Changeset 891 for src

Timestamp:

Jun 7, 2011, 4:53:53 PM (10 years ago)

Author:

campbell

Message:

Revise proofs affected by recent matita change.

Location:

src

Files:

• ASM/BitVectorZ.ma (modified) (1 diff)
• Clight/Cexec.ma (modified) (1 diff)
• Clight/CexecComplete.ma (modified) (3 diffs)
• Clight/CexecEquiv.ma (modified) (19 diffs)
• Clight/CexecSound.ma (modified) (5 diffs)
• Clight/TypeComparison.ma (modified) (8 diffs)
• common/Mem.ma (modified) (1 diff)
• common/Smallstep.ma (modified) (1 diff)
• common/Values.ma (modified) (2 diffs)
• utilities/binary/Z.ma (modified) (8 diffs)
• utilities/binary/positive.ma (modified) (1 diff)
• utilities/extralib.ma (modified) (2 diffs)

src/ASM/BitVectorZ.ma

@@ -84 +84 @@
     | #q #H change with ((succ one)+ (p0 p') ≤ (p0 q))
       >p0_times2 >(p0_times2 q)
+      change with (succ one * succ p' ≤ succ one * q) 
       @monotonic_le_times_r @IH
       @le_S_S_to_le @H

src/Clight/Cexec.ma

@@ -344 +344 @@
 ] qed.
 
-definition is_Sskip : ∀s:statement. (s = Sskip) + (s ≠ Sskip) ≝
-λs.match s return λs'.(s' = Sskip) + (s' ≠ Sskip) with
+definition is_Sskip : ∀s:statement. (s = Sskip) ⊎ (s ≠ Sskip) ≝
+λs.match s return λs'.(s' = Sskip) ⊎ (s' ≠ Sskip) with
 [ Sskip ⇒ inl ?? (refl ??)
 | _ ⇒ inr ?? (nmk ? (λH.?))

src/Clight/CexecComplete.ma

@@ -167 +167 @@
 | #e #ty #l #off #v #tr #H1 #H2 @(lvalue_expr … H1)
     [ #id | #e' | #e' #id ] #H3
-    whd in ⊢ (??%?);
+    whd in ⊢ (??%?)
+    [ change in H3:(??%?) with (exec_lvalue' ge env m (Evar id) ty)
+    | change in H3:(??%?) with (exec_lvalue' ge env m (Ederef e') ty)
+    | change in H3:(??%?) with (exec_lvalue' ge env m (Efield e' id) ty)
+    ]
     >(yields_eq ??? H3)
-    whd in ⊢ (??%?); >H2 @refl
+    whd in ⊢ (??%?) change in H2:(??%?) with (load_value_of_type' ty m 〈l,off〉)
+    >H2 @refl
 | #e #ty #r #l #pc #off #tr #H1 #H2 whd in ⊢ (??%?);
     >(yields_eq ??? H2) whd in ⊢ (??%?)
@@ -352 +357 @@
 #ge #s #tr #s' #H elim H;
 [ #f #e #e1 #k #e2 #m #loc #ofs #v #m' #tr1 #tr2 #H1 #H2 #H3 whd in ⊢ (??%?);
-    >(yields_eq ??? (lvalue_complete … H1)) whd in ⊢ (??%?);
-    >(yields_eq ??? (expr_complete … H2)) whd in ⊢ (??%?);
+    >(yields_eq ??? (lvalue_complete … H1)) whd in ⊢ (??%?)
+    >(yields_eq ??? (expr_complete … H2)) whd in ⊢ (??%?)
+    change in H3:(??%?) with (store_value_of_type' (typeof e) m 〈loc,ofs〉 v)
     >H3 @refl
 | #f #e #eargs #k #ef #m #vf #vargs #f' #tr1 #tr2 #H1 #H2 #H3 #H4 whd in ⊢ (??%?);
@@ -443 +449 @@
     @refl
 | #v #f #env #k #m @refl
-| #v #f #env #k #m1 #m2 #loc #ofs #ty #H whd in ⊢ (??%?);
-    >H @refl
+| #v #f #env #k #m1 #m2 #loc #ofs #ty
+    change in ⊢ (??%? → ?) with (store_value_of_type' ty m1 〈loc,ofs〉 v)
+    #H whd in ⊢ (??%?) >H @refl
 | #f #l #s #k #env #m @refl
 ] qed.

