diff --git a/MSetFoldWithAbort.v b/MSetFoldWithAbort.v index 18dbc49..145290f 100644 --- a/MSetFoldWithAbort.v +++ b/MSetFoldWithAbort.v @@ -29,7 +29,7 @@ Require Export MSetInterface. -Require Import ssreflect. +Require Import mathcomp.ssreflect.ssreflect. Require Import MSetWithDups. Require Import Int. Require Import MSetGenTree MSetAVL MSetRBT. @@ -861,7 +861,7 @@ End SetsWithFoldA. (** *** GenTree implementation Finally, provide such a fold with abort operation for generic trees. *) Module MakeGenTreeFoldA (Import E : OrderedType) (Import I:InfoTyp) - (Import Raw:Ops E I) + (Import Raw: MSetGenTree.Ops E I) (M : MSetGenTree.Props E I Raw). Fixpoint foldWithAbort_Raw {A B: Type} (f_pre : E.t -> B) f_lt (f: E.t -> B -> A -> A) f_gt t (base: A) : A := @@ -926,7 +926,7 @@ Module MakeGenTreeFoldA (Import E : OrderedType) (Import I:InfoTyp) M.bst l /\ M.bst r /\ M.lt_tree e l /\ M.gt_tree e r. { inversion H_bst. done. } - + have H_sub_l : (forall e0 : E.t, M.In e0 l -> M.In e0 s /\ E.lt e0 e). { intros e0 H_in_l. split; last by apply H_lt_tree_l. @@ -934,7 +934,7 @@ Module MakeGenTreeFoldA (Import E : OrderedType) (Import I:InfoTyp) rewrite /M.In M.In_node_iff. tauto. } - move : (IHl H_bst_l) => {IHl} IHl {H_bst_l} {H_lt_tree_l}. + move : (IHl H_bst_l) => {} IHl {H_bst_l} {H_lt_tree_l}. have H_sub_r : (forall e0 : E.t, M.In e0 r -> M.In e0 s /\ E.lt e e0). { intros e0 H_in_r. split; last by apply H_gt_tree_r. @@ -942,7 +942,7 @@ Module MakeGenTreeFoldA (Import E : OrderedType) (Import I:InfoTyp) rewrite /M.In M.In_node_iff. tauto. } - move : (IHr H_bst_r) => {IHr} IHr {H_bst_r} {H_gt_tree_r}. + move : (IHr H_bst_r) => {} IHr {H_bst_r} {H_gt_tree_r}. have H_in_e : M.In e s. { eapply H_sub. rewrite /M.In M.In_node_iff. diff --git a/MSetIntervals.v b/MSetIntervals.v index 03ec64e..4a28c26 100644 --- a/MSetIntervals.v +++ b/MSetIntervals.v @@ -19,10 +19,18 @@ * If not, see . *) +(* CHANGES + * + * 25-09-2016 Thomas Tuerk + * implement union, inter, diff, subset, choose efficiently + * 03-10-2016 Thomas Tuerk + * implement fold, exists_, for_all, filter, partition efficiently + *) + (** * Weak sets implemented by interval lists - This file contains an implementation of the weak set interface - [WSetsOn] which uses internally intervals of Z. This allows some + This file contains an implementation of the set interface + [SetsOn] which uses internally intervals of Z. This allows some large sets, which naturally map to intervals of integers to be represented very efficiently. @@ -34,10 +42,11 @@ Require Import MSetInterface OrdersFacts OrdersLists. Require Import BinNat. -Require Import ssreflect. +Require Import mathcomp.ssreflect.ssreflect. Require Import NArith. Require Import ZArith. Require Import NOrder. +Require Import Lia. Require Import DecidableTypeEx. Module Import NOP := NOrderProp N. Open Scope Z_scope. @@ -56,6 +65,44 @@ Proof. apply N2Z.is_nonneg. Qed. +Lemma Z_lt_add_r : forall (z : Z) (n : N), + (n <> 0)%N -> + z < z + Z.of_N n. +Proof. + move => z n H_neq_0. + suff : (z + Z.of_N 0 < z + Z.of_N n). { + rewrite Z.add_0_r //. + } + apply Z.add_lt_mono_l, N2Z.inj_lt. + by apply N.neq_0_lt_0. +Qed. + +Lemma Z_lt_le_add_r : forall y1 y2 c, + y1 < y2 -> + y1 <= y2 + Z.of_N c. +Proof. + intros y1 y2 c H. + apply Z.le_trans with (m := y2). { + by apply Z.lt_le_incl. + } { + apply Z_le_add_r. + } +Qed. + +Lemma Z_to_N_minus_neq_0 : forall (x y : Z), + y < x -> + Z.to_N (x - y) <> 0%N. +Proof. + intros x y H_y_lt. + apply N.neq_0_lt_0. + apply N2Z.inj_lt. + suff H : 0 < x - y. { + rewrite Z2N.id => //. + by apply Z.lt_le_incl. + } + by apply Z.lt_0_sub. +Qed. + Lemma add_add_sub_eq : forall (x y : Z), (x + (y - x) = y). Proof. intros x y. @@ -142,7 +189,7 @@ Qed. provides encode and decode function. *) Module Type ElementEncode. - Declare Module E : DecidableType. + Declare Module E : OrderedType. Parameter encode : E.t -> Z. Parameter decode : Z -> E.t. @@ -158,6 +205,10 @@ Module Type ElementEncode. Axiom encode_eq : forall (e1 e2 : E.t), (Z.eq (encode e1) (encode e2)) <-> E.eq e1 e2. + (** Encoding is compatible with the order of elements. *) + Axiom encode_lt : forall (e1 e2 : E.t), + (Z.lt (encode e1) (encode e2)) <-> E.lt e1 e2. + End ElementEncode. @@ -182,7 +233,7 @@ End ElementEncode. the decode function when checking it. This allows for sets with other element types than Z. *) -Module Ops (Enc : ElementEncode) <: WOps Enc.E. +Module Ops (Enc : ElementEncode) <: Ops Enc.E. Definition elt := Enc.E.t. Definition t := list (Z * N). @@ -190,7 +241,7 @@ Module Ops (Enc : ElementEncode) <: WOps Enc.E. Definition empty : t := nil. Definition is_empty (l : t) := match l with nil => true | _ => false end. - + (** Defining the list of elements, is much more tricky, especially, if it needs to be executable. *) Lemma acc_pred : forall n p, n = Npos p -> Acc N.lt n -> Acc N.lt (N.pred n). @@ -201,31 +252,34 @@ Module Ops (Enc : ElementEncode) <: WOps Enc.E. apply N.lt_pred_l. discriminate. Defined. - - Fixpoint elementsZ_aux'' (acc : list Z) (x : Z) (c : N) (H : Acc N.lt c) { struct H } : list Z := - match c as c0 return c = c0 -> list Z with - | N0 => fun _ => acc - | c => fun Heq => elementsZ_aux'' (x::acc) (Z.succ x) (N.pred c) (acc_pred _ _ Heq H) + + Fixpoint fold_elementsZ_aux {A} (f : A -> Z -> option A) (acc : A) (x : Z) (c : N) (H : Acc N.lt c) { struct H } : (bool * A) := + match c as c0 return c = c0 -> (bool * A) with + | N0 => fun _ => (false, acc) + | c => fun Heq => match (f acc x) with + | None => (true, acc) + | Some acc' => + fold_elementsZ_aux f acc' (Z.succ x) (N.pred c) (acc_pred _ _ Heq H) end end (refl_equal _). - Extraction Inline elementsZ_aux''. - - Definition elementsZ_aux' acc x c := elementsZ_aux'' acc x c (lt_wf_0 _). + Definition fold_elementsZ_single {A} f (acc : A) x c := fold_elementsZ_aux f acc x c (lt_wf_0 _). - Fixpoint elementsZ_aux acc (s : t) : list Z := + Fixpoint fold_elementsZ {A} f (acc : A) (s : t) : (bool * A) := match s with - | nil => acc - | (x, c) :: s' => - elementsZ_aux (elementsZ_aux' acc x c) s' + | nil => (false, acc) + | (x, c) :: s' => + match fold_elementsZ_single f acc x c with + (false, acc') => fold_elementsZ f acc' s' + | (true, acc') => (true, acc') + end end. Definition elementsZ (s : t) : list Z := - elementsZ_aux nil s. + snd (fold_elementsZ (fun l x => Some (x :: l)) nil s). Definition elements (s : t) : list elt := rev_map Enc.decode (elementsZ s). - - + (** membership is easily defined *) Fixpoint memZ (x : Z) (s : t) := match s with @@ -238,34 +292,108 @@ Module Ops (Enc : ElementEncode) <: WOps Enc.E. Definition mem (x : elt) (s : t) := memZ (Enc.encode x) s. + (** Comparing intervals *) + Inductive interval_compare_result := + ICR_before + | ICR_before_touch + | ICR_overlap_before + | ICR_overlap_after + | ICR_equal + | ICR_subsume_1 + | ICR_subsume_2 + | ICR_after + | ICR_after_touch. + + Definition interval_compare (i1 i2 : (Z * N)) : interval_compare_result := + match (i1, i2) with ((y1, c1), (y2, c2)) => + let yc2 := (y2+Z.of_N c2) in + match (Z.compare yc2 y1) with + | Lt => ICR_after + | Eq => ICR_after_touch + | Gt => let yc1 := (y1+Z.of_N c1) in + match (Z.compare yc1 y2) with + | Lt => ICR_before + | Eq => ICR_before_touch + | Gt => (* y2 < y1+c1 /\ y1 < y2 + c2 *) + match (Z.compare y1 y2, Z.compare yc1 yc2) with + | (Lt, Lt) => ICR_overlap_before + | (Lt, _) => ICR_subsume_2 + | (Eq, Lt) => ICR_subsume_1 + | (Eq, Gt) => ICR_subsume_2 + | (Eq, Eq) => ICR_equal + | (Gt, Gt) => ICR_overlap_after + | (Gt, _) => ICR_subsume_1 + end + end + end + end. + + Definition interval_1_compare (y1 : Z) (i : (Z * N)) : interval_compare_result := + match i with (y2, c2) => + let yc2 := (y2+Z.of_N c2) in + match (Z.compare yc2 y1) with + | Lt => ICR_after + | Eq => ICR_after_touch + | Gt => match (Z.compare (Z.succ y1) y2) with + | Lt => ICR_before + | Eq => ICR_before_touch + | Gt => ICR_subsume_1 + end + end + end. + + Fixpoint compare (s1 s2 : t) := + match (s1, s2) with + | (nil, nil) => Eq + | (nil, _ :: _) => Lt + | (_ :: _, nil) => Gt + | ((y1, c1)::s1', (y2, c2)::s2') => + match (Z.compare y1 y2) with + | Lt => Lt + | Gt => Gt + | Eq => match N.compare c1 c2 with + | Lt => Lt + | Gt => Gt + | Eq => compare s1' s2' + end + end + end. + + (** Auxiliary functions for inserting at front and merging intervals *) + Definition merge_interval_size (x1 : Z) (c1 : N) (x2 : Z) (c2 : N) : N := + (N.max c1 (Z.to_N (x2 + Z.of_N c2 - x1))). + + Fixpoint insert_interval_begin (x : Z) (c : N) (l : t) := + match l with + | nil => (x,c)::nil + | (y, c')::l' => + match (Z.compare (x + Z.of_N c) y) with + | Lt => (x, c) :: l + | Eq => (x, (c+c')%N) :: l' + | Gt => insert_interval_begin x (merge_interval_size x c y c') l' + end + end. + (** adding an element needs to be defined carefully again in order to generate efficient code *) Fixpoint addZ_aux (acc : list (Z * N)) (x : Z) (s : t) := match s with | nil => List.rev' ((x, (1%N))::acc) | (y, c) :: l => - match (Z.compare (Z.succ x) y) with - | Lt => List.rev_append ((x, (1%N))::acc) s - | Eq => List.rev_append ((x, N.succ c)::acc) l - | Gt => match (Z.compare x (y+Z.of_N c)) with - | Lt => List.rev_append acc s - | Gt => addZ_aux ((y,c) :: acc) x l - | Eq => match l with - | nil => List.rev' ((y, N.succ c)::acc) - | (z, c') :: l' => if (Z.eqb z (Z.succ x)) then - List.rev_append ((y,N.succ (c+c')) :: acc) l' - else - List.rev_append ((y,N.succ c) :: acc) l - end - end + match (interval_1_compare x (y,c)) with + | ICR_before => List.rev_append ((x, (1%N))::acc) s + | ICR_before_touch => List.rev_append ((x, N.succ c)::acc) l + | ICR_after => addZ_aux ((y,c) :: acc) x l + | ICR_after_touch => List.rev_append acc (insert_interval_begin y (N.succ c) l) + | _ => List.rev_append ((y, c)::acc) l end end. Definition addZ x s := addZ_aux nil x s. Definition add x s := addZ (Enc.encode x) s. - (** [add_list] simple extension to add many elements, which then allows to - define from_elements. *) + (** [add_list] is a simple extension to add many elements. + This is used to define the function [from_elements]. *) Definition add_list (l : list elt) (s : t) : t := List.fold_left (fun s x => add x s) l s. @@ -279,7 +407,7 @@ Module Ops (Enc : ElementEncode) <: WOps Enc.E. (** removing needs to be done with code extraction in mind again. *) - Definition removeZ_aux_insert_guarded (x : Z) (c : N) s := + Definition insert_intervalZ_guarded (x : Z) (c : N) s := if (N.eqb c 0) then s else (x, c) :: s. Fixpoint removeZ_aux (acc : list (Z * N)) (x : Z) (s : t) : t := @@ -288,9 +416,9 @@ Module Ops (Enc : ElementEncode) <: WOps Enc.E. | (y, c) :: l => if (Z.ltb x y) then List.rev_append acc s else if (Z.ltb x (y+Z.of_N c)) then ( - List.rev_append (removeZ_aux_insert_guarded (Z.succ x) + List.rev_append (insert_intervalZ_guarded (Z.succ x) (Z.to_N ((y+Z.of_N c)- (Z.succ x))) - (removeZ_aux_insert_guarded y (Z.to_N (x-y)) acc)) l + (insert_intervalZ_guarded y (Z.to_N (x-y)) acc)) l ) else removeZ_aux ((y,c)::acc) x l end. @@ -300,42 +428,222 @@ Module Ops (Enc : ElementEncode) <: WOps Enc.E. Definition remove_list (l : list elt) (s : t) : t := List.fold_left (fun s x => remove x s) l s. - (** all other operations are defined trivially (if not always efficiently) - in terms of already defined ones. In the future it might be worth implementing - some of them more efficiently. *) - Definition union (s1 s2 : t) := - add_list (elements s1) s2. + (** union *) + Fixpoint union_aux (s1 : t) := + fix aux (s2 : t) (acc : list (Z * N)) := + match (s1, s2) with + | (nil, _) => List.rev_append acc s2 + | (_, nil) => List.rev_append acc s1 + | ((y1, c1) :: l1, (y2, c2) :: l2) => + match (interval_compare (y1, c1) (y2,c2)) with + | ICR_before => union_aux l1 s2 ((y1, c1)::acc) + | ICR_before_touch => + union_aux l1 ( + insert_interval_begin y1 ((c1+c2)%N) l2) acc + | ICR_after => aux l2 ((y2, c2)::acc) + | ICR_after_touch => union_aux l1 ( + insert_interval_begin y2 ((c1+c2)%N) l2) acc + | ICR_overlap_before => + union_aux l1 (insert_interval_begin y1 (merge_interval_size y1 c1 y2 c2) l2) acc + | ICR_overlap_after => + union_aux l1 (insert_interval_begin y2 (merge_interval_size y2 c2 y1 c1) l2) acc + | ICR_equal => union_aux l1 s2 acc + | ICR_subsume_1 => union_aux l1 s2 acc + | ICR_subsume_2 => aux l2 acc + end + end. + + Definition union s1 s2 := union_aux s1 s2 nil. + + (** diff *) - Definition filter (f : elt -> bool) (s : t) : t := - from_elements (List.filter f (elements s)). - Definition inter (s1 s2 : t) : t := - filter (fun x => mem x s2) s1. + Fixpoint diff_aux (y2 : Z) (c2 : N) (acc : list (Z * N)) (s : t) : (list (Z * N) * t) := + match s with + | nil => (acc, nil) + | ((y1, c1) :: l1) => + match (interval_compare (y1, c1) (y2,c2)) with + | ICR_before => diff_aux y2 c2 ((y1, c1)::acc) l1 + | ICR_before_touch => diff_aux y2 c2 ((y1, c1)::acc) l1 + | ICR_after => (acc, s) + | ICR_after_touch => (acc, s) + | ICR_overlap_before => diff_aux y2 c2 ((y1, Z.to_N (y2 - y1))::acc) l1 + | ICR_overlap_after => (acc, (y2+Z.of_N c2, Z.to_N ((y1 + Z.of_N c1) - (y2 + Z.of_N c2))) :: l1) + | ICR_equal => (acc, l1) + | ICR_subsume_1 => diff_aux y2 c2 acc l1 + | ICR_subsume_2 => ((insert_intervalZ_guarded y1 + (Z.to_N (y2 - y1)) acc), + insert_intervalZ_guarded (y2+Z.of_N c2) (Z.to_N ((y1 + Z.of_N c1) - (y2 + Z.of_N c2))) l1) + end + end. - Definition diff (s1 s2 : t) : t := - remove_list (elements s2) s1. + Fixpoint diff_aux2 (acc : list (Z * N)) (s1 s2 : t) : (list (Z * N)) := + match (s1, s2) with + | (nil, _) => rev_append acc s1 + | (_, nil) => rev_append acc s1 + | (_, (y2, c2) :: l2) => + match diff_aux y2 c2 acc s1 with + (acc', s1') => diff_aux2 acc' s1' l2 + end + end. - Definition subset s s' := - List.forallb (fun x => mem x s') (elements s). + Definition diff s1 s2 := diff_aux2 nil s1 s2. + + (** subset *) + Fixpoint subset (s1 : t) := + fix aux (s2 : t) := + match (s1, s2) with + | (nil, _) => true + | (_ :: _, nil) => false + | ((y1, c1) :: l1, (y2, c2) :: l2) => + match (interval_compare (y1, c1) (y2,c2)) with + | ICR_before => false + | ICR_before_touch => false + | ICR_after => aux l2 + | ICR_after_touch => false + | ICR_overlap_before => false + | ICR_overlap_after => false + | ICR_equal => subset l1 l2 + | ICR_subsume_1 => subset l1 s2 + | ICR_subsume_2 => false + end + end. + (** equal *) Fixpoint equal (s s' : t) : bool := match s, s' with | nil, nil => true | ((x,cx)::xs), ((y,cy)::ys) => andb (Z.eqb x y) (andb (N.eqb cx cy) (equal xs ys)) | _, _ => false end. + (** inter *) + Fixpoint inter_aux (y2 : Z) (c2 : N) (acc : list (Z * N)) (s : t) : (list (Z * N) * t) := + match s with + | nil => (acc, nil) + | ((y1, c1) :: l1) => + match (interval_compare (y1, c1) (y2,c2)) with + | ICR_before => inter_aux y2 c2 acc l1 + | ICR_before_touch => inter_aux y2 c2 acc l1 + | ICR_after => (acc, s) + | ICR_after_touch => (acc, s) + | ICR_overlap_before => inter_aux y2 c2 ((y2, Z.to_N (y1 + Z.of_N c1 - y2))::acc) l1 + | ICR_overlap_after => ((y1, Z.to_N (y2 + Z.of_N c2 - y1))::acc, s) + | ICR_equal => ((y1,c1)::acc, l1) + | ICR_subsume_1 => inter_aux y2 c2 ((y1, c1)::acc) l1 + | ICR_subsume_2 => ((y2, c2)::acc, s) + end + end. + + Fixpoint inter_aux2 (acc : list (Z * N)) (s1 s2 : t) : (list (Z * N)) := + match (s1, s2) with + | (nil, _) => List.rev' acc + | (_, nil) => List.rev' acc + | (_, (y2, c2) :: l2) => + match inter_aux y2 c2 acc s1 with + (acc', s1') => inter_aux2 acc' s1' l2 + end + end. + + Definition inter s1 s2 := inter_aux2 nil s1 s2. + + + (** Partition and filter *) + + Definition partitionZ_fold_insert + (cur : option (Z * N)) (x : Z) := + match cur with + None => (x, 1%N) + | Some (y, c) => (y, N.succ c) + end. + + Definition partitionZ_fold_skip (acc : list (Z * N)) + (cur : option (Z * N)) : (list (Z * N)) := + match cur with + None => acc + | Some yc => yc::acc + end. + + Definition partitionZ_fold_fun f st (x : Z) := + match st with ((acc_t, c_t), (acc_f, c_f)) => + if (f x) then + ((acc_t, Some (partitionZ_fold_insert c_t x)), + (partitionZ_fold_skip acc_f c_f, None)) + else + ((partitionZ_fold_skip acc_t c_t, None), + (acc_f, Some (partitionZ_fold_insert c_f x))) + end. + + Definition partitionZ_single_aux f st (x : Z) (c : N) := + snd (fold_elementsZ_single (fun st x => Some (partitionZ_fold_fun f st x)) st x c). + + Definition partitionZ_single f acc_t acc_f x c := + match partitionZ_single_aux f ((acc_t, None), (acc_f, None)) x c with + | ((acc_t, c_t), (acc_f, c_f)) => + (partitionZ_fold_skip acc_t c_t, + partitionZ_fold_skip acc_f c_f) + end. + + Fixpoint partitionZ_aux acc_t acc_f f s := + match s with + | nil => (List.rev acc_t, List.rev acc_f) + | (y, c) :: s' => + match