract_status p.
+∀st1',st1,st2 : S.∀t : raw_trace … st1 st2.∀t' : raw_trace … st1' st1.
 pre_measurable_trace … t' → silent_trace … t →
 pre_measurable_trace … (t' @ t).
-#S #st1' #st1 #st2 #t #t' #Ht' lapply t -t elim Ht'
+#p #S #st1' #st1 #st2 #t #t' #Ht' lapply t -t elim Ht'
 [ #st #Hst #r * [ #H1 @pre_silent_is_premeasurable assumption ]
   inversion r [2: #H1 #H2 #H3 #H4 #H5 #H6 #H7 #H8 #H9 #H10 #H11 cases H11 
@@ -552 +680 @@
 #r #pre_r normalize
 >append_tind_commute >append_tind_commute >append_associative 
-<append_tind_commute in ⊢ (????(??????%)); %5
+<append_tind_commute in ⊢ (?????(???????%)); %5
 try assumption [1,3: whd [ %{f} %{l1'} ] % ] @IH2 assumption
 qed.
 
-lemma head_of_premeasurable_is_not_io : ∀S : abstract_status.
+lemma head_of_premeasurable_is_not_io : ∀p.∀S : abstract_status p.
 ∀st1,st2 : S. ∀t : raw_trace … st1 st2.pre_measurable_trace … t → 
-as_classify … st1 ≠ cl_io.
+as_classify … st1 ≠ cl_io. #p
 #S #st1 #st2 #t #H inversion H //
 qed.
 
-lemma get_costlabels_of_trace_empty : ∀S : abstract_status.∀s1,s2 : S.∀t : raw_trace … s1 s2.
+lemma get_costlabels_of_trace_empty : ∀p.∀S : abstract_status p.∀s1,s2 : S.∀t : raw_trace … s1 s2.
 get_costlabels_of_trace … t = nil ? → pre_measurable_trace … t → silent_trace … t.
-#S #s1 #s2 #t elim t [ #st #_ #_ %2 % * ] #st1 #st2 #st3 #l #prf #t' #IH #EQ #H -s1 -s2 inversion H
+#p #S #s1 #s2 #t elim t [ #st #_ #_ %2 % * ] #st1 #st2 #st3 #l #prf #t' #IH #EQ #H -s1 -s2 inversion H
 [ #H1 #H2 #H3 #H4 #H5 #H6 destruct
 | #s1 #s2 #s3 #l1 #prf1 #tl #Hclass * #lbl #EQ destruct #pre_meas_tl #_ #EQ1 #EQ2 #EQ3 #EQ4 destruct 
@@ -581 +709 @@
 (*NO-IO TRACES*)
 
-inductive no_io_trace (S : abstract_status) : ∀st1,st2 : S.raw_trace … st1 st2 → Prop ≝ 
-  t_base_io :∀st : S.as_classify … st ≠ cl_io →  no_io_trace S … (t_base … st)
+inductive no_io_trace (p : label_params) (S : abstract_status p) : ∀st1,st2 : S.raw_trace … st1 st2 → Prop ≝ 
+  t_base_io :∀st : S.as_classify … st ≠ cl_io →  no_io_trace … S … (t_base … st)
 | t_ind_io : ∀st1,st2,st3 : S.∀l,prf.∀tl : raw_trace … st2 st3.as_classify … st1 ≠ cl_io → 
                    no_io_trace … tl → no_io_trace … (t_ind … st1 … l prf tl).
 
-lemma no_io_append : ∀S : abstract_status.
+lemma no_io_append : ∀p.∀S : abstract_status p.
 ∀st1,st2,st3 : S.∀t1 : raw_trace … st1 st2.
 ∀t2 : raw_trace … st2 st3.
 no_io_trace … t1 → no_io_trace … t2 → 
 no_io_trace … (t1 @ t2).
-#S #st1 #st2 #st3 #t1 lapply st3 elim t1
+#p #S #st1 #st2 #st3 #t1 lapply st3 elim t1
 [ #st #st3 #t2 #_ //]
 #s #s' #s'' #l #prf #tl #IH #st3 #t2 #H inversion H in ⊢ ?;
@@ -599 +727 @@
 qed.
 
-lemma pre_measurable_no_io : ∀S : abstract_status.
+lemma pre_measurable_no_io : ∀p.∀S : abstract_status p.
 ∀st1,st2 : S. ∀t : raw_trace … st1 st2.
 pre_measurable_trace … t →
 no_io_trace … t.
-#S #st1 #st2 #t #H elim H /2/ -st1-st2
+#p #S #st1 #st2 #t #H elim H /2/ -st1-st2
 #st1 #st2 #st3 #st4 #st5 #l1 #l2 #prf1 #t1 #t2 #prf' #H1 #H2 #H3 #H4 #pre1 #pre2 #H5
 #H6 #IH1 #IH2 %2 // @no_io_append // %2 //
 qed.
 
-lemma head_of_no_io_is_no_io : ∀S : abstract_status.
+lemma head_of_no_io_is_no_io : ∀p.∀S : abstract_status p.
 ∀st1,st2 : S. ∀t : raw_trace … st1 st2.
 no_io_trace … t → as_classify … st1 ≠ cl_io.
-#S #st1 #st2 #t #H elim H //
-qed.
-
-
-lemma no_io_append_l1 : ∀S : abstract_status.
+#p #S #st1 #st2 #t #H elim H //
+qed.
+
+
+lemma no_io_append_l1 : ∀p.∀S : abstract_status p.
 ∀st1,st2,st3 : S.∀t1 : raw_trace … st1 st2.
 ∀t2 : raw_trace … st2 st3.no_io_trace … (t1 @ t2) → 
 no_io_trace … t1.
-#S #st1 #st2 #st3 #t1 lapply st3 elim t1 [ #st #st3 #t2 normalize #H % /2/]
+#p #S #st1 #st2 #st3 #t1 lapply st3 elim t1 [ #st #st3 #t2 normalize #H % /2/]
 #s #s' #s'' #l #prf #tl #IH #st3 #t2 #H inversion H in ⊢ ?;
 [ #H9 #H10 #H11 #H12 #H13 #H14 destruct normalize in H13; destruct ]
@@ -626 +754 @@
 qed.
 
-lemma no_io_append_l2 : ∀S : abstract_status.
+lemma no_io_append_l2 : ∀p.∀S : abstract_status p.
 ∀st1,st2,st3 : S.∀t1 : raw_trace … st1 st2.
 ∀t2 : raw_trace … st2 st3.no_io_trace … (t1 @ t2) → 
 no_io_trace … t2.
-#S #st1 #st2 #st3 #t1 lapply st3 elim t1 [ #st #st3 #t2 normalize #H assumption ]
+#p #S #st1 #st2 #st3 #t1 lapply st3 elim t1 [ #st #st3 #t2 normalize #H assumption ]
 #s #s' #s'' #l #prf #tl #IH #st3 #t2 #H @IH inversion H in ⊢ ?;
 [ #H9 #H10 #H11 #H12 #H13 #H14 destruct normalize in H13; destruct ]
@@ -638 +766 @@
 (*MEASURABLE TRACES*)
 
-definition measurable :
- ∀S: abstract_status. ∀si,s1,s3,sn : S. raw_trace … si sn →  Prop ≝
-λS,si,s1,s3,sn,t.
+definition measurable : ∀p.
+ ∀S: abstract_status p. ∀si,s1,s3,sn : S. raw_trace … si sn →  Prop ≝
+λp,S,si,s1,s3,sn,t.
  ∃s0,s2:S. ∃ti0 : raw_trace … si s0.∃t12 : raw_trace … s1 s2.∃t3n : raw_trace … s3 sn.
  ∃l1,l2,prf1,prf2.
- pre_measurable_trace … t12 ∧
-  t = ti0 @  t_ind ? s0 s1 sn l1 prf1 … (t12 @ (t_ind ? s2 s3 sn l2 prf2 … t3n))
- ∧ is_costlabelled_act l1 ∧ is_costlabelled_act l2 ∧ (is_call_act l2 → bool_to_Prop (is_call_post_label … s2)) 
- ∧ silent_trace … ti0 ∧ silent_trace … t3n ∧ (is_call_act l1 → bool_to_Prop (is_call_post_label … s0)).
+ pre_measurable_trace p … t12 ∧ 
+  t = ti0 @  t_ind … s0 s1 sn l1 prf1 … (t12 @ (t_ind … s2 s3 sn l2 prf2 … t3n))
+ ∧ is_costlabelled_act … l1 ∧ is_costlabelled_act … l2 ∧ (is_call_act … l2 → bool_to_Prop (is_call_post_label … s2)) 
+ ∧ silent_trace … ti0 ∧ silent_trace … t3n ∧ (is_call_act … l1 → bool_to_Prop (is_call_post_label … s0)).
 