src/Clight/CexecEquiv.ma

@@ -52 +52 @@
  (∀r. final_state s r → P (Some ? r)) →
  ((¬∃r.final_state s r) → P (None ?)) →
-P (is_final ?? clight_exec s).
-#s #P #F #NF lapply (refl ? (is_final ?? clight_exec s))
-cases (is_final ?? clight_exec s) in ⊢ (???% → %)
-[ #E @NF % * #r #H > (is_final_complete … H) in E #H destruct
+P (is_final s).
+#s #P #F #NF lapply (refl ? (is_final s))
+cases (is_final s) in ⊢ (???% → %)
+[ #E @NF % * #r #H whd in E:(??%?) > (is_final_complete … H) in E #H destruct
 | #r #E @F @is_final_sound @E
 ] qed.
+
+lemma is_final_elim': ∀s.∀P:option int → Type[0].
+ (∀r. final_state s r → P (Some ? r)) →
+ ((¬∃r.final_state s r) → P (None ?)) →
+P (is_final io_out io_in clight_fullexec s).
+@is_final_elim qed.
 
 lemma exec_e_step: ∀ge,x,tr,s,e.
@@ -66 +72 @@
 [ #o #k #EXEC whd in EXEC:(??%?); destruct
 | #y cases y #tr' #s' whd in ⊢ (??%? → ?)
-  @is_final_elim 
+  @is_final_elim'
   [ #r #FINAL | #FINAL ]
   #EXEC whd in EXEC:(??%?); destruct @refl
@@ -79 +85 @@
 [ #o #k #EXEC whd in EXEC:(??%?); destruct
 | #y cases y; #tr' #s' whd in ⊢ (??%? → ?);
-  @is_final_elim
+  @is_final_elim'
   [ #r ] #FINAL #EXEC whd in EXEC:(??%?);
   destruct @refl
@@ -92 +98 @@
 [ #o #k #EXEC whd in EXEC:(??%?); destruct
 | #y cases y; #tr' #s' whd in ⊢ (??%? → ?)
-  @is_final_elim [ #r ] #F #EXEC whd in EXEC:(??%?); destruct @F
+  @is_final_elim' [ #r ] #F #EXEC whd in EXEC:(??%?); destruct @F
 | #msg #EXEC whd in EXEC:(??%?); destruct
 ] qed.
@@ -143 +149 @@
         ]
     | #x cases x; #tr' #s' >(exec_inf_aux_unfold …)
-        whd in ⊢ (??%? → ?); @is_final_elim
+        whd in ⊢ (??%? → ?); @is_final_elim'
         [ #r ] #F #E whd in E:(??%?); destruct
     | #msg >(exec_inf_aux_unfold …)
@@ -170 +176 @@
             [ #o2 #k2 #E whd in E:(??%?); destruct (E)
             | #x cases x; #tr2 #s2 whd in ⊢ (??%? → ?);
-                @is_final_elim
+                lapply (is_final_elim s2) #IFE whd in IFE:(∀_. ? → ? → ?%)
+                @IFE
                 [ #r' #FINAL #E whd in E:(??%?);
                     destruct (E);
@@ -184 +191 @@
        ]
    | #x cases x; #tr #s whd in ⊢ (??%? → ?);
-       @is_final_elim [ #r ] #F #E whd in E:(??%?); destruct (E)
+       @is_final_elim' [ #r ] #F #E whd in E:(??%?); destruct (E)
    | #msg #E whd in E:(??%?); destruct (E)
    ]
@@ -281 +288 @@
     [ #o #k #EXEC' whd in EXEC':(??%?); destruct (EXEC');
     | #x cases x; #tr'' #s' whd in ⊢ (??%? → ?);
-        @is_final_elim [ #r'' #FINAL | #F ]
+        @is_final_elim' [ #r'' #FINAL | #F ]
         #EXEC' whd in EXEC':(??%?); destruct (EXEC');
     | #msg #EXEC' whd in EXEC':(??%?); destruct (EXEC');
@@ -299 +306 @@
 >(exec_inf_aux_unfold …) cases x;
 [ #o #k #EXEC whd in EXEC:(??%?); destruct;
-| #z cases z; #tr' #s' whd in ⊢ (??%? → ?); @is_final_elim
+| #z cases z; #tr' #s' whd in ⊢ (??%? → ?); @is_final_elim'
   [ #r' #FINAL cases FINAL; #r'' #m' #EXEC whd in EXEC:(??%?);
       destruct (EXEC); @refl
@@ -365 +372 @@
     cases (exec_step ge s);
   [ #o #k #msg' #EXEC whd in EXEC:(??%?); destruct
-  | #x cases x; #tr #s' #msg' whd in ⊢ (??%? → ?) @is_final_elim
+  | #x cases x; #tr #s' #msg' whd in ⊢ (??%? → ?) @is_final_elim'
       [ #r ] #F #EXEC whd in EXEC:(??%?); destruct
   | #msg1 #msg2 #EXEC #E whd in EXEC:(??%?); destruct @refl
@@ -381 +388 @@
     cases (exec_step ge s);
     [ #o #k #EXEC whd in EXEC:(??%?); destruct
-    | #x cases x; #tr1 #s1 whd in ⊢ (??%? → ?) @is_final_elim
+    | #x cases x; #tr1 #s1 whd in ⊢ (??%? → ?) @is_final_elim'
         [ #r ] #F #E whd in E:(??%?); destruct @F
     | #msg #E whd in E:(??%?); destruct
@@ -409 +416 @@
             [ #o2 #k2 #EXECK whd in EXECK:(??%?); destruct
             | #x cases x; #tr2 #s2 whd in ⊢ (??%? → ?);
-                @is_final_elim [ #r ] #F #EXECK
+                lapply (is_final_elim s2) #IFE whd in IFE:(∀_. ? → ? → ?%)
+                @IFE [ #r ] #F #EXECK
                 whd in EXECK:(??%?); destruct;
                 @(absurd ?? F)
@@ -419 +427 @@
         ]
     | #x cases x; #tr1 #s1 whd in ⊢ (??%? → ?);
-        @is_final_elim [ #r ] #F #E whd in E:(??%?); destruct;
+        @is_final_elim' [ #r ] #F #E whd in E:(??%?); destruct;
     | #msg #E whd in E:(??%?); destruct
     ]
@@ -707 +715 @@
     ]
 | #x cases x; #tr' #s'' #H whd in ⊢ (?%? → ?)
-    @is_final_elim [ #r ] #F #E whd in E:(?%?);
+    @is_final_elim' [ #r ] #F #E whd in E:(?%?);
     inversion E;
     [ 1,5: #tr1 #e1 #m1 #E1 #E2 destruct
@@ -898 +906 @@
                 #F #S whd in S:(?%?); cases (se_inv … S);
             | #x cases x; #tr' #s' whd in ⊢ (?%? → ?)
-                @is_final_elim [ #r ] #F #S whd in S:(?%?);
+                @is_final_elim' [ #r ] #F #S whd in S:(?%?);
                 cases (se_inv … S);
             | #msg #S cases (se_inv … S);
@@ -915 +923 @@
                 #F #S whd in S:(?%?); cases (se_inv … S);
             | #x cases x; #tr' #s' whd in ⊢ (?%? → ?)
-                @is_final_elim [ #r ] #F #S whd in S:(?%?);
+                @is_final_elim' [ #r ] #F #S whd in S:(?%?);
                 cases (se_inv … S);
             | #msg #S cases (se_inv … S);
@@ -995 +1003 @@
   ∃e'.e = e_step ??? E0 s e'.
 #ge #s #e >(exec_inf_aux_unfold …)
-whd in ⊢ (??%? → ?) @is_final_elim
+whd in ⊢ (??%? → ?) @is_final_elim'
 [ #r #FINAL #EXEC #NOTFINAL
     @False_ind @(absurd ?? NOTFINAL)
@@ -1009 +1017 @@
 #classic #constructive_indefinite_description #p #e
 whd in ⊢ (?%? → ??(λ_.?(?%?)%));
-lapply (make_initial_state_sound p);
-lapply (the_initial_state p);
-cases (make_initial_state p);
+lapply (make_initial_state_sound p)
+lapply (the_initial_state p)
+whd in ⊢ (? → ? → ?(match % with [_ ⇒ ? | _ ⇒ ?])? → ?)
+cases (make_initial_state p)
 [ #gs cases gs; #ge #s #INITIAL' #INITIAL whd in INITIAL ⊢ (?%? → ?);
     cases INITIAL; #Ege #INITIAL''
-    >(exec_inf_aux_unfold …)
+    >exec_inf_aux_unfold
     whd in ⊢ (?%? → ?)
-    @is_final_elim
+    @is_final_elim'
     [ #r #F @False_ind
         @(absurd ?? (initial_state_not_final … INITIAL''))
@@ -1025 +1034 @@
     lapply (behavior_of_execution ??
               (execution_characterisation_complete classic constructive_indefinite_description ge s ? EXEC'));
-        *; #b #MATCHES %{b} % //;
+        *; #b #MATCHES %{b} % [ @MATCHES ]
         #ge' >Ege #Ege' >(?:ge' = ge) [ 2: destruct (Ege') skip (INITIAL Ege EXEC0 EXEC'); // ]
         inversion MATCHES;

src/Clight/CexecSound.ma

@@ -3 +3 @@
 (*include "Plogic/connectives.ma".*)
 