partitionZ_single f acc_t acc_f y c with + | (acc_t', acc_f') => partitionZ_aux acc_t' acc_f' f s' + end + end. + + Definition partitionZ := partitionZ_aux nil nil. + + Definition partition (f : elt -> bool) : t -> (t * t) := + partitionZ (fun z => f (Enc.decode z)). + + + Definition filterZ_fold_fun f st (x : Z) := + match st with (acc_t, c_t) => + if (f x) then + (acc_t, Some (partitionZ_fold_insert c_t x)) + else + (partitionZ_fold_skip acc_t c_t, None) + end. + + Definition filterZ_single_aux f st (x : Z) (c : N) := + snd (fold_elementsZ_single (fun st x => Some (filterZ_fold_fun f st x)) st x c). + + Definition filterZ_single f acc x c := + match filterZ_single_aux f (acc, None) x c with + | (acc, c) => + (partitionZ_fold_skip acc c) + end. + + Fixpoint filterZ_aux acc f s := + match s with + | nil => (List.rev acc) + | (y, c) :: s' => + filterZ_aux (filterZ_single f acc y c) f s' + end. + + Definition filterZ := filterZ_aux nil. + + Definition filter (f : elt -> bool) : t -> t := + filterZ (fun z => f (Enc.decode z)). + + + (** Simple wrappers *) + Definition fold {B : Type} (f : elt -> B -> B) (s : t) (i : B) : B := - List.fold_left (flip f) (elements s) i. + snd (fold_elementsZ (fun b z => Some (f (Enc.decode z) b)) i s). Definition for_all (f : elt -> bool) (s : t) : bool := - List.forallb f (elements s). + snd (fold_elementsZ (fun b z => + if b then + Some (f (Enc.decode z)) + else None) true s). Definition exists_ (f : elt -> bool) (s : t) : bool := - List.existsb f (elements s). - - Definition partition (f : elt -> bool) (s : t) : t * t := - (filter f s, filter (fun x => negb (f x)) s). - + snd (fold_elementsZ (fun b z => + if b then + None + else Some (f (Enc.decode z))) false s). Fixpoint cardinalN c (s : t) : N := match s with | nil => c @@ -344,18 +652,33 @@ Module Ops (Enc : ElementEncode) <: WOps Enc.E. Definition cardinal (s : t) : nat := N.to_nat (cardinalN (0%N) s). - Definition chooseZ (s : t) : option Z := - match List.rev' (elementsZ s) with + Definition min_eltZ (s : t) : option Z := + match s with | nil => None - | x :: _ => Some x + | (x, _) :: _ => Some x + end. + + Definition min_elt (s : t) : option elt := + match (min_eltZ s) with + | None => None + | Some x => Some (Enc.decode x) end. - Definition choose (s : t) : option elt := - match elements s with - | nil => None - | e :: _ => Some e + Definition choose := min_elt. + + Fixpoint max_eltZ (s : t) : option Z := + match s with + | nil => None + | (x, c) :: nil => Some (Z.pred (x + Z.of_N c)) + | (x, _) :: s' => max_eltZ s' end. + Definition max_elt (s : t) : option elt := + match (max_eltZ s) with + | None => None + | Some x => Some (Enc.decode x) + end. + End Ops. @@ -370,31 +693,29 @@ Module Raw (Enc : ElementEncode). Include (Ops Enc). (** *** Defining invariant [IsOk] *) + Definition is_encoded_elems_list (l : list Z) : Prop := + (forall x, List.In x l -> exists e, Enc.encode e = x). - Definition inf (x:Z) (l: t) := - match l with - | nil => true - | (y,_)::_ => Z.ltb x y - end. + Definition interval_list_elements_greater (x : Z) (l : t) : bool := + match l with + | nil => true + | (y, _)::_ => Z.ltb x y + end. - Fixpoint isok (l : t) := + Fixpoint interval_list_invariant (l : t) := match l with | nil => true - | (x, c) ::l => inf (x+(Z.of_N c)) l && negb (N.eqb c 0) && isok l + | (x, c) :: l' => + interval_list_elements_greater (x + (Z.of_N c)) l' && negb (N.eqb c 0) && interval_list_invariant l' end. - Definition is_encoded_elems_list (l : list Z) : Prop := - (forall x, List.In x l -> exists e, Enc.encode e = x). - - Definition IsOk s := (isok s = true /\ is_encoded_elems_list (elementsZ s)). + Definition IsOk s := (interval_list_invariant s = true /\ is_encoded_elems_list (elementsZ s)). (** *** Defining notations *) Section ForNotations. Class Ok (s:t) : Prop := ok : IsOk s. - Hint Resolve @ok. - Hint Unfold Ok. Instance IsOk_Ok s `(Hs : IsOk s) : Ok s := { ok := Hs }. Definition In x s := (SetoidList.InA Enc.E.eq x (elements s)). @@ -453,7 +774,6 @@ Module Raw (Enc : ElementEncode). } Qed. - Lemma elementsZ_single_succ_front : forall x c, elementsZ_single x (N.succ c) = x :: elementsZ_single (Z.succ x) c. @@ -471,32 +791,23 @@ Module Raw (Enc : ElementEncode). induction c as [| c' IH] using N.peano_ind. { intros y x. rewrite elementsZ_single_base Z.add_0_r /=. - split; first done. - move => [H_x_le H_y_lt]. - have := Z.le_lt_trans _ _ _ H_x_le H_y_lt. - apply Z.lt_irrefl. + lia. } { intros y x. rewrite elementsZ_single_succ in_app_iff IH /= N2Z.inj_succ Z.add_succ_r Z.lt_succ_r. split. { - move => []. { - move => [H_x_le H_y_le]. - split; first done. - by apply Z.lt_le_incl. - } - move => [] // <-. - split. { - apply Z_le_add_r. + move => [ | []] //. { + move => [H_x_le H_y_le]. + lia. } { - by apply Z.le_refl. + move => <-. + split. + - by apply Z_le_add_r. + - by apply Z.le_refl. } } { move => [H_x_le] H_y_lt. - apply Z.lt_eq_cases in H_y_lt as [H_y_lt | <-]. { - by left. - } { - by right; left. - } + lia. } } Qed. @@ -506,13 +817,8 @@ Module Raw (Enc : ElementEncode). (x = y). Proof. intros y x. - rewrite In_elementsZ_single /= Z.add_1_r Z.lt_succ_r. - split. { - move => [? ?]. by apply Z.le_antisymm. - } { - move => ->. - split; apply Z.le_refl. - } + rewrite In_elementsZ_single /= Z.add_1_r Z.lt_succ_r. + lia. Qed. Lemma length_elementsZ_single : forall cx x, @@ -527,85 +833,181 @@ Module Raw (Enc : ElementEncode). } Qed. - Lemma elementsZ_aux''_irrel : forall c acc x H1 H2, - elementsZ_aux'' acc x c H1 = elementsZ_aux'' acc x c H2. + Lemma fold_elementsZ_aux_irrel {A} : + forall f c (acc : A) x H1 H2, + fold_elementsZ_aux f acc x c H1 = + fold_elementsZ_aux f acc x c H2. Proof. - intro c. - induction c using (well_founded_ind lt_wf_0). + intros f c. + induction c as [c IH] using (well_founded_ind lt_wf_0). case_eq c. { - intros H_c acc x; case; intro; case; intro. + intros H_c acc x; case; intro H_H1; case; intro H_H2. reflexivity. } { - intros p H_c acc x; case; intro; case; intro. - simpl. - apply H. + intros p H_c acc x; case; intro H_H1; case; intro H_H2. + unfold fold_elementsZ_aux; fold (@fold_elementsZ_aux A). + case (f acc x) => // acc'. + apply IH. rewrite H_c. - rewrite N.pos_pred_spec. apply N.lt_pred_l. discriminate. } Qed. - Lemma elementsZ_aux'_pos : forall s x p, - elementsZ_aux' s x (N.pos p) = elementsZ_aux' (x::s) (Z.succ x) (Pos.pred_N p). + Lemma fold_elementsZ_single_pos {A} : forall f (acc : A) x p, + fold_elementsZ_single f acc x (N.pos p) = + match f acc x with + | Some acc' => + fold_elementsZ_single f acc' (Z.succ x) + (N.pred (N.pos p)) + | None => (true, acc) + end. Proof. - intros s x p. - unfold elementsZ_aux'. - unfold elementsZ_aux''. + intros f acc x p. + unfold fold_elementsZ_single. + unfold fold_elementsZ_aux. case: (lt_wf_0 _). + fold (@fold_elementsZ_aux A). intro. - apply elementsZ_aux''_irrel. + case (f acc x) => // acc'. + apply fold_elementsZ_aux_irrel. Qed. - Lemma elementsZ_aux'_zero : forall s x, - elementsZ_aux' s x (0%N) = s. + Lemma fold_elementsZ_single_zero {A} : forall f (acc : A) x, + fold_elementsZ_single f acc x (0%N) = (false, acc). Proof. - intros s x. - unfold elementsZ_aux'. - by case (lt_wf_0 (0%N)); intro. + intros f acc x. + unfold fold_elementsZ_single. + case (lt_wf_0 (0%N)); intro. + unfold fold_elementsZ_aux. + reflexivity. Qed. - Lemma elementsZ_aux'_succ : forall s x c, - elementsZ_aux' s x (N.succ c) = elementsZ_aux' (x::s) (Z.succ x) c. + Lemma fold_elementsZ_single_succ {A} : forall f (acc : A) x c, + fold_elementsZ_single f acc x (N.succ c) = + match f acc x with + | Some acc' => + fold_elementsZ_single f acc' (Z.succ x) c + | None => (true, acc) + end. + Proof. + intros f acc x c. + case c. { + by rewrite fold_elementsZ_single_pos. + } { + intro p; simpl. + rewrite fold_elementsZ_single_pos. + case (f acc x) => // acc' /=. + by rewrite Pos.pred_N_succ. + } + Qed. + + Fixpoint fold_opt {A B} f (acc : A) (bs : list B) : (bool * A) := + match bs with + | nil => (false, acc) + | (b :: bs') => + match f acc b with + | Some acc' => fold_opt f acc' bs' + | None => (true, acc) + end + end. + + Lemma fold_opt_list_cons : forall {A} (bs : list A) (acc : list A), + fold_opt (fun l x => Some (x :: l)) acc bs = + (false, List.rev bs ++ acc). Proof. - intros s x c. - case c. - - by rewrite elementsZ_aux'_pos. - - intro p; simpl. - rewrite elementsZ_aux'_pos. - by rewrite Pos.pred_N_succ. + induction bs as [| b bs' IH] => acc. { + by simpl. + } { + rewrite /= IH -app_assoc //. + } Qed. + Lemma fold_opt_app {A B} : forall f (acc : A) (l1 l2 : list B), + fold_opt f acc (l1 ++ l2) = + (let (ab, acc') := fold_opt f acc l1 in + if ab then (true, acc') else fold_opt f acc' l2). + Proof. + intros f acc l1 l2. + move : acc. + induction l1 as [| b l1' IH] => acc. { + rewrite app_nil_l //. + } { + rewrite /=. + case (f acc b); last done. + intro acc'. + rewrite IH //. + } + Qed. - Lemma elementsZ_single_intro : forall c s x, - elementsZ_aux' s x c = - (List.rev (elementsZ_single x c)) ++ s. + + Lemma fold_elementsZ_single_alt_def {A} : forall f c (acc : A) x, + fold_elementsZ_single f acc x c = + fold_opt f acc (elementsZ_single x c). Proof. + intro f. induction c as [| c' IH] using N.peano_ind. { - intros s x. - rewrite elementsZ_aux'_zero. - rewrite elementsZ_single_base //. + intros acc x. + rewrite fold_elementsZ_single_zero + elementsZ_single_base /fold_opt //. } { - intros s x. - rewrite elementsZ_aux'_succ elementsZ_single_succ_front IH. - rewrite -app_assoc /= //. + intros acc x. + rewrite fold_elementsZ_single_succ + elementsZ_single_succ_front /=. + case (f acc x); last reflexivity. + intro acc'. + apply IH. } Qed. + Lemma fold_elementsZ_nil {A} : forall f (acc : A), + fold_elementsZ f acc nil = (false, acc). + Proof. done. Qed. - Lemma elementsZ_aux_alt_def : forall s acc, - elementsZ_aux acc s = elementsZ s ++ acc. + Lemma fold_elementsZ_cons {A} : forall f (acc : A) y c s, + fold_elementsZ f acc ((y, c)::s) = + (let (ab, acc') := fold_elementsZ_single f acc y c in + if ab then (true, acc') else fold_elementsZ f acc' s). Proof. - induction s as [| [x c] s' IH]. { - move => acc. - rewrite /elementsZ_aux elementsZ_nil app_nil_l //. + intros f acc y c s. + done. + Qed. + + + Lemma fold_elementsZ_alt_def_aux : forall (s : t) base, + (snd (fold_elementsZ + (fun (l : list Z) (x : Z) => Some (x :: l)) base s)) = + elementsZ s ++ base. + Proof. + induction s as [| [y1 c1] s' IH] => base. { + rewrite elementsZ_nil /fold_elementsZ /fold_opt /snd + app_nil_l //. + } { + rewrite /elementsZ !fold_elementsZ_cons. + rewrite !fold_elementsZ_single_alt_def !fold_opt_list_cons. + rewrite !IH app_nil_r app_assoc //. + } + Qed. + + + Lemma fold_elementsZ_alt_def {A} : forall f s (acc : A), + fold_elementsZ f acc s = + fold_opt f acc (rev (elementsZ s)). + Proof. + intro f. + induction s as [| [y1 c1] s' IH] => acc. { + by simpl. } { - move => acc. - rewrite /elementsZ /elementsZ_aux -/elementsZ_aux !IH !elementsZ_single_intro. - rewrite -!app_assoc app_nil_l //. + rewrite /elementsZ !fold_elementsZ_cons. + rewrite !fold_elementsZ_single_alt_def + fold_opt_list_cons app_nil_r + fold_elementsZ_alt_def_aux rev_app_distr + rev_involutive fold_opt_app. + case (fold_opt f acc (elementsZ_single y1 c1)). + move => [] //. } Qed. @@ -613,8 +1015,12 @@ Module Raw (Enc : ElementEncode). ((elementsZ s) ++ (List.rev (elementsZ_single x c))). Proof. intros x c s. - rewrite /elementsZ /elementsZ_aux -/elementsZ_aux. - rewrite !elementsZ_aux_alt_def elementsZ_single_intro !app_nil_r //. + rewrite /elementsZ fold_elementsZ_cons + !fold_elementsZ_alt_def + fold_elementsZ_single_alt_def. + rewrite !fold_opt_list_cons. + rewrite !app_nil_r !rev_involutive /=. + rewrite fold_elementsZ_alt_def_aux //. Qed. Lemma elements_cons : forall x c s, elements (((x, c) :: s) : t) = @@ -625,6 +1031,83 @@ Module Raw (Enc : ElementEncode). rewrite !rev_map_alt_def map_app rev_app_distr map_rev rev_involutive //. Qed. + Lemma elementsZ_app : forall (s1 s2 : t), elementsZ (s1 ++ s2) = + ((elementsZ s2) ++ (elementsZ s1)). + Proof. + induction s1 as [| [x1 c1] s1 IH1]. { + move => s2. + rewrite elementsZ_nil app_nil_r //. + } + move => s2. + rewrite -app_comm_cons !elementsZ_cons IH1 -app_assoc //. + Qed. + + Lemma InZ_nil : forall y, InZ y nil <-> False. + Proof. + intro y. + done. + Qed. + + Lemma InZ_cons : forall y x c s, InZ y (((x, c) :: s) : t) <-> + List.In y (elementsZ_single x c) \/ InZ y s. + Proof. + intros y x c s. + rewrite /InZ elementsZ_cons in_app_iff -in_rev. + firstorder. + Qed. + + Lemma InZ_app : forall s1 s2 y, + InZ y (s1 ++ s2) <-> InZ y s1 \/ InZ y s2. + Proof. + intros s1 s2 y. + rewrite /InZ elementsZ_app in_app_iff. + tauto. + Qed. + + Lemma InZ_rev : forall s y, + InZ y (List.rev s) <-> InZ y s. + Proof. + intros s x. + rewrite /InZ. + induction s as [| [y c] s' IH]; first done. + simpl. + rewrite elementsZ_app in_app_iff IH. + rewrite !elementsZ_cons !in_app_iff elementsZ_nil + -!in_rev /=. + tauto. + Qed. + + Lemma In_elementsZ_single_dec : forall y x c, + {List.In y (elementsZ_single x c)} + + {~ List.In y (elementsZ_single x c)}. + Proof. + intros y x c. + case (Z_le_dec x y); last first. { + right; rewrite In_elementsZ_single; tauto. + } + case (Z_lt_dec y (x + Z.of_N c)); last first. { + right; rewrite In_elementsZ_single; tauto. + } + left; rewrite In_elementsZ_single; tauto. + Qed. + + Lemma InZ_dec : forall y s, + {InZ y s} + {~InZ y s}. + Proof. + intros y. + induction s as [| [x c] s IH]. { + by right. + } + move : IH => [] IH. { + by left; rewrite InZ_cons; right. + } + case (In_elementsZ_single_dec y x c). { + by left; rewrite InZ_cons; left. + } { + by right; rewrite InZ_cons; tauto. + } + Qed. + Lemma In_elementsZ_single_hd : forall (c : N) x, (c <> 0)%N -> List.In x (elementsZ_single x c). Proof. intros c x H_c_neq. @@ -639,275 +1122,249 @@ Module Raw (Enc : ElementEncode). } Qed. + + (** *** comparing intervals *) - (** *** Alternative definition of addZ *) - - (** [addZ] is defined with efficient execution in mind. - We derive first an alternative definition that demonstrates - the intention better and is better suited for proofs. *) - Lemma addZ_ind : - forall (P : Z -> list (Z * N) -> Prop), - (* case s = nil *) - (forall (x : Z), P x nil) -> - - (* case s = [y, c] :: l, compare (x+1) y = Eq *) - (forall (x : Z) (l : list (Z * N)) (c : N), - P x ((x + 1, c) :: l)) -> - - (* case s = [y, c] :: l, compare (x+1) y = Lt *) - (forall (x : Z) (l : list (Z * N)) (y : Z) (c : N), - (x + 1 ?= y) = Lt -> - P x ((y, c) :: l)) -> - - (* case s = [y, c] :: l, compare (x+1) y = Gt, compare x (y+c) = Eq, - l = nil *) - (forall (y : Z) (c : N), - ((y + Z.of_N c) + 1 ?= y) = Gt -> - P (y + Z.of_N c) ((y, c) :: nil)) -> - - (* case s = (y, c) :: (z, c') :: l, compare (x+1) y = Gt, compare x (y+c) = Eq, - (z = x + 1) *) - (forall (l : list (Z * N)) (y : Z) (c c' : N), - ((y + Z.of_N c) + 1 ?= y) = Gt -> - (P (y+Z.of_N c) l) -> - P (y+Z.of_N c) ((y, c) :: (((y+Z.of_N c) + 1, c') :: l))) -> - - (* case s = (y, c) :: (z, c') :: l, compare (x+1) y = Gt, compare x (y+c) = Eq, - (z <> x + 1) *) - (forall (l : list (Z * N)) (y : Z) (c : N) (z : Z) (c' : N), - ((y + Z.of_N c) + 1 ?= y) = Gt -> - (z =? (y+Z.of_N c) + 1) = false -> - (P (y+Z.of_N c) ((y, c) :: (z, c') :: l))) -> - - - (* case s = (y, c) :: l, compare (x+1) y = Gt, compare x (y+c) = Lt *) - (forall (x : Z) (l : list (Z * N)) (y : Z) (c : N), - (x + 1 ?= y) = Gt -> - (x ?= y + Z.of_N c) = Lt -> - P x ((y, c) :: l)) -> - - (* case s = (y, c) :: l, compare (x+1) y = Gt, compare x (y+c) = Lt *) - (forall (x : Z)(l : list (Z * N)) (y : Z) (c : N), - (x + 1 ?= y) = Gt -> - (x ?= y + (Z.of_N c)) = Gt -> - (P x l) -> - P x ((y, c) :: l)) -> - - - forall (x : Z) (s : list (Z * N)), - P x s. - Proof. - intros P H1 H2 H3 H4 H5 H6 H7 H8. - move => x s. - remember (length s) as n. - revert s Heqn. - induction n as [n IH] using Wf_nat.lt_wf_ind. - case. { - move => _. apply H1. - } { - move => [y c] s' H_n. - simpl in H_n. - have IH_s': (P x s'). { - apply (IH (length s')) => //. - rewrite H_n //. - } - case_eq (x + 1 ?= y). { - move => /Z.compare_eq_iff <-. - apply H2. - } { - move => H_x1y_comp. - by apply H3. - } { - move => H_x1y_comp. - case_eq (x ?