  
-definition measurable_prefix ≝  
-λS : abstract_status.
+definition measurable_prefix ≝  λp.
+λS : abstract_status p.
 λs1,s4 :S.
 λt : raw_trace … s1 s4.
@@ -656 +784 @@
 ∃l.∃prf : as_execute … l s2 s3.
 ∃t34 : raw_trace … s3 s4.
-silent_trace … t12 ∧ t = t12 @ (t_ind … prf t34) ∧ is_costlabelled_act l.
+silent_trace … t12 ∧ t = t12 @ (t_ind … prf t34) ∧ is_costlabelled_act … l.
 
 lemma measurable_prefix_of_premeasurable : 
-∀S : abstract_status.
+∀p.
+∀S : abstract_status p.
 ∀s1,s4 : S.
 ∀t : raw_trace … s1 s4.
@@ -665 +794 @@
 get_costlabels_of_trace … t ≠ nil ? → 
 measurable_prefix … t.
-#S #s1 #s4 #t elim t
+#p #S #s1 #s4 #t elim t
 [ #st #_ * #H @⊥ @H %]
 #st1 #st2 #st3 #l @(is_costlabelled_act_elim … l) -l 
@@ -709 +838 @@
 
 definition measurable_suffix ≝
- λS : abstract_status.λs1,s1' : S.λt : raw_trace … s1 s1'.
+λp. λS : abstract_status p.λs1,s1' : S.λt : raw_trace … s1 s1'.
 ∃s1_em : S.
 ∃t_pre_em : raw_trace … s1 s1_em.
 ∃s1_postem : S.
      ∃t_post_em : raw_trace … s1_postem s1'.
-     silent_trace S ?? t_post_em ∧ 
-     ∃l_em : ActionLabel.
+     silent_trace … S ?? t_post_em ∧ 
+     ∃l_em : ActionLabel p.
      ∃ex_em : as_execute … l_em s1_em s1_postem.
      t = t_pre_em @ (t_ind … ex_em t_post_em) ∧
-     (is_call_act l_em → bool_to_Prop(is_call_post_label … s1_em)) ∧
-     is_costlabelled_act l_em.
+     (is_call_act … l_em → bool_to_Prop(is_call_post_label … s1_em)) ∧
+     is_costlabelled_act … l_em.
      
 
-lemma measurable_suffix_tind : ∀S : abstract_status.
-∀s1,s2,s3 : S.∀l : ActionLabel.∀prf : as_execute … l s1 s2.∀t : raw_trace … s2 s3.
-measurable_suffix … (t_ind … prf t) → (is_costlabelled_act l \wedge silent_trace … t) ∨ measurable_suffix … t.
-#S #s1 #s2 #s3 #l #prf #t lapply prf -prf lapply s1 -s1 cases t -t -s2 -s3
+lemma measurable_suffix_tind : ∀p.∀S : abstract_status p.
+∀s1,s2,s3 : S.∀l : ActionLabel p.∀prf : as_execute … l s1 s2.∀t : raw_trace … s2 s3.
+measurable_suffix … (t_ind … prf t) → (is_costlabelled_act … l ∧ silent_trace … t) ∨ measurable_suffix … t.
+#p #S #s1 #s2 #s3 #l #prf #t lapply prf -prf lapply s1 -s1 cases t -t -s2 -s3
 [ #st #st1 #prf * #s_em * #t_pre * #s_post * #t_post * #sil_post * #l_em * #ex_em **
  inversion t_pre in ⊢ ?; 
@@ -747 +876 @@
 qed.
 
-lemma measurable_suffix_append : ∀S : abstract_status.
+lemma measurable_suffix_append : ∀p.∀S : abstract_status p.
 ∀s1,s2,s3 : S.∀t1 : raw_trace … s1 s2.∀t2 : raw_trace … s2 s3.
 measurable_suffix … t2 → measurable_suffix … (t1 @ t2).
-#S #s1 #s2 #s3 #t1 #t2 * #s_em * #pre_t * #s_post * #t_post
+#p #S #s1 #s2 #s3 #t1 #t2 * #s_em * #pre_t * #s_post * #t_post
 * #sil_tpost * #l_em * #prf ** #EQ destruct #Hcall #Hcost
 %{s_em} %{(t1@pre_t)} %{s_post} %{t_post} /7 by ex_intro, conj/
 qed.
 
-lemma measurable_suffix_append_l1 : ∀S : abstract_status.
+lemma measurable_suffix_append_l1 : ∀p.∀S : abstract_status p.
 ∀s1,s2,s3 : S.∀t1 : raw_trace … s1 s2.∀t2 : raw_trace … s2 s3.
 measurable_suffix … (t1 @ t2) → silent_trace … t2 → measurable_suffix … t1.
-#S #s1 #s2 #s3 #t1 elim t1 -t1 -s1 -s2
+#p #S #s1 #s2 #s3 #t1 elim t1 -t1 -s1 -s2
 [#st #t2 * #s_em * #t_pre * #s_post * #t_post * #sil_tpost * #l_em * #exe ** #EQ normalize in EQ; destruct
  #Hcall #Hcost #H lapply(silent_append_l2 … H) -H * [2: * #H cases(H I)] #H inversion H
@@ -771 +900 @@
 | #s #s' #s'' #l' #prf' #tl' #_ #EQ1 #EQ2 #EQ3 destruct * #s_post * #t_post * #sil_tpost * #l_em * #ex_em
   ** #EQ normalize in EQ; lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct #Hcall #Hcost #H
-  change with ((t_ind ?????? (t_base …)) @ tl) in ⊢ (????%); @measurable_suffix_append @(IH t2) //
+  change with ((t_ind ??????? (t_base …)) @ tl) in ⊢ (?????%); @measurable_suffix_append @(IH t2) //
   %{s''} %{tl'} %{s_post} %{t_post} %{sil_tpost} %{l_em} %{ex_em} % // % assumption
 ]
 qed.
 
-lemma measurable_suffix_append_case : ∀S : abstract_status.
+lemma measurable_suffix_append_case : ∀p.∀S : abstract_status p.
 ∀s1,s2,s3 : S. ∀t1 : raw_trace … s1 s2.∀t2 : raw_trace … s2 s3.
 measurable_suffix … (t1 @ t2) → (measurable_suffix … t1 ∧ silent_trace … t2) ∨ measurable_suffix … t2.
-#S #s1 #s2 #s3 #t1 elim t1 -s1 -s2
+#p #S #s1 #s2 #s3 #t1 elim t1 -s1 -s2
 [ #st #t2 #H %2 assumption]
 #st1 #st2 #st3 #l #prf #tl #IH #t2 whd in match (append_on_trace ??????); #Hsuff
 cases(measurable_suffix_tind … Hsuff)
-[ * #_ #H %% [2: /2 by silent_append_l2/]  change with ((t_ind ?????? tl) @ t2) in Hsuff : (????%);
+[ * #_ #H %% [2: /2 by silent_append_l2/]  change with ((t_ind ??????? tl) @ t2) in Hsuff : (?????%);
  @(measurable_suffix_append_l1 … Hsuff) /2/
 | #H cases(IH … H)
-  [ * #H1 #H2 %% // change with ((t_ind ?????? (t_base …)) @ tl) in ⊢ (????%); @measurable_suffix_append //
+  [ * #H1 #H2 %% // change with ((t_ind ??????? (t_base …)) @ tl) in ⊢ (?????%); @measurable_suffix_append //
   | /2/
   ]
@@ -792 +921 @@
 qed.
 
-lemma measurable_is_measurable_suffix : ∀S : abstract_status.
+lemma measurable_is_measurable_suffix : ∀p.∀S : abstract_status p.
 ∀si,s1,s3,sn : S. ∀t : raw_trace … si sn.measurable …s1 s3 … t → measurable_suffix … t.
-#S #si #s1 #s3 #sn #t * #s0 * #s2 * #ti0 * #t12 * #t3n * #l1 * #l2 * #prf1 * #prf2 ******* #_
+#p #S #si #s1 #s3 #sn #t * #s0 * #s2 * #ti0 * #t12 * #t3n * #l1 * #l2 * #prf1 * #prf2 ******* #_
 #EQ destruct /11 width=20 by conj,ex_intro/
 qed.
 