+(* Is rather careful about using destruct because it currently uses excessive
+   normalization. *)
 lemma exec_bool_of_val_sound: ∀v,ty,r.
  exec_bool_of_val v ty = OK ? r → bool_of_val v ty (of_bool r).
 #v #ty #r
 cases v; [ | #i | #f | #r1 | #r' #b #pc #of ]
-cases ty; [ 2,11,20,29,38: #sz #sg | 3,12,21,30,39: #sz | 4,13,22,31,40: #r #ty | 5,14,23,32,41: #r #ty #n | 6,15,24,33,42: #args #rty | 7,8,16,17,25,26,34,35,43,44: #id #fs | 9,18,27,36,45: #r #id ]
-#H whd in H:(??%?); destruct;
-[ lapply (eq_spec i zero); elim (eq i zero);
-  [ #e >e @bool_of_val_false //;
-  | #ne (* XXX hack due to destruct's normalize *) lapply (bool_of_val_true (Vint i) (Tint sz sg)) normalize #H @H /2/;
-  ]
-| elim (eq_dec f Fzero);
-  [ #e >e >(Feq_zero_true …) @bool_of_val_false //;
-  | #ne >(Feq_zero_false …) //; (* XXX hack due to destruct's normalize *) lapply (bool_of_val_true (Vfloat f) (Tfloat sz)) normalize #H @H /2/;
-  ]
-| @bool_of_val_false //
-| (* XXX hack due to destruct's normalize *) lapply (bool_of_val_true (Vptr r' b pc of) (Tpointer r ty)) normalize #H @H //
+cases ty; [ 2,11,20,29,38: #sz #sg | 3,12,21,30,39: #sz | 4,13,22,31,40: #rg #ty | 5,14,23,32,41: #r #ty #n | 6,15,24,33,42: #args #rty | 7,8,16,17,25,26,34,35,43,44: #id #fs | 9,18,27,36,45: #r #id ]
+#H whd in H:(??%?);
+[ 2: lapply (eq_spec i zero) cases (eq i zero) in H ⊢ %
+  [ #E1 #E2 destruct @bool_of_val_false @is_false_int
+  | #E1 #E2 >(?:r=¬false) [ @bool_of_val_true @is_true_int_int @E2 | destruct @refl ]
+  ]
+| 8: cases (eq_dec f Fzero)
+  [ #e >e in H ⊢ % >Feq_zero_true #E destruct @bool_of_val_false @is_false_float
+  | #ne >Feq_zero_false in H // #E >(?:r=¬false) [ @bool_of_val_true @is_true_float @ne | destruct @refl ] 
+  ]
+| 14: >(?:r=false) [ @bool_of_val_false @is_false_pointer | destruct @refl ]
+| 15: >(?:r=true) [ @bool_of_val_true @is_true_pointer_pointer | destruct @refl ]
+| *: destruct
 ] qed.
 
@@ -197 +200 @@
     >Hv in He #He
     @eval_Ederef [ 3: @He | *: skip ]
-| #ty #e'' #ty'' #He'' @bind2_OK #x cases x #loc #ofs #tr #H
-  cases ty // *#pty
+| #ty #e'' #ty'' #He'' @bind2_OK * #loc #ofs #tr #H
+  cases ty // * #pty
   cases loc in H ⊢ % * #loc' #H
   whd try @I
-  @eval_Eaddrof >H in He'' #He'' @He''
+  @eval_Eaddrof whd in H:(??%?) >H in He'' #He'' @He''
 | #ty #op #e1 #He1 @bind2_OK #v1 #tr #Hv1
     @opt_bind_OK #v #ev
@@ -221 +224 @@
     @bind_OK #b
     cases b; #eb lapply (exec_bool_of_val_sound … eb); #Hb
-    @bind2_OK #v #tr #Hv
+    @bind2_OK #v #tr #Hv whd in Hv:(??%?)
     [ >Hv in He2 #He2 whd in He2 Hv:(??%?) ⊢%;
         @(eval_Econdition_true … He1 ? He2) @(bool_of ??? Hb)
@@ -248 +251 @@
 | #ty #e' #ty' #i cases ty'; //;
     [ #id #fs #He' @bind2_OK #x cases x; #sp #l #ofs #H
-        @bind_OK #delta #Hdelta >H in He' #He'
+        @bind_OK #delta #Hdelta whd in H:(??%?) >H in He' #He'
         @(eval_Efield_struct …  He' (refl ??) Hdelta)
-    | #id #fs #He' @bind2_OK #x cases x; #sp #l #ofs #H
+    | #id #fs #He' @bind2_OK #x cases x; #sp #l #ofs #H whd in H:(??%?)
         >H in He' #He'
         @(eval_Efield_union … He' (refl ??))
@@ -300 +303 @@
 cases (exec_lvalue ge en m e) in ⊢ (???% → %);
 [ #x cases x #y cases y #loc #off #tr #H whd cases loc in H ⊢ % #locr #loci #H
-    @(addrof_eval_lvalue … locr … (Tpointer locr Tvoid)) [ /2/ ]
+    @(addrof_eval_lvalue … locr … (Tpointer locr Tvoid)) [ @same_compat ]
     lapply (addrof_exec_lvalue … H) #H'
     lapply (exec_expr_sound ge en m (Expr (Eaddrof e) (Tpointer locr Tvoid)))