= y + Z.of_N c). { - move => H_x_eqb. - move : (H_x_eqb) => /Z.compare_eq_iff H_x_eq. - case_eq s'. { - move => _. - rewrite H_x_eq. - apply H4. - rewrite -H_x1y_comp H_x_eq //. - } { - move => [z c'] l H_s'. - have IH_l: (P x l). { - apply (IH (length l)) => //. - rewrite H_n H_s' /=. - apply Lt.lt_trans with (m := S (length l)) => //. - } - case_eq (z =? x + 1). { - move => /Z.eqb_eq ->. - rewrite H_x_eq. - apply H5. { - rewrite -H_x1y_comp H_x_eq //. - } { - rewrite -H_x_eq. - apply IH_l. - } - } { - move => H_z_neq. - rewrite H_x_eq. - eapply H6 => //; rewrite -H_x_eq //. - } - } - } { - by apply H7. - } { - move => H_x_gt. - apply H8 => //. + Ltac Z_named_compare_cases H := match goal with + | [ |- context [Z.compare ?z1 ?z2] ] => + case_eq (Z.compare z1 z2); [move => /Z.compare_eq_iff | move => /Z.compare_lt_iff | move => /Z.compare_gt_iff]; move => H // + end. + + Ltac Z_compare_cases := let H := fresh "H" in Z_named_compare_cases H. + + Lemma interval_compare_elim : forall (y1 : Z) (c1 : N) (y2 : Z) (c2 : N), + match (interval_compare (y1, c1) (y2, c2)) with + | ICR_before => (y1 + Z.of_N c1) < y2 + | ICR_before_touch => (y1 + Z.of_N c1) = y2 + | ICR_after => (y2 + Z.of_N c2) < y1 + | ICR_after_touch => (y2 + Z.of_N c2) = y1 + | ICR_equal => (y1 = y2) /\ (c1 = c2) + | ICR_overlap_before => (y1 < y2) /\ (y2 < y1 + Z.of_N c1) /\ (y1 + Z.of_N c1 < y2 + Z.of_N c2) + | ICR_overlap_after => (y2 < y1) /\ (y1 < y2 + Z.of_N c2) /\ (y2 + Z.of_N c2 < y1 + Z.of_N c1) + | ICR_subsume_1 => (y2 <= y1) /\ (y1 + Z.of_N c1 <= y2 + Z.of_N c2) /\ (y2 < y1 \/ y1 + Z.of_N c1 < y2 + Z.of_N c2) + | ICR_subsume_2 => (y1 <= y2) /\ (y2 + Z.of_N c2 <= y1 + Z.of_N c1) /\ (y1 < y2 \/ y2 + Z.of_N c2 < y1 + Z.of_N c1) + end. + Proof. + intros y1 c1 y2 c2. + rewrite /interval_compare. + (repeat Z_compare_cases); subst; repeat split; + try (by apply Z.eq_le_incl); + try (by apply Z.lt_le_incl); + try (by left); try (by right). + + apply Z.add_reg_l in H2. + by apply N2Z.inj. + Qed. + + Lemma interval_compare_swap : forall (y1 : Z) (c1 : N) (y2 : Z) (c2 : N), + (c1 <> 0%N) \/ (c2 <> 0%N) -> + interval_compare (y2, c2) (y1, c1) = + match (interval_compare (y1, c1) (y2, c2)) with + | ICR_before => ICR_after + | ICR_before_touch => ICR_after_touch + | ICR_after => ICR_before + | ICR_after_touch => ICR_before_touch + | ICR_equal => ICR_equal + | ICR_overlap_before => ICR_overlap_after + | ICR_overlap_after => ICR_overlap_before + | ICR_subsume_1 => ICR_subsume_2 + | ICR_subsume_2 => ICR_subsume_1 + end. + Proof. + intros y1 c1 y2 c2 H_c12_neq_0. + rewrite /interval_compare. + move : (Z.compare_antisym y1 y2) => ->. + move : (Z.compare_antisym (y1 + Z.of_N c1) (y2 + Z.of_N c2)) => ->. + have H_suff : y1 + Z.of_N c1 <= y2 -> y2 + Z.of_N c2 <= y1 -> False. { + move => H1 H2. + case H_c12_neq_0 => H_c_neq_0. { + suff : (y1 + Z.of_N c1 <= y1). { + apply Z.nle_gt. + by apply Z_lt_add_r. } + eapply Z.le_trans; eauto. + eapply Z.le_trans; eauto. + apply Z_le_add_r. + } { + suff : (y2 + Z.of_N c2 <= y2). { + apply Z.nle_gt. + by apply Z_lt_add_r. + } + eapply Z.le_trans; eauto. + eapply Z.le_trans; eauto. + apply Z_le_add_r. } } + repeat Z_compare_cases. { + exfalso; apply H_suff. + - by rewrite H; apply Z.le_refl. + - by rewrite H0; apply Z.le_refl. + } { + exfalso; apply H_suff. + - by rewrite H; apply Z.le_refl. + - by apply Z.lt_le_incl. + } { + exfalso; apply H_suff. + - by apply Z.lt_le_incl. + - by rewrite H0; apply Z.le_refl. + } { + exfalso; apply H_suff. + - by apply Z.lt_le_incl. + - by apply Z.lt_le_incl. + } Qed. - - Lemma addZ_aux_alt_def : forall x s acc, - addZ_aux acc x s = (List.rev acc) ++ addZ x s. + + Lemma interval_1_compare_alt_def : forall (y : Z) (i : (Z * N)), + interval_1_compare y i = match (interval_compare (y, (1%N)) i) with + | ICR_equal => ICR_subsume_1 + | ICR_subsume_1 => ICR_subsume_1 + | ICR_subsume_2 => ICR_subsume_1 + | r => r + end. Proof. - move => ? ?. - eapply addZ_ind with (P := (fun x s => forall acc, addZ_aux acc x s = rev acc ++ addZ x s)); clear. { - intros x acc. - rewrite /addZ_aux /rev' -rev_alt //. - } { - intros x l c acc. - rewrite /addZ /= Z.compare_refl rev_append_rev //. + move => y1 [y2 c2]. + rewrite /interval_1_compare /interval_compare. + replace (y1 + Z.of_N 1) with (Z.succ y1); last done. + repeat Z_compare_cases. { + contradict H1. + by apply Zle_not_lt, Zlt_succ_le. } { - intros x l y c H_y_lt acc. - rewrite /addZ /= H_y_lt rev_append_rev //. + contradict H. + by apply Zle_not_lt, Zlt_succ_le. + } + Qed. + + Lemma interval_1_compare_elim : forall (y1 : Z) (y2 : Z) (c2 : N), + match (interval_1_compare y1 (y2, c2)) with + | ICR_before => Z.succ y1 < y2 + | ICR_before_touch => y2 = Z.succ y1 + | ICR_after => (y2 + Z.of_N c2) < y1 + | ICR_after_touch => (y2 + Z.of_N c2) = y1 + | ICR_equal => False + | ICR_overlap_before => False + | ICR_overlap_after => False + | ICR_subsume_1 => (c2 = 0%N) \/ ((y2 <= y1) /\ (y1 < y2 + Z.of_N c2)) + | ICR_subsume_2 => False + end. + Proof. + intros y1 y2 c2. + move : (interval_compare_elim y1 (1%N) y2 c2). + rewrite interval_1_compare_alt_def. + have H_succ: forall z, z + Z.of_N 1 = Z.succ z by done. + + case_eq (interval_compare (y1, 1%N) (y2, c2)) => H_comp; + rewrite ?H_succ ?Z.lt_succ_r ?Z.le_succ_l //. { + move => [H_lt] [H_le] _. + contradict H_lt. + by apply Zle_not_lt. } { - intros y c H_y_comp acc. - rewrite /addZ /= H_y_comp Z.compare_refl /rev' -rev_alt //. + move => [_] [H_lt] H_le. + contradict H_lt. + by apply Zle_not_lt. } { - intros l y c c' H_y_comp IH acc. - rewrite /addZ /= H_y_comp Z.compare_refl Z.eqb_refl. - rewrite rev_append_rev //. + move => [->] <-. + rewrite ?Z.lt_succ_r. + right. + split; apply Z.le_refl. } { - intros l y c z c' H_y_comp H_z_comp acc. - rewrite /addZ /= H_y_comp Z.compare_refl H_z_comp. - rewrite rev_append_rev /= //. + tauto. } { - intros x l y c H_y_comp H_x_comp acc. - rewrite /addZ /= H_x_comp H_y_comp rev_append_rev //. + case (N.zero_or_succ c2). { + move => -> _; by left. + } { + move => [c2'] ->. + rewrite !N2Z.inj_succ Z.add_succ_r -Z.succ_le_mono Z.le_succ_l. + move => [H_y1_le] [H_le_y1]. + suff -> : y1 = y2. { + move => [] H_pre; contradict H_pre. { + apply Z.lt_irrefl. + } { + apply Zle_not_lt, Z_le_add_r. + } + } + apply Z.le_antisymm => //. + eapply Z.le_trans; last apply H_le_y1. + apply Z_le_add_r. + } + } + Qed. + + (** *** Alternative definition of addZ *) + Lemma addZ_aux_alt_def : forall x s acc, + addZ_aux acc x s = (List.rev acc) ++ addZ x s. + Proof. + intros y1 s. + unfold addZ. + induction s as [| [y2 c2] s' IH] => acc. { + rewrite /addZ_aux /addZ /= /rev' !rev_append_rev /= app_nil_r //. } { - intros x l y c H_y_comp H_x_comp IH acc. - rewrite /addZ /= H_x_comp H_y_comp. - rewrite !IH /= -app_assoc //. + unfold addZ_aux. + case (interval_1_compare y1 (y2, c2)); fold addZ_aux; + rewrite ?rev_append_rev /= ?app_assoc_reverse //. + rewrite (IH ((y2,c2)::acc)) (IH ((y2,c2)::nil)). + rewrite /= app_assoc_reverse //. } Qed. Lemma addZ_alt_def : forall x s, addZ x s = match s with - | nil => (x, 1%N)::nil + | nil => (x, (1%N))::nil | (y, c) :: l => - match (Z.compare (x+1) y) with - | Lt => (x, 1%N)::s - | Eq => (x, (c+1)%N)::l - | Gt => match (Z.compare x (y+Z.of_N c)) with - | Lt => s - | Gt => (y,c) :: addZ x l - | Eq => match l with - | nil => (y, (c+1)%N)::nil - | (z, c') :: l' => if (Z.eqb z (x + 1)) then - (y, (c + c' + 1)%N) :: l' - else - (y,(c+1)%N) :: (z, c') :: l' - end - end - end + match (interval_1_compare x (y,c)) with + | ICR_before => (x, (1%N))::s + | ICR_before_touch => (x, N.succ c)::l + | ICR_after => (y,c)::(addZ x l) + | ICR_after_touch => insert_interval_begin y (N.succ c) l + | _ => (y, c)::l + end end. Proof. intros x s. - rewrite /addZ Z.add_1_r. + rewrite /addZ. case s => //. - move => [y c] s' /=. - case (Z.succ x ?= y). { - rewrite N.add_1_r //. - } { - reflexivity. - } { - case (x ?= y+ Z.of_N c) => //. { - rewrite !N.add_1_r. - case s' => //. - move => [z c'] s'' //. - rewrite !N.add_1_r //. - } { - rewrite addZ_aux_alt_def //. - } - } + move => [y c] s'. + unfold addZ_aux. + case (interval_1_compare x (y, c)); fold addZ_aux; + rewrite ?rev_append_rev /= ?app_assoc_reverse //. + rewrite addZ_aux_alt_def //. Qed. - (** *** Alternative definition of removeZ *) - - (** [removeZ] is defined with efficient execution in mind. - We derive first an alternative definition that demonstrates - the intention better and is better suited for proofs. *) + + (** *** Auxiliary Lemmata about Invariant *) - Lemma removeZ_aux_alt_def : forall s x acc, - removeZ_aux acc x s = (List.rev acc) ++ removeZ x s. + Lemma interval_list_elements_greater_cons : forall z x c s, + interval_list_elements_greater z ((x, c) :: s) = true <-> + (z < x). Proof. - induction s as [| [y c] s' IH]. { - intros x acc. - rewrite /removeZ /removeZ_aux /= app_nil_r /rev' -rev_alt //. - } { - intros x acc. - rewrite /removeZ /removeZ_aux -/removeZ_aux. - case (x nil - | (y, c) :: l => - if (Z.ltb x y) then s else - if (Z.ltb x (y+Z.of_N c)) then ( - (removeZ_aux_insert_guarded y (Z.to_N (x-y)) - (removeZ_aux_insert_guarded (Z.succ x) (Z.to_N ((y+Z.of_N c)- (Z.succ x))) l)) - ) else (y, c) :: removeZ x l - end. - Proof. - intros x s. - rewrite /removeZ /=. - case s => //. - move => [y c] s' /=. - case(x //. - case(x //. - } { - rewrite removeZ_aux_alt_def //. - } - Qed. - - - (** *** Auxiliary Lemmata about Invariant *) - - Lemma inf_impl : forall x y s, - (y <= x) -> inf x s = true -> inf y s = true. + Lemma interval_list_elements_greater_impl : forall x y s, + (y <= x) -> + interval_list_elements_greater x s = true -> + interval_list_elements_greater y s = true. Proof. intros x y s. case s => //. move => [z c] s'. - rewrite /inf. + rewrite /interval_list_elements_greater. move => H_y_leq /Z.ltb_lt H_x_lt. apply Z.ltb_lt. eapply Z.le_lt_trans; eauto. Qed. + Lemma interval_list_invariant_nil : interval_list_invariant nil = true. + Proof. + by []. + Qed. + Lemma Ok_nil : Ok nil <-> True. Proof. - rewrite /Ok /IsOk /isok /is_encoded_elems_list //. + rewrite /Ok /IsOk /interval_list_invariant /is_encoded_elems_list //. Qed. Lemma is_encoded_elems_list_app : forall l1 l2, @@ -934,10 +1391,12 @@ Module Raw (Enc : ElementEncode). ). Qed. - Lemma isok_cons : forall y c s', isok ((y, c) :: s') = true <-> - (inf (y+Z.of_N c) s' = true /\ ((c <> 0)%N) /\ isok s' = true). + Lemma interval_list_invariant_cons : forall y c s', + interval_list_invariant ((y, c) :: s') = true <-> + (interval_list_elements_greater (y+Z.of_N c) s' = true /\ + ((c <> 0)%N) /\ interval_list_invariant s' = true). Proof. - rewrite /isok -/isok. + rewrite /interval_list_invariant -/interval_list_invariant. intros y c s'. rewrite !Bool.andb_true_iff negb_true_iff. split. { @@ -947,71 +1406,245 @@ Module Raw (Enc : ElementEncode). } Qed. + Lemma interval_list_invariant_sing : forall x c, + interval_list_invariant ((x, c)::nil) = true <-> (c <> 0)%N. + Proof. + intros x c. + rewrite interval_list_invariant_cons. + split; tauto. + Qed. + Lemma Ok_cons : forall y c s', Ok ((y, c) :: s') <-> - (inf (y+Z.of_N c) s' = true /\ ((c <> 0)%N) /\ + (interval_list_elements_greater (y+Z.of_N c) s' = true /\ ((c <> 0)%N) /\ is_encoded_elems_list (elementsZ_single y c) /\ Ok s'). Proof. intros y c s'. - rewrite /Ok /IsOk isok_cons elementsZ_cons is_encoded_elems_list_app + rewrite /Ok /IsOk interval_list_invariant_cons elementsZ_cons is_encoded_elems_list_app is_encoded_elems_list_rev. tauto. Qed. Lemma Nin_elements_greater : forall s y, - inf y s = true -> - isok s = true -> - forall x, x <= y -> - ~(InZ x s). + interval_list_elements_greater y s = true -> + interval_list_invariant s = true -> + forall x, x <= y -> ~(InZ x s). Proof. induction s as [| [z c] s' IH]. { intros y _ _ x _. - done. + by simpl. } { - rewrite /inf. - move => y /Z.ltb_lt H_y_lt /isok_cons [H_inf'] [H_c] H_s' x H_x_le. - rewrite /InZ elementsZ_cons in_app_iff -!in_rev In_elementsZ_single. - move => []. { - eapply IH; eauto. - apply Z.le_trans with (m := z). { - eapply Z.lt_le_incl. - eapply Z.le_lt_trans; eauto. - } { - apply Z_le_add_r. - } - } { + move => y /interval_list_elements_greater_cons H_y_lt + /interval_list_invariant_cons [H_gr] [H_c] H_s' + x H_x_le. + rewrite InZ_cons In_elementsZ_single. + have H_x_lt : x < z by eapply Z.le_lt_trans; eauto. + + move => []. { move => [H_z_leq] _; contradict H_z_leq. - apply Z.nle_gt. - eapply Z.le_lt_trans; eauto. + by apply Z.nle_gt. + } { + eapply IH; eauto. + by apply Z_lt_le_add_r. } } Qed. - Lemma isok_inf_nin : + Lemma Nin_elements_greater_equal : forall x s, - isok s = true -> - inf x s = true -> + interval_list_elements_greater x s = true -> + interval_list_invariant s = true -> ~ (InZ x s). Proof. - move => x. - induction s as [| [y c] s' IH]. { - move => _ _. - rewrite /InZ elementsZ_nil //. + move => x s H_inv H_gr. + apply (Nin_elements_greater s x) => //. + apply Z.le_refl. + Qed. + + Lemma interval_list_elements_greater_alt_def : forall s y, + interval_list_invariant s = true -> + + (interval_list_elements_greater y s = true <-> + (forall x, x <= y -> ~(InZ x s))). + Proof. + intros s y H_inv. + split. { + move => H_gr. + apply Nin_elements_greater => //. + } { + move : H_inv. + case s as [| [x2 c] s'] => //. + rewrite interval_list_invariant_cons interval_list_elements_greater_cons. + move => [_] [H_c_neq] _ H. + apply Z.nle_gt => H_ge. + apply (H x2) => //. + rewrite InZ_cons; left. + apply In_elementsZ_single_hd => //. + } + Qed. + + Lemma interval_list_elements_greater_alt2_def : forall s y, + interval_list_invariant s = true -> + + (interval_list_elements_greater y s = true <-> + (forall x, InZ x s -> y < x)). + Proof. + intros s y H. + + rewrite interval_list_elements_greater_alt_def //. + split. { + move => H_notInZ x H_inZ. + apply Z.nle_gt. + move => H_lt. + move : (H_notInZ x H_lt H_inZ) => //. + } { + move => H_lt x H_le H_inZ. + move : (H_lt x H_inZ). + lia. + } + Qed. + + Lemma interval_list_elements_greater_intro : forall s y, + interval_list_invariant s = true -> + (forall x, InZ x s -> y < x) -> + interval_list_elements_greater y s = true. + Proof. + intros s y H1 H2. + rewrite interval_list_elements_greater_alt2_def //. + Qed. + + Lemma interval_list_elements_greater_app_elim_1 : forall s1 s2 y, + interval_list_elements_greater y (s1 ++ s2) = true -> + interval_list_elements_greater y s1 = true. + Proof. + intros s1 s2 y. + case s1 => //. + Qed. + + Lemma interval_list_invariant_app_intro : forall s1 s2, + interval_list_invariant s1 = true -> + interval_list_invariant s2 = true -> + (forall (x1 x2 : Z), InZ x1 s1 -> InZ x2 s2 -> Z.succ x1 < x2) -> + interval_list_invariant (s1 ++ s2) = true. + Proof. + induction s1 as [| [y1 c1] s1' IH]. { + move => s2 _ //. } { - rewrite isok_cons. - move => [H_inf] [_] H_ok_s' /Z.ltb_lt H_x_lt_y. - rewrite /InZ elementsZ_cons in_app_iff -in_rev In_elementsZ_single Z.le_ngt. - suff : inf x s' = true by tauto. - eapply inf_impl; last apply H_inf. - apply Z.le_trans with (m := y). { - by apply Z.lt_le_incl. + move => s2. + rewrite -app_comm_cons !interval_list_invariant_cons. + move => [H_gr] [H_c1_neq] H_inv_s1' H_inv_s2 H_inz_s2. + split; last split. { + move : H_gr H_inz_s2. + case s1' as [| [y1' c1'] s1'']; last done. + move => _ H_inz_s2. + rewrite app_nil_l. + apply interval_list_elements_greater_intro => //. + move => x H_x_in_s2. + suff H_inz : InZ (Z.pred (y1 + Z.of_N c1)) ((y1, c1) :: nil). { + move : (H_inz_s2 _ _ H_inz H_x_in_s2). + by rewrite Z.succ_pred. + } + rewrite InZ_cons In_elementsZ_single -Z.lt_le_pred; left. + split. { + by apply Z_lt_add_r. + } { + apply Z.lt_pred_l. + } } { - by apply Z_le_add_r. + assumption. + } { + apply IH => //. + intros x1 x2 H_in_x1 H_in_x2. + apply H_inz_s2 => //. + rewrite InZ_cons; by right. } - } + } + Qed. + + + Lemma interval_list_invariant_app_elim : forall s1 s2, + interval_list_invariant (s1 ++ s2) = true -> + interval_list_invariant s1 = true /\ + interval_list_invariant s2 = true /\ + (forall (x1 x2 : Z), InZ x1 s1 -> InZ x2 s2 -> Z.succ x1 < x2). + Proof. + move => s1 s2. + induction s1 as [| [y1 c1] s1' IH]; first done. + rewrite -app_comm_cons !interval_list_invariant_cons. + + move => [H_gr] [H_c1_neq_0] /IH [H_inv_s1'] [H_inv_s2] H_in_s1'_s2. + repeat split; try assumption. { + move : H_gr. + case s1'; first done. + move => [y2 c2] s1''. + rewrite interval_list_elements_greater_cons //. + } { + move => x1 x2. + rewrite InZ_cons In_elementsZ_single. + move => []; last by apply H_in_s1'_s2. + move => [] H_y1_le H_x1_lt H_x2_in. + move : H_gr. + rewrite interval_list_elements_greater_alt2_def; last first. { + by apply interval_list_invariant_app_intro. + } + move => H_in_s12'. + have : (y1 + Z.of_N c1 < x2). { + apply H_in_s12'. + rewrite InZ_app. + by right. + } + move => H_lt_x2. + apply Z.le_lt_trans with (m := y1 + Z.of_N c1) => //. + by apply Zlt_le_succ. + } + Qed. + + Lemma interval_list_invariant_app_iff : forall s1 s2, + interval_list_invariant (s1 ++ s2) = true <-> + (interval_list_invariant s1 = true /\ + interval_list_invariant s2 = true /\ + (forall (x1 x2 : Z), InZ x1 s1 -> InZ x2 s2 -> Z.succ x1 < x2)). + Proof. + intros s1 s2. + split. { + by apply interval_list_invariant_app_elim. + } { + move => [] H_inv_s1 []. + by apply interval_list_invariant_app_intro. + } + Qed. + + Lemma interval_list_invariant_snoc_intro : forall s1 y2 c2, + interval_list_invariant s1 = true -> + (c2 <> 0)%N -> + (forall x, InZ x s1 -> Z.succ x < y2) -> + interval_list_invariant (s1 ++ ((y2, c2)::nil)) = true. + Proof. + intros s1 y2 c2 H_inv_s1 H_c2_neq H_in_s1. + apply interval_list_invariant_app_intro => //. { + rewrite interval_list_invariant_cons; done. + } { + intros x1 x2 H_in_x1. + rewrite InZ_cons. + move => [] //. + rewrite In_elementsZ_single. + move => [H_y2_le] _. + eapply Z.lt_le_trans; eauto. + } Qed. + (** *** Properties of In and InZ *) + Lemma encode_decode_eq : forall x s, Ok s -> InZ x s -> + (Enc.encode (Enc.decode x) = x). + Proof. + intros x s. + rewrite /Ok /IsOk /InZ. + move => [_] H_enc H_in_x. + move : (H_enc _ H_in_x) => [x'] <-. + rewrite Enc.decode_encode_ok //. + Qed. + Lemma In_alt_def : forall x s, Ok s -> (In x s <-> List.In x (elements s)). Proof. @@ -1019,7 +1652,7 @@ Module Raw (Enc : ElementEncode). rewrite /In InA_alt /elements rev_map_alt_def. split. { move => [y] [H_y_eq]. - rewrite -!in_rev !in_map_iff. + rewrite -!in_rev !in_map_iff. move => [x'] [H_y_eq'] H_x'_in. suff H_x'_eq : (Enc.encode x = x'). { exists x'. @@ -1065,30 +1698,43 @@ Module Raw (Enc : ElementEncode). apply H_ok. Qed. + Lemma InZ_In : forall x s, Ok s -> + (InZ x s -> In (Enc.decode x) s). + Proof. + intros x s H_ok. + rewrite In_InZ /InZ. + move : H_ok. + rewrite /Ok /IsOk /is_encoded_elems_list. + move => [_] H_enc. + move => H_in. + move : (H_enc _ H_in) => [e] H_x. + subst. + by rewrite Enc.decode_encode_ok. + Qed. + (** *** Membership specification *) Lemma memZ_spec : - forall (s : t) (x : Z) (Hs : Ok s), memZ x s = true <-> InZ x s. + forall (s : t) (x : Z) (Hs : Ok s), memZ x s = true <-> InZ x s. Proof. induction s as [| [y c] s' IH]. { intros x _. rewrite /InZ elementsZ_nil //. } { move => x /Ok_cons [H_inf] [H_c] [H_is_enc] H_s'. - rewrite /InZ /memZ elementsZ_cons -/mem. - rewrite /isok -/isok in_app_iff -!in_rev In_elementsZ_single. + rewrite /InZ /memZ elementsZ_cons -/memZ. + rewrite in_app_iff -!in_rev In_elementsZ_single. case_eq (x /Z.ltb_lt H_x_lt. split; first done. move => []. { move => H_x_in; contradict H_x_in. - eapply Nin_elements_greater; eauto; first apply H_s'. - apply Z.le_trans with (m := y). { - by apply Z.lt_le_incl. + apply Nin_elements_greater with (y := (y + Z.of_N c)) => //. { + apply H_s'. } { - apply Z_le_add_r. + apply Z_lt_le_add_r => //. } } { move => [H_y_le]; contradict H_y_le. @@ -1120,201 +1766,345 @@ Module Raw (Enc : ElementEncode). rewrite /mem memZ_spec In_InZ //. Qed. + Lemma merge_interval_size_neq_0 : forall x1 c1 x2 c2, + (c1 <> 0%N) -> + (merge_interval_size x1 c1 x2 c2 <> 0)%N. + Proof. + intros x1 c1 x2 c2. + rewrite /merge_interval_size !N.neq_0_lt_0 N.max_lt_iff. + by left. + Qed. + - (** *** add specification *) - Lemma addZ_spec : - forall (s : t) (x y : Z) (Hs : Ok s), - InZ y (addZ x s) <-> Z.eq y x \/ InZ y s. - Proof. - intros s x y. - eapply addZ_ind with (P := (fun (x:Z) s => Ok s -> (InZ y (addZ x s) <-> Z.eq y x \/ InZ y s))); clear s x. { - move => x _. - rewrite /InZ addZ_alt_def elementsZ_cons elementsZ_nil app_nil_l -in_rev - In_elementsZ_single1 /=. - firstorder. + (** *** insert if length not 0 *) + + Lemma interval_list_invariant_insert_intervalZ_guarded : forall x c s, + interval_list_invariant s = true -> + interval_list_elements_greater (x + Z.of_N c) s = true -> + interval_list_invariant (insert_intervalZ_guarded x c s) = true. + Proof. + intros x c s. + rewrite /insert_intervalZ_guarded. + case_eq (c =? 0)%N => //. + move => /N.eqb_neq. + rewrite interval_list_invariant_cons. + tauto. + Qed. + + Lemma interval_list_elements_greater_insert_intervalZ_guarded : forall x c y s, + interval_list_elements_greater y (insert_intervalZ_guarded x c s) = true <-> + (if (c =? 0)%N then (interval_list_elements_greater y s = true) else (y < x)). + Proof. + intros x c y s. + rewrite /insert_intervalZ_guarded. + case (c =? 0)%N => //. + rewrite /interval_list_elements_greater Z.ltb_lt //. + Qed. + + Lemma insert_intervalZ_guarded_app : forall x c s1 s2, + (insert_intervalZ_guarded x c s1) ++ s2 = + insert_intervalZ_guarded x c (s1 ++ s2). + Proof. + intros x c s1 s2. + rewrite /insert_intervalZ_guarded. + case (N.eqb c 0) => //. + Qed. + + Lemma insert_intervalZ_guarded_rev_nil_app : forall x c s, + rev (insert_intervalZ_guarded x c nil) ++ s = + insert_intervalZ_guarded x c s. + Proof. + intros x c s. + rewrite /insert_intervalZ_guarded. + case (N.eqb c 0) => //. + Qed. + +Lemma elementsZ_insert_intervalZ_guarded : forall x c s, + elementsZ (insert_intervalZ_guarded x c s) = elementsZ ((x, c) :: s). + Proof. + intros x c s. + rewrite /insert_intervalZ_guarded. + case_eq (c =? 0)%N => //. + move => /N.eqb_eq ->. + rewrite elementsZ_cons elementsZ_single_base /= app_nil_r //. + Qed. + + Lemma InZ_insert_intervalZ_guarded : forall y x c s, + InZ y (insert_intervalZ_guarded x c s) = InZ y ((x, c) :: s). + Proof. + intros y x c s. + rewrite /InZ elementsZ_insert_intervalZ_guarded //. + Qed. + + (** *** Merging intervals *) + + Lemma merge_interval_size_add : forall x c1 c2, + (merge_interval_size x c1 (x + Z.of_N c1) c2 = (c1 + c2))%N. + Proof. + intros x c1 c2. + rewrite /merge_interval_size. + replace (x + Z.of_N c1 + Z.of_N c2 - x) with + (Z.of_N c1 + Z.of_N c2) by lia. + rewrite -N2Z.inj_add N2Z.id. + apply N.max_r, N.le_add_r. + Qed. + + Lemma merge_interval_size_eq_max : forall y1 c1 y2 c2, + y1 <= y2 + Z.of_N c2 -> + y1 + Z.of_N (merge_interval_size y1 c1 y2 c2) = + Z.max (y1 + Z.of_N c1) (y2 + Z.of_N c2). + Proof. + intros y1 c1 y2 c2 H_y1_le. + rewrite /merge_interval_size N2Z.inj_max Z2N.id; last first. { + by apply Zle_minus_le_0. + } + rewrite -Z.add_max_distr_l. + replace (y1 + (y2 + Z.of_N c2 - y1)) with (y2 + Z.of_N c2) by lia. + done. + Qed. + + Lemma merge_interval_size_invariant : forall y1 c1 y2 c2 z s, + interval_list_invariant s = true -> + y1 + Z.of_N c1 <= y2 + Z.of_N c2 -> + y2 + Z.of_N c2 <= z -> + interval_list_elements_greater z s = true -> + (c1 <> 0)%N -> + interval_list_invariant ((y1, merge_interval_size y1 c1 y2 c2) :: s) = + true. + Proof. + intros y1 c1 y2 c2 z s H_inv H_le H_le_z H_gr H_c1_neq_0. + rewrite interval_list_invariant_cons. + split; last split. { + rewrite merge_interval_size_eq_max; last first. { + eapply Z.le_trans; last apply H_le. + apply Z_le_add_r. + } { + rewrite Z.max_r => //. + eapply interval_list_elements_greater_impl; first apply H_le_z. + done. + } } { - intros x l c _. - rewrite /InZ addZ_alt_def Z.compare_refl !elementsZ_cons !in_app_iff -!in_rev N.add_1_r - Z.add_1_r !In_elementsZ_single N2Z.inj_succ Z.add_succ_l - Z.add_succ_r Z.le_succ_l Z.lt_succ_r. - split. { - move => []; first by tauto. - move => [] /Z.lt_eq_cases. - firstorder. + apply merge_interval_size_neq_0. + assumption. + } { + assumption. + } + Qed. + + + Lemma In_merge_interval : forall x1 c1 x2 c2 y, + x1 <= x2 -> + x2 <= x1 + Z.of_N c1 -> ( + List.In y (elementsZ_single x1 (merge_interval_size x1 c1 x2 c2)) <-> + List.In y (elementsZ_single x1 c1) \/ List.In y (elementsZ_single x2 c2)). + Proof. + intros x1 c1 x2 c2 y H_x1_le H_x2_le. + rewrite !In_elementsZ_single merge_interval_size_eq_max; + last first. { + eapply Z.le_trans; eauto. + by apply Z_le_add_r. + } + rewrite Z.max_lt_iff. + split. { + move => [H_x_le] [] H_y_lt. { + by left. } { - move => [-> | ]. { - right; split. - - by apply Z.le_refl. - - by apply Z_le_add_r. + case_eq (Z.leb x2 y). { + move => /Z.leb_le H_y'_le. + by right. } { - move => []; first by tauto. - move => [H_x_lt H_y_le]. - right; split => //. - by apply Z.lt_le_incl. + move => /Z.leb_gt H_y_lt_x2. + left. + split => //. + eapply Z.lt_le_trans; eauto. } - } - } { - intros x l y0 c H_y_comp _. - rewrite /InZ addZ_alt_def H_y_comp elementsZ_cons in_app_iff - In_elementsZ_single1. - firstorder. - } { - move => y0 c H_y_comp H_ok. - rewrite addZ_alt_def H_y_comp Z.compare_refl. - rewrite /InZ !elementsZ_cons elementsZ_nil !app_nil_l N.add_1_r. - rewrite elementsZ_single_succ -!in_rev in_app_iff /=. - firstorder. - } { - move => l y0 c c' H_y_comp _ _. - rewrite addZ_alt_def H_y_comp Z.compare_refl Z.eqb_refl. - rewrite /InZ !elementsZ_cons !in_app_iff -!in_rev. - have -> : (c + c' + 1 = N.succ c + c')%N. { - rewrite -N.add_1_r. ring. } - rewrite Z.add_1_r elementsZ_single_add elementsZ_single_succ !in_app_iff - N2Z.inj_succ Z.add_succ_r. - firstorder. - } { - intros l y0 c z c'. - move => H_y_comp H_z_comp _. - rewrite addZ_alt_def H_y_comp Z.compare_refl H_z_comp. - rewrite /InZ !elementsZ_cons N.add_1_r !in_app_iff -!in_rev. - rewrite elementsZ_single_succ in_app_iff /=. - firstorder. } { - intros x l y0 c H_y_comp H_x_comp _. - rewrite addZ_alt_def H_y_comp H_x_comp. - split. { - by right. + move => []. { + tauto. } { - move => [] // ->. - rewrite /InZ elementsZ_cons in_app_iff -in_rev In_elementsZ_single. - right. split. { - move : H_y_comp => /Z.compare_gt_iff. - rewrite Z.add_1_r Z.lt_succ_r //. + move => [H_x2_le'] H_y_lt. + split. { + eapply Z.le_trans; eauto. } { - move : H_x_comp => /Z.compare_lt_iff //. + by right. } } + } + Qed. + + Lemma insert_interval_begin_spec : forall y s x c, + interval_list_invariant s = true -> + interval_list_elements_greater x s = true -> + (c <> 0)%N -> + ( + interval_list_invariant (insert_interval_begin x c s) = true /\ + (InZ y (insert_interval_begin x c s) <-> + (List.In y (elementsZ_single x c) \/ InZ y s))). + Proof. + intros y. + induction s as [| [y' c'] s' IH]. { + intros x c _ H_c_neq H_z_lt. + rewrite /insert_interval_begin InZ_cons interval_list_invariant_cons //. } { - intros x l y0 c H_y_comp H_x_comp IH H_ok. - have H_ok' : Ok l. { - move : H_ok. - rewrite Ok_cons. + intros x c. + rewrite interval_list_invariant_cons + interval_list_elements_greater_cons. + move => [H_gr] [H_c'_neq_0] H_inv_s' H_x_lt H_c_neq_0. + unfold insert_interval_begin. + Z_named_compare_cases H_y'; fold insert_interval_begin. { + subst. + rewrite !InZ_cons elementsZ_single_add in_app_iff. + split; last tauto. + rewrite interval_list_invariant_cons N2Z.inj_add + Z.add_assoc N.eq_add_0. tauto. + } { + rewrite !InZ_cons !interval_list_invariant_cons + interval_list_elements_greater_cons. + repeat split => //. + } { + set c'' := merge_interval_size x c y' c'. + have H_x_lt' : x < y' + Z.of_N c'. { + eapply Z.lt_le_trans with (m := y') => //. + by apply Z_le_add_r. + } + + have H_pre : interval_list_elements_greater x s' = true. { + eapply interval_list_elements_greater_impl; eauto. + by apply Z.lt_le_incl. + } + have H_pre2 : c'' <> 0%N. { + by apply merge_interval_size_neq_0. + } + move : (IH x c'' H_inv_s' H_pre H_pre2) => {IH} {H_pre} {H_pre2} [->] ->. + + split; first reflexivity. + unfold c''; clear c''. + rewrite In_merge_interval. { + rewrite InZ_cons. + tauto. + } { + by apply Z.lt_le_incl. + } { + by apply Z.lt_le_incl. + } } - rewrite addZ_alt_def H_y_comp H_x_comp. - unfold InZ in IH. - rewrite /InZ !elementsZ_cons !in_app_iff -!in_rev (IH H_ok'). + } + Qed. + + + (** *** add specification *) + Lemma addZ_InZ : + forall (s : t) (x y : Z), + interval_list_invariant s = true -> + (InZ y (addZ x s) <-> x = y \/ InZ y s). + Proof. + move => s x y. + induction s as [| [z c] s' IH]. { + move => _. + rewrite /InZ addZ_alt_def + elementsZ_cons elementsZ_nil app_nil_l -in_rev + In_elementsZ_single1 /=. firstorder. + } { + move => /interval_list_invariant_cons [H_greater] [H_c_neq_0] H_inv_c'. + move : (IH H_inv_c') => {} IH. + rewrite addZ_alt_def. + have H_succ : forall z, z + Z.of_N 1 = Z.succ z by done. + move : (interval_1_compare_elim x z c). + case (interval_1_compare x (z, c)); + rewrite ?InZ_cons ?In_elementsZ_single1 ?H_succ ?Z.lt_succ_r //. { + move => ->. + rewrite elementsZ_single_succ_front /=. + tauto. + } { + move => [] // H_x_in. + split; first tauto. + move => [] // <-. + left. + by rewrite In_elementsZ_single. + } { + rewrite IH. + tauto. + } { + move => H_x_eq. + have -> : (InZ y (insert_interval_begin z (N.succ c) s') <-> + List.In y (elementsZ_single z (N.succ c)) \/ InZ y s'). { + eapply insert_interval_begin_spec. { + by apply H_inv_c'. + } { + eapply interval_list_elements_greater_impl; eauto. + apply Z_le_add_r. + } { + by apply N.neq_succ_0. + } + } + rewrite -H_x_eq elementsZ_single_succ in_app_iff /=. + tauto. + } } Qed. - Lemma addZ_isok : forall s x, isok s = true -> isok (addZ x s) = true. + Lemma addZ_invariant : forall s x, + interval_list_invariant s = true -> + interval_list_invariant (addZ x s) = true. Proof. - intros s x. - have H_add_1_neq : (forall x, x + 1 <> 0)%N. { - move => x'. - rewrite N.eq_add_0. - have : (1 <> 0)%N by done. - tauto. - } - - eapply addZ_ind with (P := (fun (x : Z) (s : t) => isok s = true -> - isok (addZ x s) = true)); clear s x. { - move => x _ //. - } { - intros x l c. - rewrite addZ_alt_def Z.compare_refl. - rewrite !isok_cons. - move => [H_inf] [H_c_neq] H_ok_l. - split; last split => //. { - suff -> : (x + Z.of_N (c + 1) = x + 1 + Z.of_N c) by done. - rewrite N2Z.inj_add /=. - ring. - } - } { - intros x l y c H_y_comp. - rewrite addZ_alt_def H_y_comp. - rewrite !isok_cons => [[H_inf] [H_c_neq] H_ok_l]. - split; last split; last split; last split; try done. - by apply Z.ltb_lt. - } { - move => y c H_y_comp _. - rewrite addZ_alt_def H_y_comp Z.compare_refl isok_cons. - done. - } { - move => l y c c' H_y_comp IH. - rewrite addZ_alt_def H_y_comp Z.compare_refl Z.eqb_refl. - rewrite !isok_cons. - move => [H_inf1] [H_c_neq] [H_inf2] [H_c'_neq] H_ok_l. - split; last split => //. { - suff -> : (y + Z.of_N (c + c' + 1) = y + Z.of_N c + 1 + Z.of_N c') by assumption. - rewrite !N2Z.inj_add /=. - ring. - } - } { - intros l y c z c'. - move => H_y_comp H_z_comp. - rewrite addZ_alt_def H_y_comp Z.compare_refl H_z_comp. - rewrite isok_cons => [] [] H_inf [] H_c_neq H_ok_l. - rewrite isok_cons. - split; last split; try done. - move : H_inf. - rewrite /inf. - move : H_z_comp => /Z.eqb_neq H_z_neq /Z.ltb_lt H_z_lt. - apply Z.ltb_lt. - - have -> : Z.of_N (c + 1) = Z.of_N c + 1. { - rewrite N2Z.inj_add //. - } - - suff : y + (Z.of_N c + 1) <= z. { - rewrite Z.lt_eq_cases. - move => [] // H_z_eq. - contradict H_z_neq. - rewrite -H_z_eq. - ring. - } - suff H_suff : (Z.pred (y + (Z.of_N c + 1)) = y + Z.of_N c). { - apply Z.lt_pred_le. - by rewrite H_suff. - } - rewrite Z.add_1_r Z.add_succ_r Z.pred_succ //. - } { - intros x l y c H_y_comp H_x_comp. - rewrite addZ_alt_def H_y_comp H_x_comp //. - } { - intros x l y c H_y_comp H_x_comp IH. - rewrite addZ_alt_def H_y_comp H_x_comp. - rewrite !isok_cons => [] [] H_inf [] H_c_neq H_ok_l. - split; last split; try done. { - suff : exists x0 c0 l0, addZ x l = (x0, c0)::l0 /\ (y+Z.of_N c < x0). { - move => [x0] [c0] [l0] [->]. - rewrite /inf. - apply Z.ltb_lt. - } - apply Z.compare_gt_iff in H_x_comp. - move : H_inf. - case l. { - exists x, 1%N, nil. - by rewrite addZ_alt_def. - } { - move => [z c'] l0 /Z.ltb_lt H_z_gt. - rewrite addZ_alt_def. - case (x + 1 ?= z); try by eauto. - case (x ?= z + Z.of_N c'); try by eauto. - case l0; try by eauto. - move => [z' c''] ?. - case (z' =? x + 1); by eauto. + move => s x. + induction s as [| [z c] s' IH]. { + move => _. + by simpl. + } { + move => /interval_list_invariant_cons [H_greater] [H_c_neq_0] + H_inv_c'. + move : (IH H_inv_c') => {} IH. + rewrite addZ_alt_def. + have H_succ : forall z, z + Z.of_N 1 = Z.succ z by done. + move : (interval_1_compare_elim x z c). + case_eq (interval_1_compare x (z, c)) => H_comp; + rewrite ?InZ_cons ?In_elementsZ_single1 ?H_succ ?Z.lt_succ_r //. { + move => H_z_gt. + rewrite interval_list_invariant_cons /= !andb_true_iff !H_succ. + repeat split => //. { + by apply Z.ltb_lt. + } { + apply negb_true_iff, N.eqb_neq => //. } } { - apply IH => //. + move => ?; subst. + rewrite /= !andb_true_iff. + repeat split => //. { + move : H_greater. + rewrite Z.add_succ_l -Z.add_succ_r N2Z.inj_succ //. + } { + apply negb_true_iff, N.eqb_neq => //. + apply N.neq_succ_0. + } + } { + move => [] // _. + rewrite interval_list_invariant_cons /=. + tauto. + } { + rewrite interval_list_invariant_cons. + move => H_lt_x. + repeat split => //. + apply interval_list_elements_greater_intro => //. + move => xx. + rewrite addZ_InZ => //. + move => [<- //|]. + apply interval_list_elements_greater_alt2_def => //. + } { + move => H_x_eq. + apply insert_interval_begin_spec => //. { + eapply interval_list_elements_greater_impl; eauto. + apply Z_le_add_r. + } { + by apply N.neq_succ_0. + } } } Qed. - - + Global Instance add_ok s x : forall `(Ok s), Ok (add x s). Proof. move => H_ok_s. @@ -1322,13 +2112,13 @@ Module Raw (Enc : ElementEncode). rewrite /Ok /IsOk /is_encoded_elems_list /add. move => [H_isok_s] H_pre. split. { - apply addZ_isok => //. + apply addZ_invariant => //. } { intros y. - move : (addZ_spec s (Enc.encode x) y H_ok_s). + move : (addZ_InZ s (Enc.encode x) y H_isok_s). rewrite /InZ => ->. move => []. { - move => ->. + move => <-. by exists x. } { move => /H_pre //. @@ -1343,264 +2133,20 @@ Module Raw (Enc : ElementEncode). intros s x y Hs. have Hs' := (add_ok s x Hs). rewrite !In_InZ. - rewrite /add addZ_spec Enc.encode_eq //. + rewrite /add addZ_InZ. { + rewrite -Enc.encode_eq /Z.eq. + firstorder. + } { + apply Hs. + } Qed. - (** *** remove specification *) - - Lemma isok_removeZ_aux_insert_guarded : forall x c s, - isok s = true -> inf (x + Z.of_N c) s = true -> - isok (removeZ_aux_insert_guarded x c s) = true. - Proof. - intros x c s. - rewrite /removeZ_aux_insert_guarded. - case_eq (c =? 