-lemma prefix_of_measurable_suffix_is_premeasurable : ∀S : abstract_status.
+lemma prefix_of_measurable_suffix_is_premeasurable : ∀p.∀S : abstract_status p.
 ∀s1,s2,s3,s4 :S.∀l.∀prf : as_execute … l s2 s3.
 ∀t1 : raw_trace … s1 s2.∀t2 : raw_trace … s3 s4.∀t : raw_trace … s1 s4.
-pre_measurable_trace … t → t = (t1 @ (t_ind … prf t2)) → is_costlabelled_act l →
-silent_trace … t2 → (is_call_act l → bool_to_Prop(is_call_post_label … s2)) → 
+pre_measurable_trace … t → t = (t1 @ (t_ind … prf t2)) → is_costlabelled_act … l →
+silent_trace … t2 → (is_call_act … l → bool_to_Prop(is_call_post_label … s2)) → 
 pre_measurable_trace … t1.
-#S #s1 #s2 #s3 #s4 #l #prf #t1 #t2 #t #H lapply t1 -t1 lapply t2 -t2 lapply prf -prf lapply s2 -s2
+#p #S #s1 #s2 #s3 #s4 #l #prf #t1 #t2 #t #H lapply t1 -t1 lapply t2 -t2 lapply prf -prf lapply s2 -s2
 lapply s3 -s3 elim H -t -s1 -s4
 [ #st #_ #s1 #s2 #prf #r #p inversion p in ⊢ ?; 
@@ -856 +985 @@
       [ **] -Hmeas -IH1 -EQ * #s_em * #t_pre * #s_post * #t_post * #sil_tpost
       * #l_em * #ex_em ** #EQ destruct #H1 #H2
-      change with (t_ind … (t_base …) @ ?) in match (t_ind ???????) in e0;
+      change with (t_ind … (t_base …) @ ?) in match (t_ind ????????) in e0;
       <append_associative in e0; <append_associative #e0
       cases(silent_suffix_cancellable … e0) // -e0 * #EQ1 #EQ2 #EQ3 destruct 

LTS/Vm.ma

@@ -17 +17 @@
 ; io_instr : Type[0] }.
 
-inductive AssemblerInstr (p : assembler_params) : Type[0] ≝
-| Seq : seq_instr p → option (NonFunctionalLabel) →  AssemblerInstr p
-| Ijmp: ℕ → AssemblerInstr p
-| CJump : jump_condition p → ℕ → NonFunctionalLabel → NonFunctionalLabel → AssemblerInstr p
-| Iio : NonFunctionalLabel → io_instr p → NonFunctionalLabel → AssemblerInstr p
-| Icall: FunctionName → AssemblerInstr p
-| Iret: AssemblerInstr p.
-
-definition labels_pc_of_instr : ∀p.AssemblerInstr p → ℕ → list (CostLabel × ℕ) ≝ 
-λp,i,program_counter.
+inductive AssemblerInstr (p : assembler_params) (l_p : label_params) : Type[0] ≝
+| Seq : seq_instr p → option (NonFunctionalLabel l_p) →  AssemblerInstr p l_p
+| Ijmp: ℕ → AssemblerInstr p l_p
+| CJump : jump_condition p → ℕ → NonFunctionalLabel l_p → NonFunctionalLabel l_p → AssemblerInstr p l_p
+| Iio : NonFunctionalLabel l_p → io_instr p → NonFunctionalLabel l_p → AssemblerInstr p l_p
+| Icall: FunctionName → AssemblerInstr p l_p
+| Iret: AssemblerInstr p l_p.
+
+definition labels_pc_of_instr : ∀p,l_p.AssemblerInstr p l_p → ℕ → list (CostLabel l_p × ℕ) ≝ 
+λp,l_p,i,program_counter.
 match i with
   [ Seq _ opt_l ⇒ match opt_l with 
-                  [ Some lbl ⇒ [〈(a_non_functional_label lbl),S program_counter〉]
+                  [ Some lbl ⇒ [〈(a_non_functional_label … lbl),S program_counter〉]
                   | None ⇒ [ ]
                   ]
   | Ijmp _ ⇒ [ ]
-  | CJump _ newpc ltrue lfalse ⇒ [〈(a_non_functional_label ltrue),newpc〉;
-                                  〈(a_non_functional_label lfalse),S program_counter〉]
-  | Iio lin _ lout ⇒ [〈(a_non_functional_label lin),program_counter〉;
-                      〈(a_non_functional_label lout),S program_counter〉]
+  | CJump _ newpc ltrue lfalse ⇒ [〈(a_non_functional_label … ltrue),newpc〉;
+                                  〈(a_non_functional_label … lfalse),S program_counter〉]
+  | Iio lin _ lout ⇒ [〈(a_non_functional_label … lin),program_counter〉;
+                      〈(a_non_functional_label … lout),S program_counter〉]
   | Icall f ⇒ [ ]
   | Iret ⇒ [ ]
   ].
 
-let rec labels_pc (p : assembler_params)
-(prog : list (AssemblerInstr p)) (call_label_fun : list (ℕ × CallCostLabel))
-              (return_label_fun : list (ℕ × ReturnPostCostLabel)) (i_act : NonFunctionalLabel) 
-              (program_counter : ℕ) on prog : list (CostLabel × ℕ) ≝ 
+let rec labels_pc (p : assembler_params) (l_p : label_params)
+(prog : list (AssemblerInstr p l_p)) (call_label_fun : list (ℕ × (CallCostLabel l_p)))
+              (return_label_fun : list (ℕ × (ReturnPostCostLabel l_p))) (i_act : NonFunctionalLabel l_p) 
+              (program_counter : ℕ) on prog : list ((CostLabel l_p) × ℕ) ≝ 
 match prog with
-[ nil ⇒ [〈a_non_functional_label (i_act),O〉] @ 
-        map … (λx.let〈y,z〉 ≝ x in 〈(a_call z),y〉) (call_label_fun) @
-        map … (λx.let〈y,z〉 ≝ x in 〈(a_return_post z),y〉) (return_label_fun)
-| cons i is ⇒ (labels_pc_of_instr … i program_counter)@labels_pc p is call_label_fun return_label_fun i_act (S program_counter)
+[ nil ⇒ [〈a_non_functional_label … (i_act),O〉] @ 
+        map … (λx.let〈y,z〉 ≝ x in 〈(a_call … z),y〉) (call_label_fun) @
+        map … (λx.let〈y,z〉 ≝ x in 〈(a_return_post … z),y〉) (return_label_fun)
+| cons i is ⇒ (labels_pc_of_instr … i program_counter)@labels_pc p l_p is call_label_fun return_label_fun i_act (S program_counter)
 ].
 
 include "basics/lists/listb.ma".
 
-(*doppione da mettere a posto*)
-let rec no_duplicates (A : DeqSet) (l : list A) on l : Prop ≝ 
-match l with
-[ nil ⇒ True 
-| cons x xs ⇒ ¬ (bool_to_Prop (x ∈ xs)) ∧ no_duplicates … xs
-].
-
-
-record AssemblerProgram (p : assembler_params) : Type[0] ≝ 
-{ instructions : list (AssemblerInstr p)
+
+record AssemblerProgram (p : assembler_params) (l_p : label_params) : Type[0] ≝ 
+{ instructions : list (AssemblerInstr p l_p)
 ; endmain : ℕ
 ; endmain_ok : endmain < |instructions|
 ; entry_of_function : FunctionName → ℕ
-; call_label_fun : list (ℕ × CallCostLabel)
-; return_label_fun : list (ℕ × ReturnPostCostLabel)
-; in_act : NonFunctionalLabel
+; call_label_fun : list (ℕ × (CallCostLabel l_p))
+; return_label_fun : list (ℕ × (ReturnPostCostLabel l_p))
+; in_act : NonFunctionalLabel l_p
 ; asm_no_duplicates : no_duplicates … (map ?? \fst … (labels_pc … instructions call_label_fun return_label_fun in_act O))
 }.
 
 
-definition fetch: ∀p.AssemblerProgram p → ℕ → option (AssemblerInstr p) ≝
- λp,l,n. nth_opt ? n (instructions … l).
+definition fetch: ∀p,l_p.AssemblerProgram p l_p → ℕ → option (AssemblerInstr p l_p) ≝
+ λp,l_p,l,n. nth_opt ? n (instructions … l).
 