src/Clight/TypeComparison.ma

@@ -16 +16 @@
 
 let rec type_eq_dec (t1,t2:type) : Sum (t1 = t2) (t1 ≠ t2) ≝
-match t1 return λt'. (t' = t2) + (t' ≠ t2) with
-[ Tvoid ⇒ match t2 return λt'. (Tvoid = t') + (Tvoid ≠ t') with [ Tvoid ⇒ inl ?? (refl ??) | _ ⇒ inr ?? (nmk ? (λH.?)) ]
-| Tint sz sg ⇒ match t2 return λt'. (Tint ?? = t') + (Tint ?? ≠ t')  with [ Tint sz' sg' ⇒
+match t1 return λt'. Sum (t' = t2) (t' ≠ t2) with
+[ Tvoid ⇒ match t2 return λt'. Sum (Tvoid = t') (Tvoid ≠ t') with [ Tvoid ⇒ inl ?? (refl ??) | _ ⇒ inr ?? (nmk ? (λH.?)) ]
+| Tint sz sg ⇒ match t2 return λt'. Sum (Tint ?? = t') (Tint ?? ≠ t')  with [ Tint sz' sg' ⇒
     match sz_eq_dec sz sz' with [ inl e1 ⇒
     match sg_eq_dec sg sg' with [ inl e2 ⇒ inl ???
@@ -24 +24 @@
     | inr e ⇒ inr ?? (nmk ? (λH.match e with [ nmk e' ⇒ e' ? ])) ]
     | _ ⇒ inr ?? (nmk ? (λH.?)) ]
-| Tfloat f ⇒ match t2 return λt'. (Tfloat ? = t') + (Tfloat ? ≠ t')  with [ Tfloat f' ⇒
+| Tfloat f ⇒ match t2 return λt'. Sum (Tfloat ? = t') (Tfloat ? ≠ t')  with [ Tfloat f' ⇒
     match fs_eq_dec f f' with [ inl e1 ⇒ inl ???
     | inr e ⇒ inr ?? (nmk ? (λH.match e with [ nmk e' ⇒ e' ? ])) ]
     | _ ⇒ inr ?? (nmk ? (λH.?)) ]
-| Tpointer s t ⇒ match t2 return λt'. (Tpointer ?? = t') + (Tpointer ?? ≠ t')  with [ Tpointer s' t' ⇒
+| Tpointer s t ⇒ match t2 return λt'. Sum (Tpointer ?? = t') (Tpointer ?? ≠ t')  with [ Tpointer s' t' ⇒
     match eq_region_dec s s' with [ inl e1 ⇒
       match type_eq_dec t t' with [ inl e2 ⇒ inl ??? 
       | inr e2 ⇒ inr ?? (nmk ? (λH.match e2 with [ nmk e' ⇒ e' ? ])) ] 
     | inr e1 ⇒ inr ?? (nmk ? (λH.match e1 with [ nmk e' ⇒ e' ? ])) ] | _ ⇒ inr ?? (nmk ? (λH.?)) ]
-| Tarray s t n ⇒ match t2 return λt'. (Tarray ??? = t') + (Tarray ??? ≠ t')  with [ Tarray s' t' n' ⇒
+| Tarray s t n ⇒ match t2 return λt'. Sum (Tarray ??? = t') (Tarray ??? ≠ t')  with [ Tarray s' t' n' ⇒
     match eq_region_dec s s' with [ inl e1 ⇒
       match type_eq_dec t t' with [ inl e2 ⇒
@@ -41 +41 @@
         | inr e ⇒ inr ?? (nmk ? (λH.match e with [ nmk e' ⇒ e' ? ])) ]
         | _ ⇒ inr ?? (nmk ? (λH.?)) ]
-| Tfunction tl t ⇒ match t2 return λt'. (Tfunction ?? = t') + (Tfunction ?? ≠ t')  with [ Tfunction tl' t' ⇒
+| Tfunction tl t ⇒ match t2 return λt'. Sum (Tfunction ?? = t') (Tfunction ?? ≠ t')  with [ Tfunction tl' t' ⇒
     match typelist_eq_dec tl tl' with [ inl e1 ⇒ 
     match type_eq_dec t t' with [ inl e2 ⇒ inl ???
@@ -48 +48 @@
   | _ ⇒ inr ?? (nmk ? (λH.?)) ]
 | Tstruct i fl ⇒
-    match t2 return λt'. (Tstruct ?? = t') + (Tstruct ?? ≠ t')  with [ Tstruct i' fl' ⇒
+    match t2 return λt'. Sum (Tstruct ?? = t') (Tstruct ?? ≠ t')  with [ Tstruct i' fl' ⇒
     match ident_eq i i' with [ inl e1 ⇒