0)%N => //. - move => /N.eqb_neq. - rewrite isok_cons. - tauto. - Qed. + (** *** empty specification *) - Lemma inf_removeZ_aux_insert_guarded : forall x c y s, - inf y (removeZ_aux_insert_guarded x c s) = true <-> - (if (c =? 0)%N then (inf y s = true) else (y < x)). + Global Instance empty_ok : Ok empty. Proof. - intros x c y s. - rewrite /removeZ_aux_insert_guarded. - case (c =? 0)%N => //. - rewrite /inf Z.ltb_lt //. - Qed. - - - Lemma removeZ_counter_pos_aux : forall y c x, - x < y + Z.of_N c -> - 0 <= y + Z.of_N c - Z.succ x. - Proof. - intros y c x H_x_lt. - rewrite Z.le_0_sub Z.le_succ_l. - assumption. - Qed. - - Lemma removeZ_isok : forall s x, isok s = true -> isok (removeZ x s) = true. - Proof. - intros s x. - induction s as [| [y c] s' IH]. { - rewrite removeZ_alt_def //. - } { - rewrite removeZ_alt_def. - case_eq (x //. - move => /Z.ltb_ge H_y_le_x. - case_eq (x /Z.ltb_lt H_x_lt /isok_cons [H_inf] [H_c_neq] H_ok_s'. - apply isok_removeZ_aux_insert_guarded; first apply isok_removeZ_aux_insert_guarded. { - assumption. - } { - rewrite Z2N.id; last by apply removeZ_counter_pos_aux. - rewrite add_add_sub_eq. - assumption. - } { - rewrite /removeZ_aux_insert_guarded Z2N.id; last first. { - by rewrite Z.le_0_sub. - } - rewrite add_add_sub_eq. - case (Z.to_N (y + Z.of_N c - Z.succ x) =? 0)%N. { - eapply inf_impl; eauto. - by apply Z.lt_le_incl. - } { - rewrite /inf. - apply Z.ltb_lt, Z.lt_succ_diag_r. - } - } - } { - move => /Z.ltb_ge H_yc_le_x. - rewrite !isok_cons. - move => [H_inf] [H_c_neq] H_ok_s'. - split; last split => //; last by apply IH. - move : H_inf. - case_eq s' => //. - move => [z c'] l' H_s'_eq. - rewrite removeZ_alt_def. - case (x /Z.ltb_lt H_lt_z. - rewrite inf_removeZ_aux_insert_guarded. - case (Z.to_N (x - z) =? 0)%N => //. - rewrite inf_removeZ_aux_insert_guarded. - case (Z.to_N (z + Z.of_N c' - Z.succ x) =? 0)%N. { - move : H_ok_s'. - rewrite H_s'_eq !isok_cons. - move => [H_inf] _. - eapply inf_impl; last apply H_inf. - apply Z.le_trans with (m := z). { - by apply Z.lt_le_incl. - } { - by apply Z_le_add_r. - } - } { - rewrite Z.lt_succ_r //. - } - } - } - Qed. - - - Lemma elementsZ_removeZ_aux_insert_guarded : forall x c s, - elementsZ (removeZ_aux_insert_guarded x c s) = elementsZ ((x, c) :: s). - Proof. - intros x c s. - rewrite /removeZ_aux_insert_guarded. - case_eq (c =? 0)%N => //. - move => /N.eqb_eq ->. - rewrite elementsZ_cons elementsZ_single_base /= app_nil_r //. - Qed. - - Lemma removeZ_spec : - forall (s : t) (x y : Z) (Hs : isok s = true), - InZ y (removeZ x s) <-> InZ y s /\ ~Z.eq y x. - Proof. - intros s x y Hs. - move : Hs x y. - induction s as [| [y c] s' IH] . { - move => _ x y. - rewrite /=. - firstorder. - } { - intros H_ok x y0. - rewrite removeZ_alt_def. - case_eq (x /Z.ltb_lt H_x_lt. - split; last tauto. - move => H_in. - split => // H_y0_eq. - apply (isok_inf_nin y0 ((y, c)::s')) => //. - rewrite /inf H_y0_eq. - by apply Z.ltb_lt. - } { - move => /Z.ltb_ge H_y_le. - have H_ok' : isok s' = true. { - move : H_ok. - rewrite isok_cons; tauto. - } - move : (IH H_ok') => {IH} IH. - case_eq (x /Z.ltb_lt H_x_lt /=. - rewrite /InZ elementsZ_removeZ_aux_insert_guarded !elementsZ_cons. - rewrite elementsZ_removeZ_aux_insert_guarded elementsZ_cons !in_app_iff -!in_rev. - rewrite !In_elementsZ_single !Z2N.id; last first. { - by apply removeZ_counter_pos_aux. - } { - by rewrite Z.le_0_sub. - } - rewrite !add_add_sub_eq Z.le_succ_l. - case_eq (y0 =? x). { - move => /Z.eqb_eq ->. - split; last first. { - move => [_] H_neq. - contradict H_neq => //. - } { - move => [[] |]. { - move => H_in. exfalso. - apply (isok_inf_nin x s') => //. - move : H_ok. - case s' => //. - move => [z c'] s''. - rewrite !isok_cons /inf. - move => [] /Z.ltb_lt H_lt_x' _. - apply Z.ltb_lt. - eapply Z.lt_trans; eauto. - } { - move => [] /Z.lt_irrefl //. - } { - move => [_] /Z.lt_irrefl //. - } - } - } - move => /Z.eqb_neq H_y0_neq. - split. { - move => H. - split; last by apply H_y0_neq. - move : H => [[] |]. { - by left. - } { - move => [H_x_lt'] H_y0_lt. - right; split => //. - apply Z.le_trans with (m := x) => //. - by apply Z.lt_le_incl. - } { - move => [H_y_le'] H_y0_lt. - right; split => //. - eapply Z.lt_trans; eauto. - } - } { - move => [[]]; first by tauto. - move => [H_y_le'] H_y0_lt _. - case_eq (y0 /Z.ltb_lt H_y0_lt_x. - right. done. - } { - move => /Z.ltb_ge /Z.lt_eq_cases []. { - move => H_x_lt'. - left; right. - done. - } { - move => H_x_eq. - contradict H_y0_neq => //. - } - } - } - } { - move => /Z.ltb_ge H_yc_le. - unfold InZ in IH. - rewrite /InZ !elementsZ_cons !in_app_iff !IH. - split; last tauto. - move => []; first tauto. - rewrite -!in_rev In_elementsZ_single. - move => [H_y_le'] H_y0_lt. - split; first by right. - move => H_y0_eq. - move : H_y0_lt. - apply Z.nlt_ge. - by rewrite H_y0_eq. - } - } - } - Qed. - - - Global Instance remove_ok s x : forall `(Ok s), Ok (remove x s). - Proof. - rewrite /Ok /IsOk /remove. - move => [H_is_ok_s H_enc_s]. - split. { - by apply removeZ_isok. - } { - rewrite /is_encoded_elems_list => y. - move : (removeZ_spec s (Enc.encode x) y H_is_ok_s). - rewrite /InZ => -> [] H_y_in _. - apply H_enc_s => //. - } - Qed. - - Lemma remove_spec : - forall (s : t) (x y : elt) (Hs : Ok s), - In y (remove x s) <-> In y s /\ ~Enc.E.eq y x. - Proof. - intros s x y Hs. - have H_rs := (remove_ok s x Hs). - rewrite /remove !In_InZ. - rewrite removeZ_spec. { - rewrite Enc.encode_eq //. - } { - apply Hs. - } - Qed. - - - (** *** empty specification *) - - Global Instance empty_ok : Ok empty. - Proof. - rewrite /empty Ok_nil //. + rewrite /empty Ok_nil //. Qed. Lemma empty_spec' : forall x, (In x empty <-> False). @@ -1689,148 +2235,2079 @@ Module Raw (Enc : ElementEncode). } Qed. - (** *** remove_list specification *) + (** *** union specification *) - Lemma remove_list_ok : forall l s, Ok s -> Ok (remove_list l s). + Lemma union_aux_flatten_alt_def : forall (s1 s2 : t) acc, + union_aux s1 s2 acc = + match (s1, s2) with + | (nil, _) => List.rev_append acc s2 + | (_, nil) => List.rev_append acc s1 + | ((y1, c1) :: l1, (y2, c2) :: l2) => + match (interval_compare (y1, c1) (y2,c2)) with + | ICR_before => union_aux l1 s2 ((y1, c1)::acc) + | ICR_before_touch => + union_aux l1 ( + insert_interval_begin y1 ((c1+c2)%N) l2) acc + | ICR_after => union_aux s1 l2 ((y2, c2)::acc) + | ICR_after_touch => union_aux l1 ( + insert_interval_begin y2 ((c1+c2)%N) l2) acc + | ICR_overlap_before => + union_aux l1 ( + insert_interval_begin y1 + (merge_interval_size y1 c1 y2 c2) l2) acc + | ICR_overlap_after => + union_aux l1 ( + insert_interval_begin y2 + (merge_interval_size y2 c2 y1 c1) l2) acc + | ICR_equal => union_aux l1 s2 acc + | ICR_subsume_1 => union_aux l1 s2 acc + | ICR_subsume_2 => union_aux s1 l2 acc + end + end. Proof. - induction l as [| x l' IH]. { - done. - } { - move => s H_s_ok /=. - apply IH. - by apply remove_ok. + intros s1 s2 acc. + case s1, s2 => //. + Qed. + + Lemma union_aux_alt_def : forall (s1 s2 : t) acc, + union_aux s1 s2 acc = + List.rev_append acc (union s1 s2). + Proof. + rewrite /union. + intros s1 s2 acc. + move : acc s2. + induction s1 as [| [y1 c1] l1 IH1]. { + intros acc s2. + rewrite !union_aux_flatten_alt_def. + rewrite !rev_append_rev //. } + intros acc s2; move : acc. + induction s2 as [| [y2 c2] l2 IH2]; first by simpl. + move => acc. + rewrite !(union_aux_flatten_alt_def ((y1, c1)::l1) ((y2, c2)::l2)). + case (interval_compare (y1, c1) (y2, c2)); + rewrite ?(IH1 ((y1, c1) :: acc)) ?(IH1 ((y1, c1) :: nil)) + ?(IH2 ((y2, c2) :: acc)) ?(IH2 ((y2, c2) :: nil)) + ?(IH1 acc) //. Qed. - Lemma remove_list_spec : forall x l s, Ok s -> - (In x (remove_list l s) <-> ~(InA Enc.E.eq x l) /\ In x s). + Lemma union_alt_def : forall (s1 s2 : t), + union s1 s2 = + match (s1, s2) with + | (nil, _) => s2 + | (_, nil) => s1 + | ((y1, c1) :: l1, (y2, c2) :: l2) => + match (interval_compare (y1, c1) (y2,c2)) with + | ICR_before => (y1, c1) :: (union l1 s2) + | ICR_before_touch => + union l1 (insert_interval_begin y1 ((c1+c2)%N) l2) + | ICR_after => (y2, c2) :: union s1 l2 + | ICR_after_touch => union l1 + (insert_interval_begin y2 ((c1+c2)%N) l2) + | ICR_overlap_before => + union l1 (insert_interval_begin y1 (merge_interval_size y1 c1 y2 c2) l2) + | ICR_overlap_after => + union l1 (insert_interval_begin y2 (merge_interval_size y2 c2 y1 c1) l2) + | ICR_equal => union l1 s2 + | ICR_subsume_1 => union l1 s2 + | ICR_subsume_2 => union s1 l2 + end + end. Proof. - move => x. - induction l as [| y l' IH]. { - intros s H. - rewrite /= InA_nil. + intros s1 s2. + rewrite /union union_aux_flatten_alt_def. + case s1 as [| [y1 c1] l1] => //. + case s2 as [| [y2 c2] l2] => //. + case (interval_compare (y1, c1) (y2, c2)); + rewrite union_aux_alt_def //. + Qed. + + Lemma union_InZ : + forall (s1 s2 : t), + interval_list_invariant s1 = true -> + interval_list_invariant s2 = true -> + forall y, (InZ y (union s1 s2) <-> InZ y s1 \/ InZ y s2). + Proof. + intro s1. + induction s1 as [| [y1 c1] l1 IH1]. { + intros s2 _ _ y. + rewrite union_alt_def /InZ /=. tauto. } { - move => s H_ok /=. - rewrite IH remove_spec InA_cons. - tauto. + induction s2 as [| [y2 c2] l2 IH2]. { + intros _ _ y. + rewrite union_alt_def /InZ /=. + tauto. + } { + move => H_inv_s1 H_inv_s2. + move : (H_inv_s1) (H_inv_s2). + rewrite !interval_list_invariant_cons. + move => [H_gr_l1] [H_c1_neq_0] H_inv_l1. + move => [H_gr_l2] [H_c2_neq_0] H_inv_l2. + move : (IH2 H_inv_s1 H_inv_l2) => {} IH2. + have : forall s2 : t, + interval_list_invariant s2 = true -> + forall y : Z, InZ y (union l1 s2) <-> InZ y l1 \/ InZ y s2. { + intros. by apply IH1. + } + move => {} IH1 y. + rewrite union_alt_def. + move : (interval_compare_elim y1 c1 y2 c2). + case (interval_compare (y1, c1) (y2, c2)). { + rewrite !InZ_cons IH1 // InZ_cons. + tauto. + } { + move => H_y2_eq. + replace (c1 + c2)%N with (merge_interval_size y1 c1 y2 c2); + last first. { + rewrite -H_y2_eq merge_interval_size_add //. + } + set c'' := merge_interval_size y1 c1 y2 c2. + have [H_inv_insert H_InZ_insert] : + interval_list_invariant (insert_interval_begin y1 c'' l2) = true /\ + (InZ y (insert_interval_begin y1 c'' l2) <-> + List.In y (elementsZ_single y1 c'') \/ InZ y l2). { + apply insert_interval_begin_spec => //. { + eapply interval_list_elements_greater_impl; eauto. + rewrite -H_y2_eq -Z.add_assoc -N2Z.inj_add. + apply Z_le_add_r. + } { + by apply merge_interval_size_neq_0. + } + } + + rewrite IH1 => //. + rewrite H_InZ_insert !InZ_cons /c''. + rewrite -H_y2_eq In_merge_interval. { + tauto. + } { + apply Z_le_add_r. + } { + by apply Z.le_refl. + } + } { + move => [H_y1_lt] [H_y2_lt] H_y1_c1_lt. + set c'' := merge_interval_size y1 c1 y2 c2. + have [H_inv_insert H_InZ_insert] : + interval_list_invariant (insert_interval_begin y1 c'' l2) = true /\ + (InZ y (insert_interval_begin y1 c'' l2) <-> + List.In y (elementsZ_single y1 c'') \/ InZ y l2). { + apply insert_interval_begin_spec => //. { + eapply interval_list_elements_greater_impl; eauto. + apply Z_lt_le_add_r => //. + } { + by apply merge_interval_size_neq_0. + } + } + rewrite IH1 => //. + rewrite H_InZ_insert !InZ_cons /c''. + rewrite In_merge_interval. { + tauto. + } { + by apply Z.lt_le_incl. + } { + by apply Z.lt_le_incl. + } + } { + move => [H_y2_lt] [H_y1_lt] H_y2_c_lt. + set c'' := merge_interval_size y2 c2 y1 c1. + have [H_inv_insert H_InZ_insert] : + interval_list_invariant (insert_interval_begin y2 c'' l2) = true /\ + (InZ y (insert_interval_begin y2 c'' l2) <-> + List.In y (elementsZ_single y2 c'') \/ InZ y l2). { + apply insert_interval_begin_spec => //. { + eapply interval_list_elements_greater_impl; eauto. + apply Z_le_add_r. + } { + by apply merge_interval_size_neq_0. + } + } + + rewrite IH1 => //. + rewrite H_InZ_insert !InZ_cons /c''. + rewrite In_merge_interval. { + tauto. + } { + by apply Z.lt_le_incl. + } { + by apply Z.lt_le_incl. + } + } { + move => [? ?]; subst. + rewrite IH1 => //. + rewrite !InZ_cons. + tauto. + } { + move => [H_y2_le] [H_y1_c1_le] _. + rewrite IH1 => //. + rewrite !InZ_cons. + suff : (List.In y (elementsZ_single y1 c1) -> + List.In y (elementsZ_single y2 c2)). { + tauto. + } + rewrite !In_elementsZ_single. + move => [H_y1_le H_y_lt]. + split; lia. + } { + move => [H_y1_le] [H_y2_c2_le] _. + rewrite IH2. + rewrite !InZ_cons. + suff : (List.In y (elementsZ_single y2 c2) -> + List.In y (elementsZ_single y1 c1)). { + tauto. + } + rewrite !In_elementsZ_single. + move => [H_y2_le H_y_lt]. + split; lia. + } { + rewrite !InZ_cons IH2 !InZ_cons. + tauto. + } { + move => H_y1_eq. + replace (c1 + c2)%N with (merge_interval_size y2 c2 y1 c1); + last first. { + rewrite -H_y1_eq merge_interval_size_add N.add_comm //. + } + set c'' := merge_interval_size y2 c2 y1 c1. + have [H_inv_insert H_InZ_insert] : + interval_list_invariant (insert_interval_begin y2 c'' l2) = true /\ + (InZ y (insert_interval_begin y2 c'' l2) <-> + List.In y (elementsZ_single y2 c'') \/ InZ y l2). { + apply insert_interval_begin_spec => //. { + eapply interval_list_elements_greater_impl; eauto. + apply Z_le_add_r. + } { + by apply merge_interval_size_neq_0. + } + } + + rewrite IH1 => //. + rewrite H_InZ_insert !InZ_cons /c''. + rewrite -H_y1_eq In_merge_interval. { + tauto. + } { + apply Z_le_add_r. + } { + by apply Z.le_refl. + } + } + } } Qed. - (** *** union specification *) + Lemma union_invariant : + forall (s1 s2 : t), + interval_list_invariant s1 = true -> + interval_list_invariant s2 = true -> + interval_list_invariant (union s1 s2) = true. + Proof. + intro s1. + induction s1 as [| [y1 c1] l1 IH1]. { + intros s2 _ H_inv_s2. + rewrite union_alt_def /InZ //. + } { + induction s2 as [| [y2 c2] l2 IH2]. { + intros H_inv_s1 _. + rewrite union_alt_def /InZ //. + } { + move => H_inv_s1 H_inv_s2. + move : (H_inv_s1) (H_inv_s2). + rewrite !interval_list_invariant_cons. + move => [H_gr_l1] [H_c1_neq_0] H_inv_l1. + move => [H_gr_l2] [H_c2_neq_0] H_inv_l2. + move : (IH2 H_inv_s1 H_inv_l2) => {} IH2. + have : forall s2 : t, + interval_list_invariant s2 = true -> + interval_list_invariant (union l1 s2) = true. { + intros. by apply IH1. + } + move => {} IH1. + + rewrite union_alt_def. + move : (interval_compare_elim y1 c1 y2 c2). + case (interval_compare (y1, c1) (y2, c2)). { + move => H_lt_y2. + have H_inv' : interval_list_invariant (union l1 ((y2, c2) :: l2)) = true. { + by apply IH1. + } + + rewrite interval_list_invariant_cons. + repeat split => //. + apply interval_list_elements_greater_intro => // x. + rewrite union_InZ => //. + move => []. { + apply interval_list_elements_greater_alt2_def => //. + } { + apply interval_list_elements_greater_alt2_def => //. + rewrite interval_list_elements_greater_cons //. + } + } { + move => H_y2_eq. + apply IH1. + apply insert_interval_begin_spec => //. { + eapply interval_list_elements_greater_impl; last apply H_gr_l2. + rewrite -H_y2_eq -Z.add_assoc -N2Z.inj_add. + apply Z_le_add_r. + } { + rewrite N.eq_add_0. + tauto. + } + } { + move => [H_y1_lt] _. + apply IH1. + apply insert_interval_begin_spec => //. { + eapply interval_list_elements_greater_impl; last apply H_gr_l2. + apply Z_lt_le_add_r => //. + } { + apply merge_interval_size_neq_0 => //. + } + } { + move => [H_y2_lt] _. + apply IH1. + apply insert_interval_begin_spec => //. { + eapply interval_list_elements_greater_impl; last apply H_gr_l2. + apply Z_le_add_r => //. + } { + apply merge_interval_size_neq_0 => //. + } + } { + move => [? ?]; subst. + apply IH1 => //. + } { + move => _. + apply IH1 => //. + } { + move => _. + apply IH2 => //. + } { + move => H_lt_y1. + rewrite interval_list_invariant_cons => //. + repeat split => //. + apply interval_list_elements_greater_intro => // x. + rewrite union_InZ => //. + move => []. { + apply interval_list_elements_greater_alt2_def => //. + rewrite interval_list_elements_greater_cons //. + } { + apply interval_list_elements_greater_alt2_def => //. + } + } { + move => H_y1_eq. + apply IH1 => //. + apply insert_interval_begin_spec => //. { + eapply interval_list_elements_greater_impl; last apply H_gr_l2. + apply Z_le_add_r. + } { + rewrite N.eq_add_0. + tauto. + } + } + } + } + Qed. - Global Instance union_ok s s' : forall `(Ok s, Ok s'), Ok (union s s'). + + Global Instance union_ok s1 s2 : forall `(Ok s1, Ok s2), Ok (union s1 s2). Proof. - move => H_ok H_ok'. - rewrite /union. - by apply add_list_ok. + move => H_ok_s1 H_ok_s2. + move : (H_ok_s1) (H_ok_s2). + rewrite /Ok /IsOk /is_encoded_elems_list /add. + move => [H_inv_s1] H_pre1. + move => [H_inv_s2] H_pre2. + split. { + apply union_invariant => //. + } { + intros y. + move : (union_InZ s1 s2 H_inv_s1 H_inv_s2). + rewrite /InZ => ->. + move => []. { + apply H_pre1. + } { + apply H_pre2. + } + } Qed. - + Lemma union_spec : forall (s s' : t) (x : elt) (Hs : Ok s) (Hs' : Ok s'), In x (union s s') <-> In x s \/ In x s'. Proof. intros s s' x H_ok H_ok'. - rewrite /union add_list_spec //. + rewrite !In_InZ. + rewrite union_InZ => //. { + apply H_ok. + } { + apply H_ok'. + } Qed. - (** *** filter specification *) - - Global Instance filter_ok s f : forall `(Ok s), Ok (filter f s). - Proof. - move => _. - rewrite /filter /from_elements. - apply add_list_ok, empty_ok. - Qed. - - Lemma filter_spec : - forall (s : t) (x : elt) (f : elt -> bool), - Proper (Enc.E.eq==>eq) f -> - (In x (filter f s) <-> In x s /\ f x = true). + (** *** inter specification *) + + Lemma inter_aux_alt_def : + forall (y2 : Z) (c2 : N) (s : t) acc, + inter_aux y2 c2 acc s = match inter_aux y2 c2 nil s with + (acc', s') => (acc' ++ acc, s') + end. Proof. - move => s x f H_prop. - rewrite /filter /from_elements add_list_spec empty_spec' /In !InA_alt. - setoid_rewrite filter_In. - split. { - move => [] //. - move => [y] [H_y_eq] [H_y_in] H_fy. - split; first by exists y. - rewrite -H_fy. - by f_equiv. + intros y2 c2. + induction s as [| [y1 c1] s' IH] => acc. { + rewrite /inter_aux app_nil_l //. } { - move => [] [y] [H_y_eq] H_y_in H_fx. - left. - exists y. - split; last split; try assumption. - apply Logic.eq_sym. - rewrite -H_fx. - by f_equiv. + simpl. + case_eq (inter_aux y2 c2 nil s') => acc'' s'' H_eq. + case (interval_compare (y1, c1) (y2, c2)); + rewrite ?(IH acc) + ?(IH ((y2, Z.to_N (y1 + Z.of_N c1 - y2)) :: acc)) + ?(IH ((y2, Z.to_N (y1 + Z.of_N c1 - y2)) :: nil)) + ?(IH ((y1, Z.to_N (y2 + Z.of_N c2 - y1)) :: acc)) + ?(IH ((y1, Z.to_N (y2 + Z.of_N c2 - y1)) :: nil)) + ?(IH ((y1, c1) :: acc)) + ?(IH ((y1, c1) :: nil)) + + ?H_eq -?app_assoc -?app_comm_cons //. } Qed. + Lemma inter_aux_props : + forall (y2 : Z) (c2 : N) (s : t) acc, + interval_list_invariant (rev acc) = true -> + interval_list_invariant s = true -> + (forall x1 x2, InZ x1 acc -> InZ x2 s -> + List.In x2 (elementsZ_single y2 c2) -> + Z.succ x1 < x2) -> + (c2 <> 0%N) -> + match (inter_aux y2 c2 acc s) with (acc', s') => + (forall y, (InZ y acc' <-> + (InZ y acc \/ (InZ y s /\ (List.In y (elementsZ_single y2 c2)))))) /\ + (forall y, InZ y s' -> InZ y s) /\ + (forall y, InZ y s -> y2 + Z.of_N c2 < y -> InZ y s') /\ + interval_list_invariant (rev acc') = true /\ + interval_list_invariant s' = true + end. + Proof. + intros y2 c2. + induction s as [| [y1 c1] s1' IH] => acc. { + rewrite /inter_aux. + move => H_inv_acc _ _ _. + split; last split; try done. + move => y. rewrite InZ_nil. + tauto. + } { + rewrite interval_list_invariant_cons. + move => H_inv_acc [H_gr_s1'] [H_c1_neq_0] H_inv_s1'. + move => H_in_acc_lt H_c2_neq_0. + + rewrite inter_aux_alt_def. + case_eq (inter_aux y2 c2 nil ((y1, c1) :: s1')). + move => acc' s' H_inter_aux_eq. + + set P1 := forall y : Z, + (InZ y acc' <-> + ((InZ y ((y1, c1) :: s1') /\ List.In y (elementsZ_single y2 c2)))). + set P2 := (forall y, + (InZ y s' -> InZ y ((y1, c1) :: s1')) /\ + (InZ y ((y1, c1) :: s1') -> + y2 + Z.of_N c2 < y -> InZ y s')). + set P3 := interval_list_invariant (rev acc') = true. + set P4 := interval_list_invariant s' = true. + + suff : (P1 /\ P2 /\ P3 /\ P4). { + move => [H_P1] [H_P2] [H_P3] H_P4. + split; last split; last split; last split. { + move => y. + move : (H_P1 y). + rewrite !InZ_app InZ_cons !In_elementsZ_single. + move => <-. + tauto. + } { + move => y H_y_in. + by apply H_P2. + } { + move => y H_y_in. + by apply H_P2. + } { + rewrite rev_app_distr. + apply interval_list_invariant_app_intro => //. + move => x1 x2. + rewrite !InZ_rev. + move => H_x1_in /H_P1 [H_x2_in1] H_x2_in2. + apply H_in_acc_lt => //. + } { + apply H_P4. + } + } + + move : (H_gr_s1'). + rewrite interval_list_elements_greater_alt2_def => // => H_gr_s1'_alt. + + have : forall (acc : list (Z * N)), + interval_list_invariant (rev acc) = true -> + (forall y, InZ y acc <-> ( + y1 <= y < y1 + Z.of_N c1 /\ + y2 <= y < y2 + Z.of_N c2)) -> + (y1 + Z.of_N c1 <= y2 + Z.of_N c2) -> + (inter_aux y2 c2 acc s1' = (acc', s')) -> + P1 /\ P2 /\ P3 /\ P4. { + + intros acc0 H_inv_acc0 H_in_acc0 H_y2c_lt H_inter_aux_eq0. + have H_in_acc0_lt : (forall x1 x2 : Z, + InZ x1 acc0 -> + InZ x2 s1' -> + List.In x2 (elementsZ_single y2 c2) -> + Z.succ x1 < x2). { + + intros x1 x2 H_x1_in_acc0 H_x2_in_s1' H_x2_in_yc2. + + suff H_yc1_lt_x2 : Z.succ x1 <= y1 + Z.of_N c1. { + apply Z.le_lt_trans with (m := y1 + Z.of_N c1) => //. + by apply H_gr_s1'_alt. + } + move : (H_x1_in_acc0). + rewrite H_in_acc0 Z.le_succ_l. + tauto. + } + + move : (IH acc0 H_inv_acc0 H_inv_s1' H_in_acc0_lt H_c2_neq_0). + rewrite H_inter_aux_eq0. + move => [H1] [H2] [H3] [H4] H5. + split; last split => //. { + move => y. + rewrite (H1 y). + rewrite InZ_cons !In_elementsZ_single + H_in_acc0. + tauto. + } { + move => y. + split. { + move => /H2. + rewrite InZ_cons. + by right. + } { + rewrite InZ_cons In_elementsZ_single. + move => []. { + move => [_] H_y_lt H_lt_y. + exfalso. + suff : (y < y) by apply Z.lt_irrefl. + apply Z.lt_le_trans with (m := y1 + Z.of_N c1) => //. + apply Z.le_trans with (m := y2 + Z.of_N c2) => //. + + by apply Z.lt_le_incl. + } { + apply H3. + } + } + } + } + move => {} IH. + + clear H_inv_acc H_in_acc_lt acc. + move : (interval_compare_elim y1 c1 y2 c2) H_inter_aux_eq. + unfold inter_aux. + case_eq (interval_compare (y1, c1) (y2, c2)) => H_comp; + fold inter_aux. { + move => H_lt_y2. + apply IH. { + done. + } { + move => x. + rewrite InZ_nil. + split => //. + lia. + } { + apply Z.le_trans with (m := y2). { + by apply Z.lt_le_incl. + } { + apply Z_le_add_r. + } + } + } { + move => H_eq_y2. + apply IH. { + done. + } { + move => x. + rewrite InZ_nil. + split => //. + lia. + } { + rewrite H_eq_y2. + apply Z_le_add_r. + } + } { + move => [H_y1_lt_y2] [H_y2_lt_yc1] H_yc1_lt_yc2. + apply IH. { + rewrite interval_list_invariant_sing. + by apply Z_to_N_minus_neq_0. + } { + move => x. + rewrite InZ_cons InZ_nil In_elementsZ_single Z2N.id; last lia. + replace (y1 + (y2 - y1)) with y2 by lia. + split; lia. + } { + by apply Z.lt_le_incl. + } + } { + rewrite /P1 /P2 /P3 /P4. + move => [H_y2_lt] [H_y1_lt] H_yc1_lt. + move => [] H_acc' H_s'. + clear IH P1 P2 P3 P4 H_comp. + subst s' acc'. + split; last split; last split. { + move => y. + have H_yc2_intro : y1 + Z.of_N (Z.to_N (y2 + Z.of_N c2 - y1)) = + y2 + Z.of_N c2. { + rewrite Z2N.id; lia. + } + + rewrite !InZ_cons !In_elementsZ_single InZ_nil H_yc2_intro. + split. { + move => [] //. + move => [H_y1_le] H_y_lt. + split; last by lia. + left. lia. + } { + move => [H_in_s] [H_y2_le] H_y_lt. + left. + split; last assumption. + move : H_in_s => []. { + tauto. + } { + move => /H_gr_s1'_alt H_lt_y. + apply Z.le_trans with (m := y1 + Z.of_N c1). { + by apply Z_le_add_r. + } { + by apply Z.lt_le_incl. + } + } + } + } { + move => y. + split; done. + } { + rewrite interval_list_invariant_sing. + by apply Z_to_N_minus_neq_0. + } { + by rewrite interval_list_invariant_cons. + } + } { + rewrite /P1 /P2 /P3 /P4. + move => [H_y12_eq] H_c12_eq [] H_acc' H_s'. + clear IH P1 P2 P3 P4 H_comp. + subst. + split; last split; last split. { + move => y. + rewrite !InZ_cons InZ_nil In_elementsZ_single. + split; last by tauto. { + move => [] //. + tauto. + } + } { + move => y. + rewrite InZ_cons In_elementsZ_single. + split; first by right. + move => [] //. + move => [_] H_y_lt H_lt_y. + exfalso. + suff : (y2 + Z.of_N c2 < y2 + Z.of_N c2) by + apply Z.lt_irrefl. + apply Z.lt_trans with (m := y) => //. + } { + rewrite interval_list_invariant_sing //. + } { + assumption. + } + } { + move => [H_y2_le_y1] [H_yc1_le_yc2] _. + apply IH. { + by rewrite interval_list_invariant_sing. + } { + move => y. + rewrite InZ_cons InZ_nil In_elementsZ_single. + split. { + move => [] //. + move => [H_y1_le] H_y_lt. + split; first done. + split; lia. + } { + move => [?] _. + by left. + } + } { + assumption. + } + } { + rewrite /P1 /P2 /P3 /P4. + move => [H_y1_le] [H_yc2_le] _. + move => [] H_acc' H_s'. + clear IH P1 P2 P3 P4 H_comp. + subst. + split; last split; last split. { + move => y. + rewrite !InZ_cons !In_elementsZ_single InZ_nil. + split. { + move => [] //. + move => [H_y2_le] H_y_lt. + split; last by lia. + left. lia. + } { + move => [H_in_s] [H_y2_le] H_y_lt. + by left. + } + } { + tauto. + } { + by rewrite interval_list_invariant_sing. + } { + by rewrite interval_list_invariant_cons. + } + } { + rewrite /P1 /P2 /P3 /P4. + move => H_yc2_lt [] H_acc' H_s'. + clear IH P1 P2 P3 P4 H_comp. + subst. + split; last split; last split. { + move => y. + rewrite InZ_cons !In_elementsZ_single InZ_nil. + split; first done. + move => [] []. { + move => [H_y1_le_y] H_y_lt_yc1. + move => [H_y2_le_y] H_y_lt_yc2. + lia. + } { + move => /H_gr_s1'_alt H_lt_y [_] H_y_lt. + suff : (y1 + Z.of_N c1 < y1). { + apply Z.nlt_ge. + apply Z_le_add_r. + } + lia. + } + } { + tauto. + } { + done. + } { + by rewrite interval_list_invariant_cons. + } + } { + rewrite /P1 /P2 /P3 /P4. + move => H_y1_eq [] H_acc' H_s'. + clear IH P1 P2 P3 P4 H_comp. + subst acc' s'. + split; last split; last split. { + move => y. + rewrite InZ_cons !In_elementsZ_single InZ_nil. + split; first done. + move => [] []. { + move => [H_y1_le_y] H_y_lt_yc1. + move => [H_y2_le_y] H_y_lt_yc2. + lia. + } { + move => /H_gr_s1'_alt H_lt_y [_] H_y_lt. + suff : (y1 + Z.of_N c1 < y1). { + apply Z.nlt_ge. + apply Z_le_add_r. + } + lia. + } + } { + tauto. + } { + done. + } { + by rewrite interval_list_invariant_cons. + } + } + } + Qed. - (** *** inter specification *) - - Global Instance inter_ok s s' : forall `(Ok s, Ok s'), Ok (inter s s'). + Lemma inter_aux2_props : + forall (s2 s1 acc : t), + interval_list_invariant (rev acc) = true -> + interval_list_invariant s1 = true -> + interval_list_invariant s2 = true -> + (forall x1 x2, InZ x1 acc -> InZ x2 s1 -> InZ x2 s2 -> Z.succ x1 < x2) -> + ((forall y, (InZ y (inter_aux2 acc s1 s2) <-> + (InZ y acc) \/ ((InZ y s1) /\ InZ y s2))) /\ + (interval_list_invariant (inter_aux2 acc s1 s2) = true)). Proof. - intros H_ok H_ok'. + induction s2 as [| [y2 c2] s2' IH]. { + move => s1 acc. + move => H_inv_acc _ _ _. + unfold inter_aux2. + replace (match s1 with + | nil => rev' acc + | _ :: _ => rev' acc + end) with (rev' acc); last by case s1. + rewrite /rev' rev_append_rev app_nil_r. + split; last done. + move => y. + rewrite InZ_nil InZ_rev. + tauto. + } { + intros s1 acc H_inv_acc H_inv_s1. + rewrite interval_list_invariant_cons. + move => [H_gr_s2'] [H_c2_neq_0] H_inv_s2'. + move => H_acc_s12. + + move : H_gr_s2'. + rewrite interval_list_elements_greater_alt2_def //. + move => H_gr_s2'. + + rewrite /inter_aux2; fold inter_aux2. + case_eq s1. { + move => H_s1_eq. + split. { + move => y. + rewrite /rev' rev_append_rev app_nil_r InZ_nil + InZ_rev. + tauto. + } { + rewrite /rev' rev_append_rev app_nil_r //. + } + } { + move => [_ _] _ <-. + case_eq (inter_aux y2 c2 acc s1). + move => acc' s1' H_inter_aux_eq. + + have H_acc_s1_yc2 : forall x1 x2 : Z, + InZ x1 acc -> + InZ x2 s1 -> + List.In x2 (elementsZ_single y2 c2) -> + Z.succ x1 < x2. { + intros x1 x2 H_x1_in H_x2_in1 H_x2_in2. + apply H_acc_s12 => //. + rewrite InZ_cons; by left. + } + + move : (inter_aux_props y2 c2 s1 acc H_inv_acc H_inv_s1 H_acc_s1_yc2 H_c2_neq_0). + rewrite H_inter_aux_eq. + move => [H_in_acc'] [H_in_s1'_elim] [H_in_s1'_intro] + [H_inv_acc'] H_inv_s1'. + + have H_in_acc'_s2' : forall x1 x2 : Z, + InZ x1 acc' -> InZ x2 s1' -> InZ x2 s2' -> Z.succ x1 < x2. { + move => x1 x2 /H_in_acc'. + move => []. { + move => H_in_acc H_in_s1' H_in_s2'. + apply H_acc_s12 => //. { + by apply H_in_s1'_elim. + } { + rewrite InZ_cons; by right. + } + } { + rewrite In_elementsZ_single. + move => [H_in_s1] [_] H_x1_lt _. + move => /H_gr_s2' H_lt_x2. + apply Z.le_lt_trans with (m := y2 + Z.of_N c2) => //. + by apply Z.le_succ_l. + } + } + + move : (IH s1' acc' H_inv_acc' H_inv_s1' H_inv_s2' H_in_acc'_s2'). + move => [H_inZ_res] H_inv_res. + split; last assumption. + move => y. + rewrite H_inZ_res H_in_acc' InZ_cons + In_elementsZ_single. + split. { + move => []; first by tauto. + move => [H_y_in_s1' H_y_in_s2']. + right. + split; last by right. + by apply H_in_s1'_elim. + } { + move => []. { + move => H_y_in_acc. + by left; left. + } { + move => [H_y_in_s1]. + move => []. { + move => H_in_yc2. + by left; right. + } { + right. + split; last assumption. + apply H_in_s1'_intro => //. + by apply H_gr_s2'. + } + } + } + } + } + Qed. + + Lemma inter_InZ : + forall (s1 s2 : t), + interval_list_invariant s1 = true -> + interval_list_invariant s2 = true -> + forall y, (InZ y (inter s1 s2) <-> InZ y s1 /\ InZ y s2). + Proof. + intros s1 s2 H_inv_s1 H_inv_s2 y. rewrite /inter. - by apply filter_ok. + + move : (inter_aux2_props s2 s1 nil). + move => [] //. + move => H_in_inter _. + rewrite H_in_inter InZ_nil. + tauto. + Qed. + + Lemma inter_invariant : + forall (s1 s2 : t), + interval_list_invariant s1 = true -> + interval_list_invariant s2 = true -> + interval_list_invariant (inter s1 s2) = true. + Proof. + intros s1 s2 H_inv_s1 H_inv_s2. + rewrite /inter. + + move : (inter_aux2_props s2 s1 nil). + move => [] //. + Qed. + + + Global Instance inter_ok s1 s2 : forall `(Ok s1, Ok s2), Ok (inter s1 s2). + Proof. + move => H_ok_s1 H_ok_s2. + move : (H_ok_s1) (H_ok_s2). + rewrite /Ok /IsOk /is_encoded_elems_list /add. + move => [H_inv_s1] H_pre1. + move => [H_inv_s2] H_pre2. + split. { + apply inter_invariant => //. + } { + intros y. + move : (inter_InZ s1 s2 H_inv_s1 H_inv_s2). + rewrite /InZ => ->. + move => []. + move => /H_pre1 //. + } + Qed. + + Lemma inter_spec : + forall (s s' : t) (x : elt) (Hs : Ok s) (Hs' : Ok s'), + In x (inter s s') <-> In x s /\ In x s'. + Proof. + intros s s' x H_ok H_ok'. + rewrite !In_InZ. + rewrite inter_InZ => //. { + apply H_ok. + } { + apply H_ok'. + } + Qed. + + + (** *** diff specification *) + + Lemma diff_aux_alt_def : + forall (y2 : Z) (c2 : N) (s : t) acc, + diff_aux y2 c2 acc s = match diff_aux y2 c2 nil s with + (acc', s') => (acc' ++ acc, s') + end. + Proof. + intros y2 c2. + induction s as [| [y1 c1] acc' IH] => acc. { + rewrite /diff_aux app_nil_l //. + } { + simpl. + case_eq (diff_aux y2 c2 nil acc') => acc'' s'' H_eq. + case (interval_compare (y1, c1) (y2, c2)); + rewrite ?(IH ((y1, c1)::acc)) ?(IH ((y1, c1)::nil)) + ?(IH acc) ?(IH ((y1, Z.to_N (y2 - y1)) :: acc)) + ?