 definition stackT: Type[0] ≝ list (nat).
@@ -102 +95 @@
 
 
-inductive vmstep (p : assembler_params) (p' : sem_params p) 
-   (prog : AssemblerProgram p)  : 
-      ActionLabel → relation (vm_state p p') ≝ 
+inductive vmstep (p : assembler_params) (p' : sem_params p) (l_p : label_params) 
+   (prog : AssemblerProgram p l_p)  : 
+      ActionLabel l_p → relation (vm_state p p') ≝ 
 | vm_seq : ∀st1,st2 : vm_state p p'.∀i,l.
-           fetch … prog (pc … st1) = return (Seq p i l) → 
+           fetch … prog (pc … st1) = return (Seq p l_p i l) → 
            asm_is_io … st1 = false → 
            eval_asm_seq p p' i (asm_store … st1) = return asm_store … st2 →  
@@ -112 +105 @@
            asm_is_io … st1 = asm_is_io … st2 → 
            S (pc … st1) = pc … st2 → 
-           vmstep … (cost_act l) st1 st2
+           vmstep … (cost_act … l) st1 st2
 | vm_ijump : ∀st1,st2 : vm_state p p'.∀new_pc : ℕ. 
-           fetch … prog (pc … st1) = return (Ijmp p new_pc) → 
+           fetch … prog (pc … st1) = return (Ijmp p l_p new_pc) → 
            asm_is_io … st1 = false → 
            asm_store … st1 = asm_store … st2 → 
@@ -120 +113 @@
            asm_is_io … st1 = asm_is_io … st2 → 
            new_pc = pc … st2 → 
-           vmstep … (cost_act (None ?)) st1 st2
+           vmstep … (cost_act … (None ?)) st1 st2
 | vm_cjump_true : 
            ∀st1,st2 : vm_state p p'.∀cond,new_pc,ltrue,lfalse.
            eval_asm_cond p p' cond (asm_store … st1) = return true→ 
-           fetch … prog (pc … st1) = return (CJump p cond new_pc ltrue lfalse) → 
+           fetch … prog (pc … st1) = return (CJump p l_p cond new_pc ltrue lfalse) → 
            asm_is_io … st1 = false → 
            asm_store … st1 = asm_store … st2 → 
@@ -130 +123 @@
            asm_is_io … st1 = asm_is_io … st2 → 
            pc … st2 = new_pc → 
-           vmstep … (cost_act (Some ? ltrue)) st1 st2
+           vmstep … (cost_act … (Some ? ltrue)) st1 st2
 | vm_cjump_false : 
            ∀st1,st2 : vm_state p p'.∀cond,new_pc,ltrue,lfalse.
            eval_asm_cond p p' cond (asm_store … st1) = return false→ 
-           fetch … prog (pc … st1) = return (CJump p cond new_pc ltrue lfalse) → 
+           fetch … prog (pc … st1) = return (CJump p l_p cond new_pc ltrue lfalse) → 
            asm_is_io … st1 = false → 
            asm_store … st1 = asm_store … st2 → 
@@ -140 +133 @@
            asm_is_io … st1 = asm_is_io … st2 → 
            S (pc … st1) = pc … st2 → 
-           vmstep … (cost_act (Some ? lfalse)) st1 st2
+           vmstep … (cost_act … (Some ? lfalse)) st1 st2
 | vm_io_in :  
            ∀st1,st2 : vm_state p p'.∀lin,io,lout.
-           fetch … prog (pc … st1) = return (Iio p lin io lout) → 
+           fetch … prog (pc … st1) = return (Iio p l_p lin io lout) → 
            asm_is_io … st1 = false → 
            asm_store … st1 = asm_store … st2 → 
@@ -149 +142 @@
            true = asm_is_io … st2 → 
            pc … st1 = pc … st2 → 
-           vmstep … (cost_act (Some ? lin)) st1 st2
+           vmstep … (cost_act … (Some ? lin)) st1 st2
 | vm_io_out : 
            ∀st1,st2 : vm_state p p'.∀lin,io,lout.
-           fetch … prog (pc … st1) = return (Iio p lin io lout) → 
+           fetch … prog (pc … st1) = return (Iio p l_p lin io lout) → 
            asm_is_io … st1 = true → 
            eval_asm_io … io (asm_store … st1) = return asm_store … st2 → 
@@ -158 +151 @@
            false = asm_is_io … st2 → 
            S (pc … st1) = pc … st2 → 
-           vmstep … (cost_act (Some ? lout)) st1 st2
+           vmstep … (cost_act … (Some ? lout)) st1 st2
 | vm_call : 
            ∀st1,st2 : vm_state p p'.∀f,lbl.
-           fetch … prog (pc … st1) = return (Icall p f) → 
+           fetch … prog (pc … st1) = return (Icall p l_p f) → 
            asm_is_io … st1 = false → 
            asm_store … st1 = asm_store … st2 → 
@@ -167 +160 @@
            asm_is_io … st1 = asm_is_io … st2 → 
            entry_of_function … prog f = pc … st2 → 
-           label_of_pc ? (call_label_fun … prog) (entry_of_function … prog f) = return lbl → 
-           vmstep … (call_act f lbl) st1 st2
+           label_of_pc … (call_label_fun … prog) (entry_of_function … prog f) = return lbl → 
+           vmstep … (call_act … f lbl) st1 st2
 | vm_ret :
           ∀st1,st2 : vm_state p p'.∀newpc,lbl.
-           fetch … prog (pc … st1) = return (Iret p) → 
+           fetch … prog (pc … st1) = return (Iret p l_p) → 
            asm_is_io … st1 = false → 
            asm_store … st1 = asm_store … st2 → 
@@ -177 +170 @@
            asm_is_io … st1 = asm_is_io … st2 → 
            newpc = pc … st2 → 
-           label_of_pc ? (return_label_fun … prog) newpc = return lbl → 
-           vmstep … (ret_act (Some ? lbl)) st1 st2.
-
-definition eval_vmstate : ∀p : assembler_params.∀p' : sem_params p. 
-AssemblerProgram p → vm_state p p' → option (ActionLabel × (vm_state p p')) ≝ 
-λp,p',prog,st.
+           label_of_pc … (return_label_fun … prog) newpc = return lbl → 
+           vmstep … (ret_act … (Some ? lbl)) st1 st2.
+
+definition eval_vmstate : ∀p : assembler_params.∀p' : sem_params p.∀l_p : label_params.
+AssemblerProgram p l_p → vm_state p p' → option ((ActionLabel l_p) × (vm_state p p')) ≝ 
+λp,p',l_p,prog,st.
 ! i ← fetch … prog (pc … st);
 match i with
@@ -190 +183 @@
    else 
      ! new_store ← eval_asm_seq p p' x (asm_store … st);
-     return 〈cost_act opt_l,
+     return 〈cost_act … opt_l,
              mk_vm_state ?? (S (pc … st)) (asm_stack … st) new_store false〉
 | Ijmp newpc ⇒ 
@@ -196 +189 @@
      None ?
    else
-     return 〈cost_act (None ?),
+     return 〈cost_act … (None ?),
              mk_vm_state ?? newpc (asm_stack … st) (asm_store … st) false〉
 | CJump cond newpc ltrue lfalse ⇒ 
@@ -204 +197 @@
      ! b ← eval_asm_cond p p' cond (asm_store … st);
      if b then
-       return 〈cost_act (Some ? ltrue),
+       return 〈cost_act …(Some ? ltrue),
                mk_vm_state ?? newpc (asm_stack … st) (asm_store … st) false〉
      else
-       return 〈cost_act (Some ? lfalse),
+       return 〈cost_act … (Some ? lfalse),
                mk_vm_state ?? (S (pc … st)) (asm_stack … st) (asm_store … st) false〉
 | Iio lin io lout ⇒ 
               if asm_is_io … st then 
                  ! new_store ← eval_asm_io … io (asm_store … st);
-                 return 〈cost_act (Some ? lout),
+                 return 〈cost_act … (Some ? lout),
                          mk_vm_state ?? (S (pc … st)) (asm_stack … st) 
                          new_store false〉    
               else 
-                return 〈cost_act (Some ? lin),
+                return 〈cost_act … (Some ? lin),
                         mk_vm_state ?? (pc … st) (asm_stack … st) (asm_store … st)
                                     true〉
@@ -224 +217 @@
     else
       ! lbl ← label_of_pc ? (call_label_fun … prog) (entry_of_function … prog f);
-      return 〈call_act f lbl,
+      return 〈call_act … f lbl,
               mk_vm_state ?? (entry_of_function … prog f) 
                              ((S (pc … st)) :: (asm_stack … st))
@@ -233 +226 @@
             ! 〈newpc,tl〉 ← option_pop … (asm_stack … st);
             ! lbl ← label_of_pc ? (return_label_fun … prog) newpc;
-            return 〈ret_act (Some ? lbl),
+            return 〈ret_act … (Some ? lbl),
                     mk_vm_state ?? newpc tl (asm_store … st) false〉
 ].
 