     match fieldlist_eq_dec fl fl' with [ inl e2 ⇒ inl ???
@@ -55 +55 @@
     | _ ⇒ inr ?? (nmk ? (λH.?)) ]
 | Tunion i fl ⇒
-    match t2 return λt'. (Tunion ?? = t') + (Tunion ?? ≠ t')  with [ Tunion i' fl' ⇒
+    match t2 return λt'. Sum (Tunion ?? = t') (Tunion ?? ≠ t')  with [ Tunion i' fl' ⇒
     match ident_eq i i' with [ inl e1 ⇒
     match fieldlist_eq_dec fl fl' with [ inl e2 ⇒ inl ???
@@ -61 +61 @@
     | inr e ⇒ inr ?? (nmk ? (λH.match e with [ nmk e' ⇒ e' ? ])) ]
     |  _ ⇒ inr ?? (nmk ? (λH.?)) ]
-| Tcomp_ptr r i ⇒ match t2 return λt'. (Tcomp_ptr ? ? = t') + (Tcomp_ptr ? ? ≠ t')  with [ Tcomp_ptr r' i' ⇒ 
+| Tcomp_ptr r i ⇒ match t2 return λt'. Sum (Tcomp_ptr ? ? = t') (Tcomp_ptr ? ? ≠ t')  with [ Tcomp_ptr r' i' ⇒ 
     match eq_region_dec r r' with [ inl e1 ⇒
       match ident_eq i i' with [ inl e2 ⇒ inl ???
@@ -68 +68 @@
     | _ ⇒ inr ?? (nmk ? (λH.?)) ]
 ]
-and typelist_eq_dec (tl1,tl2:typelist) : (tl1 = tl2) + (tl1 ≠ tl2) ≝
-match tl1 return λtl'. (tl' = tl2) + (tl' ≠ tl2) with
-[ Tnil ⇒ match tl2 return λtl'. (Tnil = tl') + (Tnil ≠ tl') with [ Tnil ⇒ inl ?? (refl ??) | _ ⇒ inr ?? (nmk ? (λH.?)) ]
-| Tcons t1 ts1 ⇒ match tl2 return λtl'. (Tcons ?? = tl') + (Tcons ?? ≠ tl') with [ Tnil ⇒ inr ?? (nmk ? (λH.?)) | Tcons t2 ts2 ⇒ 
+and typelist_eq_dec (tl1,tl2:typelist) : Sum (tl1 = tl2) (tl1 ≠ tl2) ≝
+match tl1 return λtl'. Sum (tl' = tl2) (tl' ≠ tl2) with
+[ Tnil ⇒ match tl2 return λtl'. Sum (Tnil = tl') (Tnil ≠ tl') with [ Tnil ⇒ inl ?? (refl ??) | _ ⇒ inr ?? (nmk ? (λH.?)) ]
+| Tcons t1 ts1 ⇒ match tl2 return λtl'. Sum (Tcons ?? = tl') (Tcons ?? ≠ tl') with [ Tnil ⇒ inr ?? (nmk ? (λH.?)) | Tcons t2 ts2 ⇒ 
     match type_eq_dec t1 t2 with [ inl e1 ⇒
     match typelist_eq_dec ts1 ts2 with [ inl e2 ⇒ inl ???
@@ -77 +77 @@
     | inr e ⇒ inr ?? (nmk ? (λH.match e with [ nmk e' ⇒ e' ? ])) ] ]
 ]
-and fieldlist_eq_dec (fl1,fl2:fieldlist) : (fl1 = fl2) + (fl1 ≠ fl2) ≝
-match fl1 return λfl'. (fl' = fl2) + (fl' ≠ fl2) with
-[ Fnil ⇒ match fl2 return λfl'. (Fnil = fl') + (Fnil ≠ fl') with [ Fnil ⇒ inl ?? (refl ??) | _ ⇒ inr ?? (nmk ? (λH.?)) ]
-| Fcons i1 t1 fs1 ⇒ match fl2 return λfl'. (Fcons ??? = fl') + (Fcons ??? ≠ fl') with [ Fnil ⇒ inr ?? (nmk ? (λH.?)) | Fcons i2 t2 fs2 ⇒ 
+and fieldlist_eq_dec (fl1,fl2:fieldlist) : Sum (fl1 = fl2) (fl1 ≠ fl2) ≝
+match fl1 return λfl'. Sum (fl' = fl2) (fl' ≠ fl2) with
+[ Fnil ⇒ match fl2 return λfl'. Sum (Fnil = fl') (Fnil ≠ fl') with [ Fnil ⇒ inl ?? (refl ??) | _ ⇒ inr ?? (nmk ? (λH.?)) ]
+| Fcons i1 t1 fs1 ⇒ match fl2 return λfl'. Sum (Fcons ??? = fl') (Fcons ??? ≠ fl') with [ Fnil ⇒ inr ?? (nmk ? (λH.?)) | Fcons i2 t2 fs2 ⇒ 
     match ident_eq i1 i2 with [ inl e1 ⇒
       match type_eq_dec t1 t2 with [ inl e2 ⇒