(IH ((y1, Z.to_N (y2 - y1)) :: nil)) ?H_eq; + rewrite ?insert_intervalZ_guarded_app -?app_assoc -?app_comm_cons //. + } + Qed. + + + Lemma diff_aux_props : + forall (y2 : Z) (c2 : N) (s : t) acc, + interval_list_invariant (List.rev acc) = true -> + interval_list_invariant s = true -> + (forall x1 x2, InZ x1 acc -> InZ x2 s -> Z.succ x1 < x2) -> + (forall x, InZ x acc -> x < y2) -> + (c2 <> 0%N) -> + match (diff_aux y2 c2 acc s) with + (acc', s') => (forall y, InZ y (List.rev_append acc' s') <-> + InZ y (List.rev_append acc s) /\ ~(List.In y (elementsZ_single y2 c2))) /\ + (interval_list_invariant (List.rev_append acc' s') = true) /\ + (forall x, InZ x acc' -> x < y2 + Z.of_N c2) + end. + Proof. + intros y2 c2. + induction s as [| [y1 c1] s1' IH] => acc. { + rewrite /diff_aux -rev_alt. + move => H_inv_acc _ _ H_in_acc H_c2_neq. + split; last split. { + move => y; split; last by move => [] //. + rewrite InZ_rev. + move => H_in. split => //. + move => /In_elementsZ_single => [] [] /Z.nlt_ge H_neq. + contradict H_neq. + by apply H_in_acc. + } { + assumption. + } { + intros x H_in_acc'. + apply Z.lt_le_trans with (m := y2). { + by apply H_in_acc. + } { + by apply Z_le_add_r. + } + } + } { + rewrite interval_list_invariant_cons. + move => H_inv_acc [H_gr_s1'] [H_c1_neq_0] H_inv_s1'. + move => H_in_s1 H_in_acc H_c2_neq_0. + + rewrite diff_aux_alt_def. + case_eq (diff_aux y2 c2 nil ((y1, c1) :: s1')). + move => acc' s' H_diff_aux_eq. + + set P1 := forall y : Z, + (InZ y acc' \/ InZ y s') <-> + InZ y ((y1, c1) :: s1') /\ ~ List.In y (elementsZ_single y2 c2). + set P2 := interval_list_invariant (rev acc' ++ s') = true. + set P3 := forall x : Z, InZ x acc' -> (x < y2 + Z.of_N c2). + + suff : (P1 /\ P2 /\ P3). { + move => [H_P1] [H_P2] H_P3. + split; last split. { + move => y. + move : (H_P1 y). + rewrite !rev_append_rev rev_app_distr !InZ_app + !InZ_rev In_elementsZ_single. + suff : (InZ y acc -> ~ y2 <= y < y2 + Z.of_N c2). { + tauto. + } + move => /H_in_acc H_y_lt [H_y_ge] _. + contradict H_y_ge. + by apply Zlt_not_le. + } { + rewrite rev_append_rev rev_app_distr -app_assoc. + apply interval_list_invariant_app_intro => //. + move => x1 x2. + rewrite InZ_app !InZ_rev. + move => H_in_acc' H_x2_in_s'. + suff : (InZ x2 ((y1, c1)::s1')). { + by apply H_in_s1. + } + move : (H_P1 x2). + tauto. + } { + move => x. + rewrite InZ_app. + move => []. { + apply H_P3. + } { + move => /H_in_acc H_x_lt. + eapply Z.lt_trans; eauto. + by apply Z_lt_add_r. + } + } + } + + move : (H_gr_s1'). + rewrite interval_list_elements_greater_alt2_def => // => H_gr_s1'_alt. + + have : forall (acc : list (Z * N)), + interval_list_invariant (rev acc) = true -> + (forall x : Z, + InZ x acc <-> + ((y1 <= x < y1 + Z.of_N c1) /\ (x < y2))) -> + (y1 + Z.of_N c1 <= y2 + Z.of_N c2) -> + (diff_aux y2 c2 acc s1' = (acc', s')) -> + P1 /\ P2 /\ P3. { + + intros acc0 H_inv_acc0 H_in_acc0 H_c1_before H_diff_aux_eq0. + have H_in_s1' : (forall x1 x2 : Z, + InZ x1 acc0 -> InZ x2 s1' -> Z.succ x1 < x2). { + intros x1 x2 H_x1_in_acc0. + move => /H_gr_s1'_alt. + + eapply Z.le_lt_trans. + move : H_x1_in_acc0. + rewrite Z.le_succ_l H_in_acc0. + tauto. + } + have H_in_acc0' : (forall x : Z, InZ x acc0 -> x < y2). { + move => x. + rewrite H_in_acc0. + move => [_] //. + } + move : (IH acc0 H_inv_acc0 H_inv_s1' H_in_s1' H_in_acc0' H_c2_neq_0). + rewrite H_diff_aux_eq0 !rev_append_rev. + move => [H1] [H2] H3. + split; last split => //. { + move => y. + move : (H1 y). + rewrite !InZ_app !InZ_rev In_elementsZ_single. + move => ->. + rewrite InZ_cons In_elementsZ_single. + split. { + rewrite H_in_acc0 -(Z.nle_gt y2 y). + tauto. + } { + rewrite H_in_acc0 -(Z.nle_gt y2 y). + move => [] H_in H_nin_i2. + split; last by assumption. + move : H_in => [] H_in; last by right. + left. + lia. + } + } + } + move => {} IH. + + clear H_inv_acc H_in_s1 H_in_acc acc. + move : (interval_compare_elim y1 c1 y2 c2) H_diff_aux_eq. + unfold diff_aux. + case_eq (interval_compare (y1, c1) (y2, c2)) => H_comp; + fold diff_aux. { + move => H_lt_y2. + apply IH. { + by rewrite interval_list_invariant_sing. + } { + move => x. + rewrite InZ_cons In_elementsZ_single. + split; last by tauto. + move => []; last done. + move => [H_y1_le H_x_lt]. + split; first done. + eapply Z.lt_trans; eauto. + } { + apply Z.le_trans with (m := y2). + - by apply Z.lt_le_incl. + - by apply Z_le_add_r. + } + } { + move => H_eq_y2. + apply IH. { + by rewrite interval_list_invariant_sing. + } { + move => x. + rewrite InZ_cons In_elementsZ_single -H_eq_y2. + split; last by tauto. + move => []; last done. + move => []. done. + } { + rewrite H_eq_y2. + by apply Z_le_add_r. + } + } { + move => [H_y1_lt_y2] [H_y2_lt_yc1] H_yc1_lt_yc2. + apply IH. { + rewrite interval_list_invariant_sing. + by apply Z_to_N_minus_neq_0. + } { + move => x. + rewrite InZ_cons In_elementsZ_single Z2N.id; last lia. + replace (y1 + (y2 - y1)) with y2 by lia. + split; last tauto. + move => [] //. + move => [H_y1_le] H_x_lt. + repeat split => //. + apply Z.lt_trans with (m := y2) => //. + } { + by apply Z.lt_le_incl. + } + } { + rewrite /P1 /P2 /P3. + move => [H_y2_lt] [H_y1_lt] H_yc1_lt [H_acc'] H_s'. + clear IH P1 P2 P3 H_comp. + subst. + have H_yc1_intro : y2 + Z.of_N c2 + Z.of_N (Z.to_N (y1 + Z.of_N c1 - (y2 + Z.of_N c2))) = y1 + Z.of_N c1. { + rewrite Z2N.id; lia. + } + have H_nin_yc2 : forall y, + InZ y s1' -> ~ y2 <= y < y2 + Z.of_N c2. { + move => y /H_gr_s1'_alt H_lt_y. + move => [H_y2_le_y]. + apply Z.le_ngt, Z.lt_le_incl. + by apply Z.lt_trans with (m := y1 + Z.of_N c1). + } + split; last split. { + move => y. + rewrite !InZ_cons !In_elementsZ_single H_yc1_intro. + split. { + move => [] //. + move => []. { + move => [H_le_y] H_y_lt. + split. { + left; lia. + } { + move => [_]. + by apply Z.nlt_ge. + } + } { + move : (H_nin_yc2 y). tauto. + } + } { + move => [] []; last by right; right. + move => [H_y_ge] H_y_lt_yc1 H_nin_yc2'. + right; left. lia. + } + } { + rewrite interval_list_invariant_cons H_yc1_intro. + split => //. + split => //. + by apply Z_to_N_minus_neq_0. + } { + move => [] //. + } + } { + rewrite /P1 /P2 /P3. + move => [H_y12_eq] H_c12_eq [] H_acc' H_s'. + clear IH P1 P2 P3 H_comp. + subst. + split; last split. { + move => y. + rewrite InZ_cons In_elementsZ_single. + split; last by tauto. { + move => [] //. + move => H_y_in. + split; first by right. + move => [] _. + by apply Z.nlt_ge, Z.lt_le_incl, H_gr_s1'_alt. + } + } { + apply H_inv_s1'. + } { + move => x [] //. + } + } { + move => [H_y2_le_y1] [H_yc1_le_yc2] _. + apply IH. { + done. + } { + move => x. + split; first done. + lia. + } { + assumption. + } + } { + rewrite /P1 /P2 /P3. + move => [H_y1_le] [H_yc2_le_yc1] _ [] H_acc' H_s'. + clear IH P1 P2 P3 H_comp. + subst. + have H_yc1_intro : y2 + Z.of_N c2 + Z.of_N (Z.to_N (y1 + Z.of_N c1 - (y2 + Z.of_N c2))) = y1 + Z.of_N c1. { + rewrite Z2N.id; lia. + } + have H_y1_intro : y1 + Z.of_N (Z.to_N (y2 - y1)) = y2. { + rewrite Z2N.id; lia. + } + split; last split. { + move => y. + rewrite !InZ_insert_intervalZ_guarded + !InZ_cons !In_elementsZ_single + H_yc1_intro H_y1_intro InZ_nil. + split. { + rewrite -!or_assoc. + move => [[[]|]|] //. { + move => [H_y1_le_y] H_y_lt. + split. { + left. + split => //. + apply Z.lt_le_trans with (m := y2 + Z.of_N c2) => //. + apply Z.lt_trans with (m := y2) => //. + by apply Z_lt_add_r. + } { + move => [] /Z.le_ngt //. + } + } { + move => [H_y2c_le_y] H_y_lt_yc1. + split. { + left. + split => //. + apply Z.le_trans with (m := y2 + Z.of_N c2) => //. + apply Z.le_trans with (m := y2) => //. + apply Z_le_add_r. + } { + move => [] _ /Z.lt_nge //. + } + } { + move => H_y_in_s1'. + split; first by right. + suff H_suff : y2 + Z.of_N c2 <= y. { + move => [] _ /Z.lt_nge //. + } + apply Z.le_trans with (m := y1 + Z.of_N c1) => //. + apply Z.lt_le_incl. + by apply H_gr_s1'_alt. + } + } { + move => [] []; last by tauto. + move => [H_y1_le_y] H_y_lt H_neq_y2. + apply not_and in H_neq_y2; last by apply Z.le_decidable. + case H_neq_y2. { + move => /Z.nle_gt H_y_lt'. + left; left; done. + } { + move => /Z.nlt_ge H_le_y. + right; left; done. + } + } + } { + rewrite insert_intervalZ_guarded_rev_nil_app. + rewrite !interval_list_invariant_insert_intervalZ_guarded => //. { + rewrite H_yc1_intro => //. + } { + rewrite /insert_intervalZ_guarded. + case_eq ((Z.to_N (y1 + Z.of_N c1 - (y2 + Z.of_N c2)) =? 0)%N). { + rewrite H_y1_intro. + move => /N.eqb_eq /N2Z.inj_iff. + rewrite Z2N.id; last first. { + by apply Z.le_0_sub. + } + move => /Zminus_eq H_yc1_eq. + eapply interval_list_elements_greater_impl; + last apply H_gr_s1'. + rewrite H_yc1_eq. + apply Z_le_add_r. + } { + move => _. + rewrite interval_list_elements_greater_cons + H_y1_intro. + by apply Z_lt_add_r. + } + } + } { + move => x. + rewrite InZ_insert_intervalZ_guarded InZ_cons In_elementsZ_single H_y1_intro InZ_nil. + move => [] //. + move => [_] H_x_lt. + apply Z.lt_le_trans with (m := y2) => //. + apply Z_le_add_r. + } + } { + rewrite /P1 /P2 /P3. + move => H_yc2_lt [] H_acc' H_s'. + clear IH P1 P2 P3 H_comp. + subst. + split; last split. { + move => y. + rewrite InZ_cons In_elementsZ_single. + split; last by tauto. { + move => [] //. + move => H_y_in. + split; first assumption. + rewrite In_elementsZ_single. + move => [] H_y2_le H_y_lt. + case H_y_in; first by lia. + move => /H_gr_s1'_alt H_lt_y. + suff : y2 + Z.of_N c2 < y. { + move => ?. lia. + } + apply Z.lt_trans with (m := y1 + Z.of_N c1) => //. + apply Z.lt_le_trans with (m := y1) => //. + apply Z_le_add_r. + } + } { + by rewrite interval_list_invariant_cons. + } { + done. + } + } { + rewrite /P1 /P2 /P3. + move => H_yc2_eq [] H_acc' H_s'. + clear IH P1 P2 P3 H_comp. + subst. + split; last split. { + move => y. + rewrite InZ_cons In_elementsZ_single. + split; last by tauto. { + move => [] //. + move => H_y_in. + split; first assumption. + rewrite In_elementsZ_single. + move => [] H_y2_le H_y_lt. + case H_y_in; first by lia. + move => /H_gr_s1'_alt H_lt_y. + suff : y2 + Z.of_N c2 < y. { + move => ?. lia. + } + apply Z.lt_trans with (m := (y2 + Z.of_N c2) + Z.of_N c1) => //. + by apply Z_lt_add_r. + } + } { + by rewrite interval_list_invariant_cons. + } { + done. + } + } + } + Qed. + + + Lemma diff_aux2_props : + forall (s2 s1 acc : t), + interval_list_invariant (rev_append acc s1) = true -> + interval_list_invariant s2 = true -> + (forall x1 x2, InZ x1 acc -> InZ x2 s2 -> Z.succ x1 < x2) -> + ((forall y, (InZ y (diff_aux2 acc s1 s2) <-> + ((InZ y acc) \/ (InZ y s1)) /\ ~InZ y s2)) /\ + (interval_list_invariant (diff_aux2 acc s1 s2) = true)). + Proof. + induction s2 as [| [y2 c2] s2' IH]. { + move => s1 acc H_inv_acc_s1 _ _. + rewrite /diff_aux2. + replace (match s1 with + | nil => rev_append acc s1 + | _ :: _ => rev_append acc s1 + end) with (rev_append acc s1); last by case s1. + split. { + move => y. + rewrite rev_append_rev InZ_app InZ_rev InZ_nil. + tauto. + } { + assumption. + } + } { + intros s1 acc H_inv_acc_s1. + rewrite interval_list_invariant_cons. + move => [H_gr_s2'] [H_c2_neq_0] H_inv_s2'. + move => H_acc_s2. + rewrite /diff_aux2; fold diff_aux2. + case_eq s1. { + move => H_s1_eq. + split. { + move => y. + rewrite rev_append_rev InZ_app InZ_nil InZ_rev. + split; last tauto. + move => [] // H_y_in. + split; first by left. + move => H_y_in'. + move : (H_acc_s2 _ _ H_y_in H_y_in'). + apply Z.nlt_succ_diag_l. + } { + move : H_inv_acc_s1. + by rewrite H_s1_eq. + } + } { + move => [_ _] _ <-. + case_eq (diff_aux y2 c2 acc s1). + move => acc' s1' H_diff_aux_eq. + + have H_acc_lt_y2 : (forall x : Z, InZ x acc -> x < y2). { + move => x H_x_in. + have H_y2_in: (InZ y2 ((y2,c2) :: s2')). { + rewrite InZ_cons. + left. + by apply In_elementsZ_single_hd. + } + move : (H_acc_s2 _ _ H_x_in H_y2_in). + apply Z.lt_trans, Z.lt_succ_diag_r. + } + + have [H_inv_acc [H_inv_s1 H_acc_s1]] : + interval_list_invariant (rev acc) = true /\ + interval_list_invariant s1 = true /\ + (forall x1 x2 : Z, + InZ x1 acc -> InZ x2 s1 -> Z.succ x1 < x2). { + + move : H_inv_acc_s1. + rewrite rev_append_rev. + move => /interval_list_invariant_app_elim. + move => [?] [?] H_x. + split; first assumption. + split; first assumption. + move => x1 x2 H_in_x1. + apply H_x. + by rewrite InZ_rev. + } + + move : (diff_aux_props y2 c2 s1 acc H_inv_acc H_inv_s1 H_acc_s1 H_acc_lt_y2 H_c2_neq_0). + rewrite !H_diff_aux_eq. + move => [H_inZ_res] [H_inv_res] H_inZ_acc'. + + have H_acc'_s2' : (forall x1 x2 : Z, + InZ x1 acc' -> InZ x2 s2' -> Z.succ x1 < x2). { + move => x1 x2 H_x1_in H_x2_in. + apply Z.le_lt_trans with (m := y2 + Z.of_N c2). { + apply Z.le_succ_l. + by apply H_inZ_acc'. + } { + move : H_gr_s2'. + rewrite interval_list_elements_greater_alt2_def //. + move => H_gr_s2'. + by apply H_gr_s2'. + } + } + + move : (IH s1' acc' H_inv_res H_inv_s2' H_acc'_s2'). + move => [] H_inZ_diff_res ->. + split; last done. + move => y. + rewrite H_inZ_diff_res. + move : (H_inZ_res y). + rewrite !rev_append_rev !InZ_app !InZ_rev InZ_cons. + move => ->. + tauto. + } + } + Qed. + + + Lemma diff_InZ : + forall (s1 s2 : t), + interval_list_invariant s1 = true -> + interval_list_invariant s2 = true -> + forall y, (InZ y (diff s1 s2) <-> InZ y s1 /\ ~InZ y s2). + Proof. + intros s1 s2 H_inv_s1 H_inv_s2 y. + rewrite /diff. + + move : (diff_aux2_props s2 s1 nil). + move => [] //. + move => H_in_diff _. + rewrite H_in_diff InZ_nil. + tauto. + Qed. + + Lemma diff_invariant : + forall (s1 s2 : t), + interval_list_invariant s1 = true -> + interval_list_invariant s2 = true -> + interval_list_invariant (diff s1 s2) = true. + Proof. + intros s1 s2 H_inv_s1 H_inv_s2. + rewrite /diff. + + move : (diff_aux2_props s2 s1 nil). + move => [] //. + Qed. + + + Global Instance diff_ok s1 s2 : forall `(Ok s1, Ok s2), Ok (diff s1 s2). + Proof. + move => H_ok_s1 H_ok_s2. + move : (H_ok_s1) (H_ok_s2). + rewrite /Ok /IsOk /is_encoded_elems_list /add. + move => [H_inv_s1] H_pre1. + move => [H_inv_s2] H_pre2. + split. { + apply diff_invariant => //. + } { + intros y. + move : (diff_InZ s1 s2 H_inv_s1 H_inv_s2). + rewrite /InZ => ->. + move => []. + move => /H_pre1 //. + } + Qed. + + Lemma diff_spec : + forall (s s' : t) (x : elt) (Hs : Ok s) (Hs' : Ok s'), + In x (diff s s') <-> In x s /\ ~In x s'. + Proof. + intros s s' x H_ok H_ok'. + rewrite !In_InZ. + rewrite diff_InZ => //. { + apply H_ok. + } { + apply H_ok'. + } Qed. - Lemma inter_spec : - forall (s s' : t) (x : elt) (Hs : Ok s) (Hs' : Ok s'), - In x (inter s s') <-> In x s /\ In x s'. + + (** *** remove specification *) + + Lemma removeZ_alt_def : forall x s acc, + interval_list_invariant s = true -> + removeZ_aux acc x s = match diff_aux x (1%N) acc s with + (acc', s') => rev_append acc' s' + end. Proof. - intros s s' x Hs Hs'. - rewrite /inter. - setoid_rewrite filter_spec. { - by rewrite mem_spec. - } { - repeat red. - intros y y' H_y_y'_eq. - apply eq_true_iff_eq. - rewrite !mem_spec /In. - setoid_rewrite H_y_y'_eq. + intros y2. + induction s as [| [y1 c1] s' IH]; first done. + + move => acc. + rewrite interval_list_invariant_cons /=. + move => [H_gr] [H_c1_neq_0] H_inv_s'. + move : (interval_1_compare_elim y2 y1 c1). + rewrite interval_1_compare_alt_def. + rewrite !(interval_compare_swap y1 c1 y2); last first. { + right. done. + } + move : (interval_compare_elim y1 c1 y2 (1%N)). + case_eq (interval_compare (y1, c1) (y2, (1%N))) => H_eq. { + move => H_lt_y2 _. + have H_yc2_nlt : ~(y2 < y1 + Z.of_N c1). { + by apply Z.nlt_ge, Z.lt_le_incl. + } + have H_y2_nlt : ~(y2 < y1). { + move => H_y2_y1. + apply H_yc2_nlt. + apply Z.lt_le_trans with (m := y1) => //. + apply Z_le_add_r. + } + move : (H_y2_nlt) (H_yc2_nlt) => /Z.ltb_nlt -> /Z.ltb_nlt ->. + rewrite IH //. + } { + move => H_lt_y2 _. + have H_yc2_nlt : ~(y2 < y1 + Z.of_N c1). { + apply Z.nlt_ge. + rewrite H_lt_y2. + apply Z.le_refl. + } + have H_y2_nlt : ~(y2 < y1). { + move => H_y2_y1. + apply H_yc2_nlt. + apply Z.lt_le_trans with (m := y1) => //. + apply Z_le_add_r. + } + move : (H_y2_nlt) (H_yc2_nlt) => /Z.ltb_nlt -> /Z.ltb_nlt ->. + rewrite IH //. + } { done. + } { + done. + } { + move => [H_y1_eq] H_c1_eq. + move => [] // . + move => [H_lt_y2] H_y2_lt. + have H_y2_nlt : ~(y2 < y1). { + apply Z.nlt_ge => //. + } + move : (H_y2_nlt) (H_y2_lt) => /Z.ltb_nlt -> /Z.ltb_lt ->. + rewrite /insert_intervalZ_guarded. + + have -> : (Z.to_N (y1 + Z.of_N c1 - Z.succ y2) =? 0 = true)%N. { + rewrite H_y1_eq H_c1_eq Z.add_1_r Z.sub_diag //. + } + + have -> : (Z.to_N (y2 - y1) =? 0 = true)%N. { + rewrite H_y1_eq Z.sub_diag //. + } + done. + } { + move => [H_y2_le] [H_yc1_le] _. + move => [] //. + move => [H_y1_le] H_y2_lt. + have H_y2_nlt : ~(y2 < y1). { + apply Z.nlt_ge => //. + } + move : (H_y2_nlt) (H_y2_lt) => /Z.ltb_nlt -> /Z.ltb_lt ->. + + have H_y1_eq : (y1 = y2) by lia. + have H_yc1_eq : (y1 + Z.of_N c1 = Z.succ y2). { + apply Z.le_antisymm. { + move : H_yc1_le. + rewrite Z.add_1_r //. + } { + by apply Z.le_succ_l. + } + } + + rewrite /insert_intervalZ_guarded. + have -> : (Z.to_N (y1 + Z.of_N c1 - Z.succ y2) =? 0 = true)%N. { + rewrite H_yc1_eq Z.sub_diag //. + } + + have -> : (Z.to_N (y2 - y1) =? 0 = true)%N. { + rewrite H_y1_eq Z.sub_diag //. + } + + suff -> : diff_aux y2 (1%N) acc s' = (acc, s') by done. + + move : H_gr. + rewrite H_yc1_eq. + case s' as [| [y' c'] s'']. { + done. + } { + rewrite interval_list_elements_greater_cons /= + /interval_compare. + move => H_lt_y'. + have -> : y2 + Z.of_N 1 ?= y' = Lt. { + apply Z.compare_lt_iff. + by rewrite Z.add_1_r. + } + done. + } + } { + move => [H_y1_le] [H_yc2_le] _. + move => [] //. + move => [_] H_y2_lt. + have H_y2_nlt : ~(y2 < y1). { + apply Z.nlt_ge => //. + } + move : (H_y2_nlt) (H_y2_lt) => /Z.ltb_nlt -> /Z.ltb_lt ->. + rewrite !rev_append_rev /insert_intervalZ_guarded Z.add_1_r. + case ((Z.to_N (y2 - y1) =? 0)%N), (Z.to_N (y1 + Z.of_N c1 - Z.succ y2) =? 