-lemma eval_vmstate_to_Prop : ∀p,p',prog,st1,st2,l.
-eval_vmstate p p' prog st1 = return 〈l,st2〉 → vmstep … prog l st1 st2.
-#p #p' #prog #st1 #st2 #l whd in match eval_vmstate; normalize nodelta
+lemma eval_vmstate_to_Prop : ∀p,p',l_p,prog,st1,st2,l.
+eval_vmstate p p' l_p prog st1 = return 〈l,st2〉 → vmstep … prog l st1 st2.
+#p #p' #l_p #prog #st1 #st2 #l whd in match eval_vmstate; normalize nodelta
 #H cases(bind_inversion ????? H) -H * normalize nodelta
 [ #seq #opt_l * #EQfetch inversion(asm_is_io ???) normalize nodelta
@@ -269 +262 @@
 
  
-lemma vm_step_to_eval : ∀p,p',prog,st1,st2,l.vmstep … prog l st1 st2 → 
-eval_vmstate p p' prog st1 = return 〈l,st2〉.
-#p #p' #prog * #pc1 #stack1 #store1 #io1
+lemma vm_step_to_eval : ∀p,p',l_p,prog,st1,st2,l.vmstep … prog l st1 st2 → 
+eval_vmstate p p' l_p prog st1 = return 〈l,st2〉.
+#p #p' #l_p #prog * #pc1 #stack1 #store1 #io1
 * #pc2 #stack2 #store2 #io2 #l #H inversion H
 [ #s1 #s2 #i #opt_l #EQfetch #EQio #EQstore #EQstack #EQio1 #EQpc
@@ -316 +309 @@
 
 definition ass_vmstep ≝
- λp,p',prog.
+ λp,p',l_p,prog.
   λl.λs1,s2 : vm_ass_state p p'.
                     match s1 with 
@@ -322 +315 @@
                         match s2 with
                         [ STATE st2 ⇒  
-                            (eqb (pc ?? st1) (endmain … prog)) = false ∧ vmstep p p' prog l st1 st2
+                            (eqb (pc ?? st1) (endmain … prog)) = false ∧ vmstep p p' l_p prog l st1 st2
                         | INITIAL ⇒ False
                         | FINAL ⇒ eqb (pc … st1) (endmain … prog) = true ∧
-                           l = cost_act (Some … (in_act … prog))
+                           l = cost_act … (Some … (in_act … prog))
                         ]
                     | INITIAL ⇒ match s2 with
                                 [ STATE st2 ⇒ eqb (pc … st2) O = true ∧
-                                   l = cost_act (Some … (in_act … prog))
+                                   l = cost_act … (Some … (in_act … prog))
                                 | _ ⇒ False
                                 ]
@@ -335 +328 @@
                     ].
 
-definition asm_operational_semantics : ∀p.sem_params p → AssemblerProgram p →  abstract_status ≝ 
-λp,p',prog.let init_act ≝ cost_act (Some ? (in_act … prog)) in
-           let end_act ≝ cost_act (Some ? (in_act … prog)) in
-    mk_abstract_status 
+definition asm_operational_semantics : ∀p,l_p.sem_params p → AssemblerProgram p l_p →  abstract_status l_p ≝ 
+λp,l_p,p',prog.let init_act ≝ cost_act … (Some ? (in_act … prog)) in
+           let end_act ≝ cost_act … (Some ? (in_act … prog)) in
+    mk_abstract_status …
                 (vm_ass_state p p')
                 (ass_vmstep … prog)
@@ -427 +420 @@
 
 definition asm_concrete_trans_sys ≝ 
-λp,p',prog.mk_concrete_transition_sys … 
-             (asm_operational_semantics p p' prog).
+λp,p',l_p,prog.mk_concrete_transition_sys … 
+             (asm_operational_semantics p p' l_p prog).
              
          
 definition emits_labels ≝ 
-λp.λinstr : AssemblerInstr p.match instr with
+λp,l_p.λinstr : AssemblerInstr p l_p.match instr with
         [ Seq _ opt_l ⇒ match opt_l with 
                         [ None ⇒ Some ? (λpc.S pc) 
@@ -441 +434 @@
         ]. 
 
-definition fetch_state : ∀p,p'.AssemblerProgram p → vm_state p p' → option (AssemblerInstr p) ≝ 
-λp,p',prog,st.fetch … prog (pc … st).
-
-record asm_galois_connection (p: assembler_params) (p': sem_params p) (prog: AssemblerProgram p) : Type[2] ≝
+definition fetch_state : ∀p,p',l_p.AssemblerProgram p l_p → vm_state p p' → option (AssemblerInstr p l_p) ≝ 
+λp,p',l_p,prog,st.fetch … prog (pc … st).
+
+record asm_galois_connection (p: assembler_params) (p': sem_params p) (l_p : label_params) (prog: AssemblerProgram p l_p) : Type[2] ≝
 { aabs_d : abstract_transition_sys
-; agalois_rel:> galois_rel (asm_concrete_trans_sys p p' prog) aabs_d
+; agalois_rel:> galois_rel … (asm_concrete_trans_sys p l_p p' prog) aabs_d
 }.
 
 definition galois_connection_of_asm_galois_connection:
- ∀p,p',prog. asm_galois_connection p p' prog → galois_connection ≝
- λp,p',prog,agc.
-  mk_galois_connection
-   (asm_concrete_trans_sys p p' prog)
+ ∀p,p',l_p,prog. asm_galois_connection p p' l_p prog → galois_connection l_p ≝
+ λp,p',l_p,prog,agc.
+  mk_galois_connection …
+   (asm_concrete_trans_sys p l_p p' prog)
    (aabs_d … agc)
    (agalois_rel … agc).
@@ -460 +453 @@
 
 definition ass_fetch ≝
- λp,p',prog.
-    λs.match s with [ STATE st ⇒ if eqb (pc … st) (endmain … prog) then
+ λp,p',l_p,prog.
+    λs.match s with [ STATE st ⇒ if eqb (pc … st) (endmain p l_p prog) then
                                    Some ? (None ?) 
-                               else ! x ← fetch_state p p' prog st; Some ? (Some ? x) 
+                               else ! x ← fetch_state p p' l_p prog st; Some ? (Some ? x) 
                     | INITIAL ⇒ Some ? (None ?)
                     | FINAL  ⇒ None ? ].
 
 definition ass_instr_map ≝
- λp,p',prog.λasm_galois_conn: asm_galois_connection p p' prog.
-  λinstr_map: AssemblerInstr p → (*option*) (abs_instr … (abs_d asm_galois_conn)).
+ λp,p',l_p,prog.λasm_galois_conn: asm_galois_connection p p' l_p prog.
+  λinstr_map: AssemblerInstr p l_p → (*option*) (abs_instr … (abs_d … asm_galois_conn)).
   (λi.match i with [None ⇒ (*Some …*) (e …) |Some x ⇒ instr_map … x]).
 
-record asm_abstract_interpretation (p: assembler_params) (p': sem_params p) (prog: AssemblerProgram p) : Type[2] ≝
-{ asm_galois_conn: asm_galois_connection p p' prog
-; instr_map : AssemblerInstr p → (*option*) (abs_instr … (abs_d asm_galois_conn))
+record asm_abstract_interpretation (p: assembler_params) (p': sem_params p) (l_p : label_params) (prog: AssemblerProgram p l_p) : Type[2] ≝
+{ asm_galois_conn: asm_galois_connection p p' l_p prog
+; instr_map : AssemblerInstr p l_p → (*option*) (abs_instr … (abs_d … asm_galois_conn))
 ; instr_map_ok :
    ∀s,s': concr … asm_galois_conn. ∀a: abs_d … asm_galois_conn.∀l,i.
@@ -484 +477 @@
 
 definition abstract_interpretation_of_asm_abstract_interpretation:
- ∀p,p',prog. asm_abstract_interpretation p p' prog → abstract_interpretation
+ ∀p,p',l_p,prog. asm_abstract_interpretation p p' l_p prog → abstract_interpretation l_p
 ≝
-λp,p',prog,aai.
- mk_abstract_interpretation
-  (asm_galois_conn … aai) (option (AssemblerInstr p)) (ass_fetch p p' prog)
+λp,p',l_p,prog,aai.
+ mk_abstract_interpretation …
+  (asm_galois_conn … aai) (option (AssemblerInstr p l_p)) (ass_fetch p p' l_p prog)
    (ass_instr_map … prog … (instr_map … aai)) (instr_map_ok … aai).
 
@@ -496 +489 @@
 λA,l.match l with [ nil ⇒ false | _ ⇒  true ].
 
-let rec block_cost (p : assembler_params) 
- (prog: AssemblerProgram p) (abs_t : monoid) 
- (instr_m : AssemblerInstr p → abs_t)
+let rec block_cost (p : assembler_params) (l_p : label_params)
+ (prog: AssemblerProgram p l_p) (abs_t : monoid) 
+ (instr_m : AssemblerInstr p l_p → abs_t)
  (prog_c: option ℕ) 
     (program_size: ℕ) 
@@ -532 +525 @@
 
 
-lemma labels_pc_ok : ∀p,prog,l1,l2,i_act,i,lbl,pc,m.
+lemma labels_pc_ok : ∀p,l_p,prog,l1,l2,i_act,i,lbl,pc,m.
 nth_opt ? pc prog = return i →
 mem ? lbl (labels_pc_of_instr … i (m+pc)) → 
-mem ? lbl (labels_pc p prog l1 l2 i_act m).
-#p #instrs #l1 #l2 #iact #i #lbl #pc 
+mem ? lbl (labels_pc p l_p prog l1 l2 i_act m).
+#p #l_p #instrs #l1 #l2 #iact #i #lbl #pc 
 whd in match fetch; normalize nodelta lapply pc -pc
 elim instrs
@@ -547 +540 @@
 qed.
 