src/common/Mem.ma

@@ -66 +66 @@
   ∀A: Type[0]. ∀x: block. ∀v: A. ∀f: block -> A.
   update_block … x v f x = v.
-#A * * #ix #v #f whd in ⊢ (??%?);
->(eqZb_z_z …) //;
+#A * * #ix #v #f whd in ⊢ (??%?)
+>eq_block_b_b //
 qed.
 

src/common/Smallstep.ma

@@ -133 +133 @@
 #tr #ge #s1 #t1 #s2 #t2 #s3 #t3 #Hstar #Hstep #e1 inversion Hstar;
 [ #s2' #e2 #e3 #e4 destruct; @plus_one //;
-| #s1' #t1' #s1'' #t1'' #s2' #t2' #H1 #H2 #e2 #foo #e3 #e4 #e5 destruct;
-    >(Eapp_assoc …) @(plus_left … H1)
+| #s1' #t1' #s1'' #t1'' #s2' #t2' #H1 #H2 #e2 #foo #e3 #e4 #e5
+    >e1 >e4 >e2 >Eapp_assoc destruct @(plus_left … H1)
     [ 2: @(star_right … H2 Hstep) //;
     | skip;

src/common/Values.ma

@@ -64 +64 @@
 | @H2 % #E destruct elim H3 /2/
 ] qed.
+
+lemma eq_block_b_b : ∀b. eq_block b b = true.
+* * #z whd in ⊢ (??%?) >eqZb_z_z @refl
+qed.
 
 (* Characterise the memory regions which the pointer representations can
@@ -1225 +1229 @@
 lemma sign_ext_lessdef:
   ∀n,v1,v2. Val_lessdef v1 v2 → Val_lessdef (sign_ext n v1) (sign_ext n v2).
-#n #v1 #v2 #H inversion H;//;#v #e1 #e2 <e1 in H >e2 //;
+#n #v1 #v2 #H inversion H // #v #e1 #e2 whd in ⊢ (?%?) //
 qed.
 (*

src/utilities/binary/Z.ma

@@ -333 +333 @@
 |#n cases y;
    [@nmk #H elim (not_eq_OZ_pos n);#H2 /2/;
-   |#m @eqb_elim
+   |#m normalize @eqb_elim
       [//
       | * #H % #H' @H @(match H' return λx.λ_.n=match x with [pos m ⇒ m | neg m ⇒ m | OZ ⇒ one ] with [refl ⇒ ?]) //
@@ -341 +341 @@
    [@nmk #H elim (not_eq_OZ_neg n);#H /2/;
    |#m @nmk #H destruct
-   |#m @eqb_elim
+   |#m normalize @eqb_elim
       [//
       | * #H % #H' @H @(match H' return λx.λ_.n=match x with [pos m ⇒ m | neg m ⇒ m | OZ ⇒ one ] with [refl ⇒ ?]) //
@@ -458 +458 @@
 
 theorem sym_Zplus : ∀x,y:Z. x+y = y+x.
-#x #y cases x;
-[>(Zplus_z_OZ ?) (*XXX*) //
+#x #y cases x
+[>Zplus_z_OZ //
 |#p cases y
    [//
-   |normalize;//
-   |#q normalize;>(pos_compare_n_m_m_n ??) (*XXX*)
+   |//
+   |#q whd in ⊢ (??%%) >pos_compare_n_m_m_n
       cases (pos_compare q p);//]
 |#p cases y
    [//;
-   |#q normalize;>(pos_compare_n_m_m_n ??) (*XXX*)
+   |#q whd in ⊢ (??%%) >pos_compare_n_m_m_n
       cases (pos_compare q p);//
    |normalize;//]
@@ -503 +503 @@
   ∀n,m. (pos n)+(neg m) = (Zsucc (pos n))+(Zpred (neg m)).
 #n #m
-normalize;
+whd in ⊢ (??%%) 
 <(pos_compare_S_S …)
->(partialminus_S_S …)
->(partialminus_S_S …) //;
+>(minus_S_S …)
+>(minus_S_S …) //;
 qed.
 