-lemma labels_pf_in_act: ∀p,prog,pc.
-  mem CostLabel (in_act p prog)
-  (map (CostLabel×ℕ) CostLabel \fst
-   (labels_pc p (instructions p prog) (call_label_fun p prog)
-    (return_label_fun p prog) (in_act p prog) pc)).
- #p #prog elim (instructions p prog) normalize /2/
-qed.
-
-lemma labels_pc_return: ∀p,prog,l1,l2,iact,x1,x2.
- label_of_pc ReturnPostCostLabel l2 x1=return x2 →
+lemma labels_pf_in_act: ∀p,l_p,prog,pc.
+  mem (CostLabel l_p) (in_act p l_p prog)
+  (map ((CostLabel l_p)×ℕ) (CostLabel l_p) \fst
+   (labels_pc p … (instructions p …  prog) (call_label_fun p … prog)
+    (return_label_fun p …  prog) (in_act p … prog) pc)).
+ #p #l_p #prog elim (instructions … prog) normalize /2/
+qed.
+
+lemma labels_pc_return: ∀p,l_p,prog,l1,l2,iact,x1,x2.
+ label_of_pc (ReturnPostCostLabel l_p) l2 x1=return x2 →
  ∀m.
-   mem … 〈(a_return_post x2),x1〉 (labels_pc p prog l1 l2 iact m).
- #p #l #l1 #l2 #iact whd in match (labels_pc ???); #x1 #x2 #H elim l
+   mem … 〈(a_return_post … x2),x1〉 (labels_pc p l_p prog l1 l2 iact m).
+ #p #l_p #l #l1 #l2 #iact whd in match (labels_pc ???); #x1 #x2 #H elim l
 [ #m @mem_append_l2 @mem_append_l2 whd in H:(??%?);
   elim l2 in H; [ whd in ⊢ (??%% → ?); #EQ destruct]
@@ -569 +562 @@
 qed.
 
-lemma labels_pc_call: ∀p,prog,l1,l2,iact,x1,x2.
- label_of_pc CallCostLabel l1 x1=return x2 →
+lemma labels_pc_call: ∀p,l_p,prog,l1,l2,iact,x1,x2.
+ label_of_pc (CallCostLabel l_p) l1 x1=return x2 →
  ∀m.
-   mem … 〈(a_call x2),x1〉 (labels_pc p prog l1 l2 iact m).
- #p #l #l1 #l2 #iact whd in match (labels_pc ???); #x1 #x2 #H elim l
+   mem … 〈(a_call l_p x2),x1〉 (labels_pc p l_p prog l1 l2 iact m).
+ #p #l_p #l #l1 #l2 #iact whd in match (labels_pc ???); #x1 #x2 #H elim l
 [ #m @mem_append_l2 @mem_append_l1 whd in H:(??%?);
   elim l1 in H; [ whd in ⊢ (??%% → ?); #EQ destruct]
@@ -609 +602 @@
 ].
 
-definition static_analisys : ∀p : assembler_params.∀abs_t : monoid.(AssemblerInstr p → abs_t) → 
-∀mT : cost_map_T DEQCostLabel abs_t.AssemblerProgram p → option mT ≝
-λp,abs_t,instr_m,mT,prog.
+definition static_analisys : ∀p : assembler_params.∀l_p : label_params.∀abs_t : monoid.(AssemblerInstr p l_p → abs_t …) → 
+∀mT : cost_map_T (DEQCostLabel l_p) (abs_t …).AssemblerProgram p l_p → option mT ≝
+λp,l_p,abs_t,instr_m,mT,prog.
 let prog_size ≝ S (|instructions … prog|) in
-m_foldr Option ?? (λx,m.let 〈z,w〉≝ x in ! k ← block_cost p prog abs_t instr_m (Some ? w) prog_size;  
+m_foldr Option ?? (λx,m.let 〈z,w〉≝ x in ! k ← block_cost p l_p prog abs_t instr_m (Some ? w) prog_size;  
                                return set_map … m z k) (labels_pc … (instructions … prog) 
                                          (call_label_fun … prog) (return_label_fun … prog) (in_act … prog) O) 
       (empty_map ?? mT).
       
-
-(*falso: necessita di no_duplicates*)
 
 definition eq_deq_prod : ∀D1,D2 : DeqSet.D1 × D2 → D1 × D2 → bool ≝ 
@@ -658 +649 @@
 qed.
 
-lemma static_analisys_ok : ∀p,abs_t,instr_m,mT,prog,lbl,pc,map.
-static_analisys p abs_t instr_m mT prog = return map → 
+lemma static_analisys_ok : ∀p,l_p,abs_t,instr_m,mT,prog,lbl,pc,map.
+static_analisys p l_p abs_t instr_m mT prog = return map → 
 mem … 〈lbl,pc〉 (labels_pc … (instructions … prog) (call_label_fun … prog) 
                    (return_label_fun … prog) (in_act … prog) O) → 
@@ -665 +656 @@
 block_cost … prog abs_t instr_m (Some ? pc) (S (|(instructions … prog)|)) ∧
 block_cost … prog abs_t instr_m (Some ? pc) (S (|(instructions … prog)|)) ≠ None ?.
-#p #abs_t #instr_m #mT * #prog whd in match static_analisys; normalize nodelta
+#p #l_p #abs_t #instr_m #mT * #prog whd in match static_analisys; normalize nodelta
 #endmain #Hendmain #entry_fun #call_label_fun #return_label_fun #inact
 #nodup generalize in match nodup in ⊢ (∀_.∀_.∀_. (??(????%??)?) → %); #Hnodup lapply nodup -nodup
-lapply (labels_pc ??????) #l elim l [ #x #y #z #w #h * ]
+lapply (labels_pc ???????) #l elim l [ #x #y #z #w #h * ]
 * #hd1 #hd2 #tl #IH * #H1 #H2 #lbl #pc #map #H 
 cases(bind_inversion ????? H) -H #map1 * #EQmap1 normalize nodelta #H 
@@ -683 +674 @@
 qed.
 
-definition terminated_trace : ∀S : abstract_status.∀s1,s3 : S.raw_trace … s1 s3 → Prop ≝ 
-λS,s1,s3,t.∃s2: S.∃t1 : raw_trace … s1 s2.∃ l,prf.t = t1 @ (t_ind ? s2 s3 s3 l prf … (t_base … s3))
-∧ is_costlabelled_act l ∧ pre_measurable_trace … t1. 
+definition terminated_trace : ∀p : label_params.∀S : abstract_status p.∀s1,s3 : S.raw_trace … s1 s3 → Prop ≝ 
+λp,S,s1,s3,t.∃s2: S.∃t1 : raw_trace … s1 s2.∃ l,prf.t = t1 @ (t_ind p ? s2 s3 s3 l prf … (t_base … s3))
+∧ is_costlabelled_act … l ∧ pre_measurable_trace … t1. 
 
 definition big_op: ∀M: monoid. list M → M ≝
@@ -716 +707 @@
 qed.
 
-lemma monotonicity_of_block_cost : ∀p,prog,abs_t,instr_m,pc,size,k.
-block_cost p prog abs_t instr_m (Some ? pc) size = return k → 
+lemma monotonicity_of_block_cost : ∀p,l_p,prog,abs_t,instr_m,pc,size,k.
+block_cost p l_p prog abs_t instr_m (Some ? pc) size = return k → 
 ∀size'.size ≤ size' → 
-block_cost p prog abs_t instr_m (Some ? pc) size' = return k.
-#p #prog #abs_t #instr_m #pc #size lapply pc elim size
+block_cost p l_p prog abs_t instr_m (Some ? pc) size' = return k.
+#p #l_p #prog #abs_t #instr_m #pc #size lapply pc elim size
 [ #pc #k whd in ⊢ (??%% → ?); #EQ destruct]
 #n #IH #pc #k whd in ⊢ (??%% → ?); @eqb_elim
@@ -741 +732 @@
 qed.
 
-lemma step_emit : ∀p,p',prog,st1,st2,l,i.
-fetch p prog (pc … st1) = return i →
+lemma step_emit : ∀p,p',l_p,prog,st1,st2,l,i.
+fetch p l_p prog (pc … st1) = return i →
 eval_vmstate p p' … prog st1 = return 〈l,st2〉 →  
 emits_labels … i = None ? → ∃x.
-match l in ActionLabel return λ_:ActionLabel.(list CostLabel) with 
-[call_act f c ⇒ [a_call c]
+match l in ActionLabel return λ_: (ActionLabel l_p).(list (CostLabel l_p)) with 
+[call_act f c ⇒ [a_call … c]
 |ret_act x ⇒ 
-   match x with [None⇒[]|Some c⇒[a_return_post c]]
+   match x with [None⇒[]|Some c⇒[a_return_post … c]]
 |cost_act x ⇒
-   match x with [None⇒[]|Some c⇒[a_non_functional_label c]]
+   match x with [None⇒[]|Some c⇒[a_non_functional_label … c]]
 ] = [x] ∧ 
- (mem … 〈x,pc … st2〉 (labels_pc p (instructions … prog) (call_label_fun … prog) (return_label_fun … prog) (in_act … prog) O)).
-#p #p' #prog #st1 #st2 #l #i #EQi whd in match eval_vmstate; normalize nodelta
+ (mem … 〈x,pc … st2〉 (labels_pc p l_p (instructions … prog) (call_label_fun … prog) (return_label_fun … prog) (in_act … prog) O)).
+#p #p' #l_p #prog #st1 #st2 #l #i #EQi whd in match eval_vmstate; normalize nodelta
 >EQi >m_return_bind normalize nodelta cases i in EQi; -i normalize nodelta
 [ #seq * [|#lab]
@@ -775 +766 @@
 qed.
 
-lemma step_non_emit : ∀p,p',prog,st1,st2,l,i,f.
-fetch p prog (pc … st1) = return i →
+lemma step_non_emit : ∀p,p',l_p,prog,st1,st2,l,i,f.
+fetch p l_p prog (pc … st1) = return i →
 eval_vmstate p p' … prog st1 = return 〈l,st2〉 →  
 emits_labels … i = Some ? f → 
-match l in ActionLabel return λ_:ActionLabel.(list CostLabel) with 
-[call_act f c ⇒ [a_call c]
+match l in ActionLabel return λ_: (ActionLabel l_p).(list (CostLabel l_p)) with 
+[call_act f c ⇒ [a_call … c]
 |ret_act x ⇒ 
-   match x with [None⇒[]|Some c⇒[a_return_post c]]
+   match x with [None⇒[]|Some c⇒[a_return_post … c]]
 |cost_act x ⇒
-   match x with [None⇒[]|Some c⇒[a_non_functional_label c]]
+   match x with [None⇒[]|Some c⇒[a_non_functional_label … c]]
 ] = [ ] ∧ pc … st2 = f (pc … st1).
-#p #p' #prog #st1 #st2 #l #i #f #EQi whd in match eval_vmstate; normalize nodelta
+#p #p' #l_p #prog #st1 #st2 #l #i #f #EQi whd in match eval_vmstate; normalize nodelta
 >EQi >m_return_bind normalize nodelta cases i in EQi; -i normalize nodelta
 [ #seq * [|#lab]
@@ -807 +798 @@
 
 lemma labels_of_trace_are_in_code :
-∀p,p',prog.∀st1,st2 : vm_ass_state p p'.∀t : raw_trace (asm_operational_semantics p p' prog) … st1 st2.
+∀p,p',l_p,prog.∀st1,st2 : vm_ass_state p p'.∀t : raw_trace … (asm_operational_semantics p l_p p' prog) … st1 st2.
 ∀lbl.
 mem … lbl (get_costlabels_of_trace … t) → 
-mem … lbl (map … \fst … (labels_pc … (instructions p prog) (call_label_fun … prog) (return_label_fun … prog) (in_act … prog) O)).
-#p #p' #prog #st1 #st2 #t elim t
+mem … lbl (map … \fst … (labels_pc … (instructions p … prog) (call_label_fun … prog) (return_label_fun … prog) (in_act … prog) O)).
+#p #p' #l_p #prog #st1 #st2 #t elim t
 [ #st #lbl *
 | #st1 #st2 #st3 #l whd in ⊢ (% → ?);
@@ -862 +853 @@
 
 
-lemma tbase_tind_append : ∀S : abstract_status.∀st1,st2,st3.∀t : raw_trace … st1 st2.
+lemma tbase_tind_append : ∀p : label_params.∀S : abstract_status p.∀st1,st2,st3 : S.∀t : raw_trace … st1 st2.
 ∀l,prf.∀t'.
-t_base … st1 = t @ t_ind S st2 st3 st1 l prf t' → False.
-#S #st1 #st2 #st3 * 
+t_base … st1 = t @ t_ind … S st2 st3 st1 l prf t' → False.
+#p #S #st1 #st2 #st3 * 
 [ #st #l #prf  #t' normalize #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct ]
 #s1 #s2 #s3 #l1 #prf1 #t2 #l2 #prf2 #t3 normalize #EQ lapply(eq_to_jmeq ??? EQ) -EQ #EQ destruct
@@ -893 +884 @@
 *)
 
-lemma get_cost_label_of_trace_tind : ∀S : abstract_status.
+lemma get_cost_label_of_trace_tind : ∀p. ∀S : abstract_status p.
 ∀st1,st2,st3 : S.∀l,prf,t.
 get_costlabels_of_trace … (t_ind … st1 st2 st3 l prf t) = 
-actionlabel_to_costlabel l @ get_costlabels_of_trace … t.
-#S #st1 #st2 #st3 * // qed.
+actionlabel_to_costlabel … l @ get_costlabels_of_trace … t.
+#p #S #st1 #st2 #st3 * // qed.
 
 lemma actionlabel_ok :
- ∀l : ActionLabel.
-  is_costlabelled_act l → ∃c.actionlabel_to_costlabel l = [c].
-* /2/ * /2/ *
-qed.
-
-lemma i_act_in_map :  ∀p,prog,iact,l1,l2.
-mem ? 〈a_non_functional_label iact,O〉 (labels_pc p prog l1 l2 iact O).
-#p #instr #iact #l1 #l2 generalize in match O in ⊢ (???%); elim instr 
+ ∀p.∀l : ActionLabel p.
+  is_costlabelled_act … l → ∃c.actionlabel_to_costlabel … l = [c].
+#p * /2/ * /2/ *
+qed.
+
+lemma i_act_in_map :  ∀p,l_p,prog,iact,l1,l2.
+mem ? 〈a_non_functional_label l_p iact,O〉 (labels_pc p l_p prog l1 l2 iact O).
+#p #l_p #instr #iact #l1 #l2 generalize in match O in ⊢ (???%); elim instr 
 [ normalize /2/] #i #xs #IH #m whd in match (labels_pc ???);
 @mem_append_l2 @IH
@@ -916 +907 @@
 lemma static_dynamic_inv :
 (* Given an assembly program *)
-∀p,p',prog.
+∀p,p',l_p,prog.
 
 (* Given an abstraction interpretation framework for the program *)
-∀R: asm_abstract_interpretation p p' prog.
+∀R: asm_abstract_interpretation p p' l_p prog.
 
 (* If the static analysis does not fail *)
@@ -925 +916 @@
 
 (* For every pre_measurable, terminated trace *)
-∀st1,st2. ∀t: raw_trace (asm_operational_semantics … prog) … st1 st2.
+∀st1,st2. ∀t: raw_trace l_p (asm_operational_semantics … prog) … st1 st2.
  terminated_trace … t →
 
@@ -933 +924 @@
 (* Let k be the statically computed abstract action of the prefix of the trace
    up to the first label *)
-∀k.block_cost p prog … (instr_map … R) (get_pc … st1 (endmain … prog)) (S (|(instructions … prog)|)) = return k →
+∀k.block_cost p … prog … (instr_map … R) (get_pc … st1 (endmain … prog)) (S (|(instructions … prog)|)) = return k →
 
 (* Let abs_actions be the list of statically computed abstract actions
@@ -954 +945 @@
     @(proj2 … (static_analisys_ok … EQmap … Hmem))
 ]
-#p #p' #prog #R #mT #map1 #EQmap #st1 #st2 #t * #st3 * #t1 *
+#p #p' #l_p #prog #R #mT #map1 #EQmap #st1 #st2 #t * #st3 * #t1 *
 #l1 * #prf1 ** #EQ destruct #Hlabelled
 >(rewrite_in_dependent_map ??? (get_costlabels_of_trace … t1))
@@ -1002 +993 @@
     whd in match (dependent_map ????); #costs #EQ destruct #a1 #good_st_a1
     >neutral_r >act_neutral
-    lapply(instr_map_ok R … (refl …) good_st_a1)
+    lapply(instr_map_ok … l_p … R … (refl …) good_st_a1)
     [1,7,13,19,25,31,37: whd in ⊢ (??%%); @eqb_elim normalize nodelta
       [1,3,5,7,9,11,13: #EQ cases(absurd ? EQ Hpc) ] #_ whd in match fetch_state;
@@ -1009 +1000 @@
         | >EQfetch in ⊢ (??%?); | >EQfetch in ⊢ (??%?); | >EQfetch in ⊢ (??%?);
         | >EQfetch in ⊢ (??%?); ] %
-      |3,9,15,21,27,33,39: skip |*: try assumption // ]]]
+      |3,9,15,21,27,33,39: skip |*: try assumption #H @H] ]]
 | -st1 * [3: #st1] #st3 #st4 #l [3: *] cases st3 -st3
   [1,2,4,5: * #H1 #H2 #tl #_ #l1 #exe @⊥ lapply tl -tl lapply(refl ? (FINAL p p'))
@@ -1040 +1031 @@
   [2: cases(static_analisys_ok … c … (pc … st3) … EQmap) // #EQ #_ <EQ whd in match (big_op ??);
       >neutral_l assumption
-   |3,6: [ >neutral_r] lapply(instr_map_ok R … (refl …) good_a1) 
+   |3,6: [ >neutral_r] lapply(instr_map_ok … l_p … R … (refl …) good_a1) 
        [1,7: whd in ⊢ (??%?); @eqb_elim
          [1,3: #ABS cases(absurd ? ABS Hpc) ] #_ normalize nodelta whd in match fetch_state;
@@ -1078 +1069 @@
       [2: lapply EQpc_st3 @eqb_elim [2: #_ #EQ destruct] #EQ #_ >EQ @i_act_in_map ]
       #EQ #_ <EQ whd in match (big_op ??); >neutral_l assumption
-   |  lapply(instr_map_ok R … (refl …) good_a1) 
+   |  lapply(instr_map_ok … l_p …  R … (refl …) good_a1) 
      [1: % | assumption |*:] normalize in ⊢ (% → ?); #H @H
    ]
@@ -1094 +1085 @@
 qed. *)
 