@@ -521 +521 @@
 #n #m @(pos_cases … n) @(pos_cases … m)
 [ //;
-| #m' >(Zpred_pos_succ …)
-    >(?:pos (succ m') = Zsucc (pos m')) //;
-| #m' normalize; >(pos_compare_S_one …) normalize;
-    >(partial_minus_S_one …) normalize; >(pos_nonzero …)
-    <(pred_succ_n …) //;
-| #m' #n' normalize; <(pos_compare_S_S …)
-    >(partialminus_S_S …)
-    >(partialminus_S_S …)
-    >(pos_nonzero …)
-    >(pos_nonzero …)
-    <(pred_succ_n …)
-    <(pred_succ_n …)
+| #m' >Zpred_pos_succ
+    change in ⊢ (??(??%)?) with (Zsucc (pos m'))
+    <Zpred_Zplus_neg_O >Zpred_Zsucc @refl
+| #m' whd in ⊢ (??%%) >pos_compare_S_one normalize;
+    >partial_minus_S_one normalize; >pos_nonzero
+    <pred_succ_n //
+| #m' #n' whd in ⊢ (??%%) <pos_compare_S_S
+    >minus_S_S
+    >minus_S_S normalize
+    >pos_nonzero
+    >pos_nonzero
+    <pred_succ_n
+    <pred_succ_n
     normalize; //;
 ] qed. 
@@ -600 +601 @@
 
 lemma neg_pos_succ: ∀n,m:Pos. neg (succ n) + pos (succ m) = neg n + pos m.
-#n #m normalize; <(pos_compare_S_S …)
->(partialminus_S_S …)
->(partialminus_S_S …)
+#n #m whd in ⊢ (??%%) <pos_compare_S_S
+>minus_S_S >minus_S_S
  //; qed.
 
@@ -676 +676 @@
 #x #y cases x
 [cases y;//
-|*:#n cases y;//;#m normalize;@pos_compare_elim normalize;//]
+|*:#n cases y;//;#m whd in ⊢ (??(?%)%) @pos_compare_elim normalize;//]
 qed.
 
@@ -686 +686 @@
 #x cases x
 [//
-|*:#n normalize;>(pos_compare_n_n ?) //]
+|*:#n whd in ⊢ (??%?) >pos_compare_n_n //]
 qed.
 

src/utilities/binary/positive.ma

@@ -1095 +1095 @@
   [ LT ⇒ n < m
   | EQ ⇒ n = m
-  | GT ⇒ m < n ]) ?????) (* FIXME: don't want to put all these ?, especially when … does not work! *)
+  | GT ⇒ m < n ]))
 [1,2:@pos_cases
   [ 1,3: /2/;
   | 2,4: #m' cases m'; //;
   ]
-|#n1 #m1 normalize;<(pos_compare_S_S …) cases (pos_compare n1 m1);
-   [1,3:normalize;#IH @le_succ_succ //;
-   |normalize;#IH >IH //]
+|#n1 #m1 <pos_compare_S_S cases (pos_compare n1 m1)
+   [1,3: #IH @le_succ_succ //
+   | #IH >IH //
+   ]
+]
 qed.
 

src/utilities/extralib.ma

@@ -119 +119 @@
 
 lemma Zmax_l: ∀x,y. x ≤ Zmax x y.
-#x #y whd in ⊢ (??%); lapply (Z_compare_to_Prop x y); cases (Z_compare x y);
-/3/; cases x; /3/; qed.
+#x #y whd in ⊢ (??%) lapply (Z_compare_to_Prop x y) cases (Z_compare x y)
+/3/ whd in ⊢ (% → ??%) /3/ qed.
 
 lemma Zmax_r: ∀x,y. y ≤ Zmax x y.
-#x #y whd in ⊢ (??%); lapply (Z_compare_to_Prop x y); cases (Z_compare x y);
-cases x; /3/; qed.
+#x #y whd in ⊢ (??%) lapply (Z_compare_to_Prop x y) cases (Z_compare x y)
+whd in ⊢ (% → ??%) /3/ qed.
 
 theorem Zle_to_Zlt: ∀x,y:Z. x ≤ y → Zpred x < y.
@@ -327 +327 @@
   ∀A:Type[0]. ∀l1,l2:list A.
     l1 @ l2 = [] → l1 = [] ∧ l2 = [].
-#A #l1 #l2 cases l1;
-[ cases l2;
+#A #l1 #l2 cases l1
+[ cases l2
   [ /2/
-  | #h #t #H destruct;
-  ]
-| cases l2;
-  [ normalize; #h #t #H destruct;
-  | normalize; #h1 #t1 #h2 #h3 #H destruct;
+  | normalize #h #t #H destruct
+  ]
+| cases l2
+  [ normalize #h #t #H destruct
+  | normalize #h1 #t1 #h2 #h3 #H destruct
   ]
 ] qed.