-lemma execute_mem_label_pc :∀p,p',prog.∀st0,st1 :vm_state p p'.∀l1,c1.
-actionlabel_to_costlabel l1 = [c1] → 
-vmstep p p' prog l1 st0 st1 → 
+lemma execute_mem_label_pc :∀p,p',l_p,prog.∀st0,st1 :vm_state p p'.∀l1,c1.
+actionlabel_to_costlabel l_p l1 = [c1] → 
+vmstep p p' l_p prog l1 st0 st1 → 
  mem … 〈c1,pc p p' st1〉
   (labels_pc … (instructions … prog) (call_label_fun … prog)
    (return_label_fun … prog) (in_act … prog) O). 
-#p #p' #prog #st0 #st1 #l1 #c1 #EQc1 #H lapply(vm_step_to_eval … H) -H
+#p #p' #l_p #prog #st0 #st1 #l1 #c1 #EQc1 #H lapply(vm_step_to_eval … H) -H
 #H cases(bind_inversion ????? H); #i * #EQi #Hi cases(step_emit … EQi H)
 [ #c2 whd in match actionlabel_to_costlabel in EQc1; normalize nodelta in EQc1;
@@ -1124 +1115 @@
 include "Simulation.ma".
 
-lemma sub_trace_premeasurable_l1 : ∀p,p',prog.
-∀s1,s2,s3. ∀t1: raw_trace (asm_operational_semantics p p' prog) … s1 s2.
-∀t2 : raw_trace (asm_operational_semantics p p' prog) … s2 s3.
+lemma sub_trace_premeasurable_l1 : ∀p,p',l_p,prog.
+∀s1,s2,s3. ∀t1: raw_trace l_p (asm_operational_semantics p l_p p' prog) … s1 s2.
+∀t2 : raw_trace l_p (asm_operational_semantics p l_p p' prog) … s2 s3.
 pre_measurable_trace … (t1 @ t2) → 
 pre_measurable_trace … t1.
-#p #p' #prog #s1 #s2 #s3 #t1 lapply s3 -s3 elim t1
-[ #st #st3 #t2 whd in ⊢ (????% → ?); #H %1 @(head_of_premeasurable_is_not_io … H) ]
+#p #p' #l_p #prog #s1 #s2 #s3 #t1 lapply s3 -s3 elim t1
+[ #st #st3 #t2 whd in ⊢ (?????% → ?); #H %1 @(head_of_premeasurable_is_not_io … H) ]
 #st1 #st2 #st3 #l #exe #tl #IH #st4 #t2 #H inversion H in ⊢ ?;
 [ #st #class #EQ1 #EQ2 #EQ3 #EQ4 destruct whd in EQ3 : (??%?%); destruct
@@ -1144 +1135 @@
 qed.
 
-lemma sub_trace_premeasurable_l2 : ∀p,p',prog.
-∀s1,s2,s3. ∀t1: raw_trace (asm_operational_semantics p p' prog) … s1 s2.
-∀t2 : raw_trace (asm_operational_semantics p p' prog) … s2 s3.
+lemma sub_trace_premeasurable_l2 : ∀p,p',l_p,prog.
+∀s1,s2,s3. ∀t1: raw_trace l_p (asm_operational_semantics p l_p p' prog) … s1 s2.
+∀t2 : raw_trace l_p (asm_operational_semantics p l_p p' prog) … s2 s3.
 pre_measurable_trace … (t1 @ t2) → 
 pre_measurable_trace … t2.
-#p #p' #prog #s1 #s2 #s3 #t1 lapply s3 -s3 elim t1
-[ #st #st3 #t2 whd in ⊢ (????% → ?); #H @H ]
+#p #p' #l_p #prog #s1 #s2 #s3 #t1 lapply s3 -s3 elim t1
+[ #st #st3 #t2 whd in ⊢ (?????% → ?); #H @H ]
 #st1 #st2 #st3 #l #exe #tl #IH #st4 #t2 #H inversion H in ⊢ ?;
 [ #st #class #EQ1 #EQ2 #EQ3 #EQ4 destruct whd in EQ3 : (??%?%); destruct
@@ -1168 +1159 @@
 theorem static_dynamic :
 (* Given an assembly program *)
-∀p,p',prog.
+∀p,p',l_p,prog.
 
 (* Given an abstraction interpretation framework for the program *)
-∀R: asm_abstract_interpretation p p' prog.
+∀R: asm_abstract_interpretation p p' l_p prog.
 
 (* If the static analysis does not fail *)
@@ -1178 +1169 @@
 (* For every measurable trace whose second state is st1 or, equivalently,
    whose first state after the initial labelled transition is st1 *)
-∀si,s1,s2,sn. ∀t: raw_trace (asm_operational_semantics … prog) … si sn.
+∀si,s1,s2,sn. ∀t: raw_trace l_p (asm_operational_semantics … prog) … si sn.
  measurable … s1 s2 … t →
 
@@ -1203 +1194 @@
     @(proj2 … (static_analisys_ok … EQmap … Hmem))
 ]
-#p #p' #prog #R #mT #map1 #EQmap #si #s1 #s2 #sn #t #measurable
+#p #p' #l_p #prog #R #mT #map1 #EQmap #si #s1 #s2 #sn #t #measurable
 cases measurable #s0 * #s3 * #ti0 * #t13 * #t2n* #l1 * #l2 * #prf1 * #prf2
 ******* #pre_t13 #EQ destruct #Hl1 #Hl2 #Hcall_l2 #sil_ti0 #sil_t2n #Hcall_l1

LTS/costs.ma

@@ -13 +13 @@
 (**************************************************************************)
 
+include "basics/types.ma".
+include "basics/deqsets.ma".
 include "Traces.ma".
 
-record monoid: Type[1] ≝
- { carrier :> DeqSet
- ; op: carrier → carrier → carrier
- ; e: carrier
- ; neutral_r : ∀x. op … x e = x
- ; neutral_l : ∀x. op … e x = x
- ; is_associative: ∀x,y,z. op … (op … x y) z = op … x (op … y z)
- }.
- 
-record monoid_action (I : monoid) (M : Type[0]) : Type[0] ≝ 
-{ act :2> I → M → M
-; act_neutral : ∀x.act (e …) x = x
-; act_op : ∀i,j,x.act (op … i j) x = act j (act i x)
-}.
-
-record concrete_transition_sys : Type[2] ≝ 
-{ trans_sys :> abstract_status
+record concrete_transition_sys (p : label_params) : Type[2] ≝ 
+{ trans_sys :> abstract_status p
 }.
 
@@ -43 +30 @@
 interpretation "act_abs" 'sem f x = (act ?? (act_abs ?) f x).
 
-record galois_rel (C : concrete_transition_sys) 
+record galois_rel (p : label_params) 
+                   (C : concrete_transition_sys p) 
                    (A : abstract_transition_sys) : Type[0] ≝ 
 { rel_galois :2> C → A → Prop
 }.
 
-record galois_connection : Type[2] ≝ 
-{ concr : concrete_transition_sys
+record galois_connection (p : label_params) : Type[2] ≝ 
+{ concr : concrete_transition_sys p
 ; abs_d : abstract_transition_sys
-; galois_rel:> galois_rel concr abs_d
+; galois_rel:> galois_rel p concr abs_d
 }.
 
-record abstract_interpretation : Type[2] ≝
-{ galois_conn:> galois_connection
+record abstract_interpretation (p : label_params) : Type[2] ≝
+{ galois_conn:> galois_connection p
 ; instr_t : Type[0]
-; fetch : concr galois_conn → option instr_t
-; instr_map : instr_t → abs_instr … (abs_d galois_conn)
+; fetch : concr … galois_conn → option instr_t
+; instr_map : instr_t → abs_instr … (abs_d … galois_conn)
 ; instr_map_ok :
    ∀s,s': concr … galois_conn. ∀a: abs_d … galois_conn.∀l,i.