0)%N. { + reflexivity. + } { + rewrite /= -!app_assoc //. + } { + reflexivity. + } { + rewrite /= -!app_assoc //. + } + } { + move => _ H_y2_lt'. + have H_y2_lt : (y2 < y1). { + apply Z.lt_trans with (m := Z.succ y2) => //. + apply Z.lt_succ_diag_r. + } + move : (H_y2_lt) => /Z.ltb_lt -> //. + } { + move => _ H_y1_eq. + have H_y2_lt : (y2 < y1). { + rewrite H_y1_eq. + apply Z.lt_succ_diag_r. + } + move : (H_y2_lt) => /Z.ltb_lt -> //. } Qed. + Lemma removeZ_interval_list_invariant : forall s x, interval_list_invariant s = true -> interval_list_invariant (removeZ x s) = true. + Proof. + intros s x H_inv. + rewrite /removeZ removeZ_alt_def //. + move : (diff_aux_props x (1%N) s nil). + case_eq (diff_aux x 1%N nil s). + move => acc' s' H_eq [] //. + move => _ [] //. + Qed. - (** *** diff specification *) + Lemma removeZ_spec : + forall (s : t) (x y : Z) (Hs : interval_list_invariant s = true), + InZ y (removeZ x s) <-> InZ y s /\ ~Z.eq y x. + Proof. + intros s x y H_inv. + rewrite /removeZ removeZ_alt_def //. + move : (diff_aux_props x (1%N) s nil). + case_eq (diff_aux x 1%N nil s). + move => acc' s' H_eq [] //. + move => -> _. + rewrite rev_append_rev InZ_app InZ_rev InZ_nil + In_elementsZ_single1. + split; move => [H1 H2]; split => //; + move => H3; apply H2; by rewrite H3. + Qed. + + Global Instance remove_ok s x : forall `(Ok s), Ok (remove x s). + Proof. + rewrite /Ok /interval_list_invariant /remove. + move => [H_is_ok_s H_enc_s]. + split. { + by apply removeZ_interval_list_invariant. + } { + rewrite /is_encoded_elems_list => y. + move : (removeZ_spec s (Enc.encode x) y H_is_ok_s). + rewrite /InZ => -> [] H_y_in _. + apply H_enc_s => //. + } + Qed. - Global Instance diff_ok s s' : forall `(Ok s, Ok s'), Ok (diff s s'). + Lemma remove_spec : + forall (s : t) (x y : elt) (Hs : Ok s), + In y (remove x s) <-> In y s /\ ~Enc.E.eq y x. Proof. - intros ? ?. - by apply remove_list_ok. + intros s x y Hs. + have H_rs := (remove_ok s x Hs). + rewrite /remove !In_InZ. + rewrite removeZ_spec. { + rewrite Enc.encode_eq //. + } { + apply Hs. + } Qed. + - Lemma diff_spec : - forall (s s' : t) (x : elt) (Hs : Ok s) (Hs' : Ok s'), - In x (diff s s') <-> In x s /\ ~In x s'. + (** *** remove_list specification *) + + Lemma remove_list_ok : forall l s, Ok s -> Ok (remove_list l s). Proof. - intros s s' x Hs Hs'. - rewrite /diff remove_list_spec. - tauto. + induction l as [| x l' IH]. { + done. + } { + move => s H_s_ok /=. + apply IH. + by apply remove_ok. + } Qed. + Lemma remove_list_spec : forall x l s, Ok s -> + (In x (remove_list l s) <-> ~(InA Enc.E.eq x l) /\ In x s). + Proof. + move => x. + induction l as [| y l' IH]. { + intros s H. + rewrite /= InA_nil. + tauto. + } { + move => s H_ok /=. + rewrite IH remove_spec InA_cons. + tauto. + } + Qed. + (** *** subset specification *) + + Lemma subset_flatten_alt_def : forall (s1 s2 : t), + subset s1 s2 = + match (s1, s2) with + | (nil, _) => true + | (_ :: _, nil) => false + | ((y1, c1) :: l1, (y2, c2) :: l2) => + match (interval_compare (y1, c1) (y2,c2)) with + | ICR_before => false + | ICR_before_touch => false + | ICR_after => subset s1 l2 + | ICR_after_touch => false + | ICR_overlap_before => false + | ICR_overlap_after => false + | ICR_equal => subset l1 l2 + | ICR_subsume_1 => subset l1 s2 + | ICR_subsume_2 => false + end + end. + Proof. + intros s1 s2. + case s1, s2 => //. + Qed. + + Lemma subset_props_aux : forall y1 c1 l1 y2 c2 l2, + (exists y, InZ y ((y1, c1) :: l1) /\ ~InZ y ((y2, c2) :: l2)) -> + (false = true <-> + (forall y : Z, + InZ y ((y1, c1) :: l1) -> InZ y ((y2, c2) :: l2))). + Proof. + intros y1 c1 l1 y2 c2 l2. + move => [y] [H_y_in H_y_nin]. + split; first done. + move => H. + contradict H_y_nin. + by apply H. + Qed. + + Lemma subset_props_aux_before : forall y1 c1 l1 y2 c2 l2, + (c1 <> 0%N) -> + interval_list_invariant ((y2, c2) :: l2) = true -> + (y1 < y2) -> + (false = true <-> + (forall y : Z, + InZ y ((y1, c1) :: l1) -> InZ y ((y2, c2) :: l2))). + Proof. + intros y1 c1 l1 y2 c2 l2. + rewrite interval_list_invariant_cons. + move => H_c1_neq_0 [H_gr] [H_inv_l2] H_c2_neq_0 H_y1_lt. + apply subset_props_aux. + exists y1. + split. { + rewrite InZ_cons. + left. + by apply In_elementsZ_single_hd. + } { + rewrite InZ_cons. + suff : ~ (List.In y1 (elementsZ_single y2 c2)) /\ ~ InZ y1 l2 by tauto. + split. { + rewrite In_elementsZ_single. + move => [] /Z.le_ngt //. + } { + eapply Nin_elements_greater; eauto. + apply Z.le_trans with (m := y2). { + by apply Z.lt_le_incl. + } { + apply Z_le_add_r. + } + } + } + Qed. + + + Lemma subset_props : forall s1 s2 : t, + interval_list_invariant s1 = true -> + interval_list_invariant s2 = true -> + (subset s1 s2 = true <-> + (forall y, InZ y s1 -> InZ y s2)). + Proof. + induction s1 as [| [y1 c1] l1 IH1]. { + move => s2 _ _. + rewrite subset_flatten_alt_def. + split; done. + } { + induction s2 as [| [y2 c2] l2 IH2]. { + rewrite interval_list_invariant_cons + subset_flatten_alt_def. + move => [_] [H_c1_neq_0] _ _. + split => //. + move => H; move : (H y1). + rewrite InZ_nil => {} H. + contradict H. + rewrite InZ_cons; left. + by apply In_elementsZ_single_hd. + } { + move => H_inv_s1 H_inv_s2. + move : (H_inv_s1) (H_inv_s2). + rewrite !interval_list_invariant_cons. + move => [H_gr_l1] [H_c1_neq_0] H_inv_l1. + move => [H_gr_l2] [H_c2_neq_0] H_inv_l2. + move : (IH2 H_inv_s1 H_inv_l2) => {} IH2. + have : forall s2 : t, + interval_list_invariant s2 = true -> + (subset l1 s2 = true <-> + (forall y : Z, InZ y l1 -> InZ y s2)). { + intros. by apply IH1. + } + move => {} IH1. + have H_yc2_nin : ~ InZ (y2 + Z.of_N c2) ((y2, c2) :: l2). { + rewrite !InZ_cons !In_elementsZ_single. + move => []. { + move => [_] /Z.lt_irrefl //. + } { + eapply Nin_elements_greater; eauto. + apply Z.le_refl. + } + } + + rewrite subset_flatten_alt_def. + move : (interval_compare_elim y1 c1 y2 c2). + case (interval_compare (y1, c1) (y2, c2)). { + move => H_lt_y2. + apply subset_props_aux_before => //. + apply Z.le_lt_trans with (m := y1 + Z.of_N c1) => //. + apply Z_le_add_r. + } { + move => H_y2_eq. + apply subset_props_aux_before => //. + rewrite -H_y2_eq. + by apply Z_lt_add_r. + } { + move => [H_y1_lt] _. + apply subset_props_aux_before => //. + } { + move => [H_y2_lt] [H_y1_lt] H_yc2_lt. + apply subset_props_aux. + exists (y2 + Z.of_N c2). + split => //. + rewrite !InZ_cons !In_elementsZ_single. + left. + split => //. + by apply Z.lt_le_incl. + } { + move => [H_y1_eq] H_c1_eq; subst. + rewrite IH1 => //. + split; move => H_pre y; move : (H_pre y) => {H_pre}; + rewrite !InZ_cons. { + tauto. + } { + move => H_pre H_y_in_l1. + suff : ~(List.In y (elementsZ_single y2 c2)). { + tauto. + } + move : H_gr_l1. + rewrite interval_list_elements_greater_alt2_def + // In_elementsZ_single. + move => H; move : (H y H_y_in_l1) => {H}. + move => /Z.lt_ngt H_neq [_] //. + } + } { + move => [H_y2_lt_y1] [H_yc1_le] _. + rewrite IH1. + split; move => H_pre y; move : (H_pre y) => {H_pre}; + rewrite !InZ_cons. { + move => H []; last apply H. move => {H}. + rewrite !In_elementsZ_single. + move => [H_y1_le] H_y_lt. + left. + lia. + } { + move => H_pre H_y_in_l1. + apply H_pre. + by right. + } { + assumption. + } + } { + move => [H_y1_le] [_] []. { + apply subset_props_aux_before => //. + } { + move => H_yc2_lt. + apply subset_props_aux. + exists (y2 + Z.of_N c2). + split => //. + rewrite !InZ_cons !In_elementsZ_single. + left. + split => //. + apply Z.le_trans with (m := y2) => //. + apply Z_le_add_r. + } + } { + move => H_yc2_lt_y1. + rewrite IH2. + split; move => H_pre y; move : (H_pre y) => {H_pre}; + rewrite !InZ_cons. { + tauto. + } { + rewrite !In_elementsZ_single. + move => H_pre H_y_in. + suff : ~(y2 <= y < y2 + Z.of_N c2). { + tauto. + } + move => [H_y2_le H_y_lt]. + move : H_y_in => []. { + move => [H_y1_le] H_y_lt'. + lia. + } { + eapply Nin_elements_greater; eauto. + apply Z.le_trans with (m := y1); last first. { + apply Z_le_add_r. + } + apply Z.lt_le_incl. + apply Z.lt_trans with (m := y2 + Z.of_N c2) => //. + } + } + } { + move => H_y1_eq. + apply subset_props_aux. + exists y1. + rewrite !InZ_cons. + split. { + left. + by apply In_elementsZ_single_hd. + } { + rewrite !In_elementsZ_single H_y1_eq. + move => []. { + move => [_] /Z.lt_irrefl //. + } { + eapply Nin_elements_greater; eauto. + rewrite H_y1_eq. + apply Z.le_refl. + } + } + } + } + } + Qed. + Lemma subset_spec : forall (s s' : t) (Hs : Ok s) (Hs' : Ok s'), subset s s' = true <-> Subset s s'. Proof. intros s s' Hs Hs'. - rewrite /subset forallb_forall /Subset. - split; ( - move => H x /In_alt_def H_x_in; - move : (H x H_x_in) => {H}; - rewrite mem_spec // - ). + move : (Hs) (Hs'). + rewrite /Ok /IsOk. + move => [H_inv_s H_enc_s] [H_inv_s' H_enc_s']. + rewrite (subset_props s s' H_inv_s H_inv_s'). + rewrite /Subset. + split. { + move => H_pre enc_y. + rewrite !In_InZ. + apply H_pre. + } { + move => H_pre y H_y_in. + move : (H_enc_s _ H_y_in) => [e] H_e. subst. + move : (H_pre e) H_y_in. + rewrite !In_InZ //. + } Qed. - + (** *** elements and elementsZ specification *) @@ -1879,7 +4356,7 @@ Module Raw (Enc : ElementEncode). apply NoDupA_nil. } { move => H_ok_s. - move : (H_ok_s) => /Ok_cons [H_inf] [H_c] [H_enc] H_s'. + move : (H_ok_s) => /Ok_cons [H_interval_list_elements_greater] [H_c] [H_enc] H_s'. rewrite elementsZ_cons. apply NoDupA_app. { apply Z.eq_equiv. @@ -1897,285 +4374,91 @@ Module Raw (Enc : ElementEncode). move => [_] [<-] H_y_in. move => [_] [<-] H_y_in'. move : H_y_in'. - rewrite -in_rev In_elementsZ_single /=. - move => [H_x_le] H_y_lt. - eapply Nin_elements_greater; eauto; first apply H_s'. - by apply Z.lt_le_incl. - } - } - Qed. - - Lemma elements_spec2w : forall (s : t) (Hs : Ok s), NoDupA Enc.E.eq (elements s). - Proof. - intros s Hs. - rewrite /elements rev_map_alt_def. - apply NoDupA_rev. { - apply Enc.E.eq_equiv. - } { - eapply NoDupA_map; first by apply elementsZ_spec2w. - - intros x1 x2 H_x1_in H_x2_in H_dec_eq. - have H_is_enc: is_encoded_elems_list (elementsZ s). { - apply Hs. - } - move : (H_is_enc _ H_x1_in) => [y1 H_x1_eq]. - move : (H_is_enc _ H_x2_in) => [y2 H_x2_eq]. - move : H_dec_eq. - rewrite -H_x1_eq -H_x2_eq !Enc.decode_encode_ok Enc.encode_eq //. - } - Qed. - - - - (** *** equal specification *) - - Lemma equal_alt_def : forall s1 s2, - equal s1 s2 = true <-> (s1 = s2). - Proof. - induction s1 as [| [x cx] xs IH]. { - move => [] //. - } { - move => [] //=. - move => [y cy] ys. - rewrite !andb_true_iff IH N.eqb_eq Z.eqb_eq. - split. { - move => [->] [->] -> //. - } { - move => [->] -> -> //. - } - } - Qed. - - Lemma elementsZ_cons_le_start : forall x cx xs y cy ys, - isok ((x, cx) :: xs) = true -> - isok ((y, cy) :: ys) = true -> - (forall z, List.In z (elementsZ ((y, cy) :: ys)) -> - List.In z (elementsZ ((x, cx) :: xs))) -> - (x <= y). - Proof. - intros x cx xs y cy ys. - rewrite !isok_cons. - move => [H_inf_xs] [H_cx] H_xs [H_inf_ys] [H_cy] H_ys H. - - case_eq (x <=? y). { - move => /Z.leb_le //. - } { - move => /Z.leb_gt H_y_lt. - exfalso. - move : (H y). - have -> : (List.In y (elementsZ ((x, cx) :: xs)) <-> False). { - split => //. - rewrite elementsZ_cons in_app_iff -in_rev In_elementsZ_single. - move => []. { - suff : (~ InZ y xs). { - rewrite /InZ //. - } - eapply Nin_elements_greater; eauto. - eapply Z.le_trans with (m := x). { - by apply Z.lt_le_incl. - } { - apply Z_le_add_r. - } - } { - apply Z.lt_nge in H_y_lt. - tauto. - } - } - have -> : (List.In y (elementsZ ((y, cy) :: ys)) <-> True). { - split => // _. - rewrite elementsZ_cons in_app_iff -in_rev. - right. - apply In_elementsZ_single_hd => //. - } - tauto. - } - Qed. - - Lemma elementsZ_cons_le_end : forall x cx xs y cy ys, - isok ((x, cx) :: xs) = true -> - isok ((y, cy) :: ys) = true -> - (x <= y + Z.of_N cy) -> - (forall z, List.In z (elementsZ ((x, cx) :: xs)) -> - List.In z (elementsZ ((y, cy) :: ys))) -> - (x + Z.of_N cx <= y + Z.of_N cy). - Proof. - intros x cx xs y cy ys. - rewrite !isok_cons. - move => [H_inf_xs] [H_cx] H_xs [H_inf_ys] [H_cy] H_ys H_x_le H. - - case_eq (x + Z.of_N cx <=? y + Z.of_N cy). { - move => /Z.leb_le //. - } { - move => /Z.leb_gt H_y_lt. - exfalso. - move : (H (y + Z.of_N cy)). - have -> : ((List.In (y + Z.of_N cy)) (elementsZ ((y, cy) :: ys)) <-> False). { - split => //. - rewrite elementsZ_cons in_app_iff -in_rev In_elementsZ_single. - move => []. { - suff : (~ InZ (y + Z.of_N cy) ys). { - rewrite /InZ //. - } - eapply Nin_elements_greater; eauto. - apply Z.le_refl. + rewrite -in_rev In_elementsZ_single /=. + move => [H_x_le] H_y_lt. + eapply (Nin_elements_greater s' (x + Z.of_N c)) => //. { + apply H_s'. } { - move => [_] /Z.lt_irrefl //. + apply Z.lt_le_incl, H_y_lt. + } { + apply H_y_in. } - } - have -> : (List.In (y + Z.of_N cy) (elementsZ ((x, cx) :: xs)) <-> True). { - split => // _. - rewrite elementsZ_cons in_app_iff -in_rev. - right. - rewrite In_elementsZ_single => //. - } - tauto. + } } Qed. - - Lemma elementsZ_cons_equiv_hd : forall x cx xs y cy ys, - isok ((x, cx) :: xs) = true -> - isok ((y, cy) :: ys) = true -> - (forall z, List.In z (elementsZ ((x, cx) :: xs)) <-> - List.In z (elementsZ ((y, cy) :: ys))) -> - (x = y) /\ (cx = cy). + Lemma elements_spec2w : forall (s : t) (Hs : Ok s), NoDupA Enc.E.eq (elements s). Proof. - intros x cx xs y cy ys H_ok_xs H_ok_ys H. - have H_xy_eq : x = y. { - have H_x_le : (x <= y). { - eapply (elementsZ_cons_le_start); eauto. - intro z. - rewrite H => //. - } - have H_y_le : (y <= x). { - eapply (elementsZ_cons_le_start); eauto. - intro z. - rewrite H => //. - } - apply Z.le_antisymm => //. - } - subst. - split => //. + intros s Hs. + rewrite /elements rev_map_alt_def. + apply NoDupA_rev. { + apply Enc.E.eq_equiv. + } { + eapply NoDupA_map; first by apply elementsZ_spec2w. - have : (y + Z.of_N cx = y + Z.of_N cy). { - have H_cx_le : (y + Z.of_N cx <= y + Z.of_N cy). { - eapply elementsZ_cons_le_end; eauto. { - apply Z_le_add_r. - } { - intro Z. - rewrite H => //. - } - } - have H_cy_le : (y + Z.of_N cy <= y + Z.of_N cx). { - eapply elementsZ_cons_le_end; eauto. { - apply Z_le_add_r. - } { - intro Z. - rewrite H => //. - } + intros x1 x2 H_x1_in H_x2_in H_dec_eq. + have H_is_enc: is_encoded_elems_list (elementsZ s). { + apply Hs. } - apply Z.le_antisymm => //. + move : (H_is_enc _ H_x1_in) => [y1 H_x1_eq]. + move : (H_is_enc _ H_x2_in) => [y2 H_x2_eq]. + move : H_dec_eq. + rewrite -H_x1_eq -H_x2_eq !Enc.decode_encode_ok Enc.encode_eq //. } - rewrite Z.add_cancel_l. - apply N2Z.inj. Qed. - Lemma elementsZ_single_equiv : forall x cx y cy, - (cx <> 0)%N -> - (cy <> 0)%N -> - (forall z, List.In z (elementsZ_single x cx) <-> - List.In z (elementsZ_single y cy)) -> - (x = y) /\ (cx = cy). + + (** *** equal specification *) + + Lemma equal_alt_def : forall s1 s2, + equal s1 s2 = true <-> (s1 = s2). Proof. - intros x cx y cy H_cx H_cy H. - apply elementsZ_cons_equiv_hd with (xs := nil) (ys := nil). { - rewrite isok_cons //. - } { - rewrite isok_cons //. + induction s1 as [| [x cx] xs IH]. { + move => [] //. } { - intro z. - move : (H z) => {H}. - rewrite !elementsZ_cons !in_app_iff !elementsZ_nil -!in_rev /= => -> //. + move => [] //=. + move => [y cy] ys. + rewrite !andb_true_iff IH N.eqb_eq Z.eqb_eq. + split. { + move => [->] [->] -> //. + } { + move => [->] -> -> //. + } } Qed. - + Lemma equal_elementsZ : forall (s s' : t) {Hs : Ok s} {Hs' : Ok s'}, (forall x, (InZ x s <-> InZ x s')) -> (s = s'). Proof. - induction s as [| [x cx] xs IH]. { - move => [] //. - move => [y cy ys] _ /Ok_cons [_] [H_cy] _. - rewrite /InZ elementsZ_nil /= => H. - exfalso. - rewrite (H y) elementsZ_cons in_app_iff -in_rev. - right. - apply In_elementsZ_single_hd => //. - } { - move => []. { - move => /Ok_cons [_] [H_xc] _ _. - rewrite /InZ elementsZ_nil /= => H. - exfalso. - rewrite -(H x) elementsZ_cons in_app_iff -in_rev. - right. - apply In_elementsZ_single_hd => //. - } { - move => [y cy ys] H_ok_xxs H_ok_yys. - rewrite /InZ. - move => H_in. - - have [H_ok_xs H_inf_xs] : Ok xs /\ inf (x + Z.of_N cx) xs = true. { - move : H_ok_xxs => /Ok_cons; tauto. - } - have [H_ok_ys H_inf_ys] : Ok ys /\ inf (y + Z.of_N cy) ys = true. { - move : H_ok_yys => /Ok_cons. tauto. - } - have H_isok_xs : isok xs=true by apply H_ok_xs. - have H_isok_ys : isok ys=true by apply H_ok_ys. - - have [H_x_eq H_cx_eq] : (x = y) /\ (cx = cy). { - eapply elementsZ_cons_equiv_hd. - - by apply H_ok_xxs. - - by apply H_ok_yys. - - by apply H_in. - } - subst. - - suff -> : (xs = ys) by []. - suff H_suff : (forall x : Z, InZ x xs <-> InZ x ys) by apply IH. - - move => z. - move : (H_in z) => {H_in}. - move : (Nin_elements_greater _ _ H_inf_xs H_isok_xs z). - move : (Nin_elements_greater _ _ H_inf_ys H_isok_ys z). - rewrite /InZ !elementsZ_cons !in_app_iff -!in_rev !In_elementsZ_single. - move => H_nin_ys H_nin_xs H_equiv. - split. { - move => H_z_in. - have : List.In z (elementsZ ys) \/ y <= z < y + Z.of_N cy. { - rewrite -H_equiv. - by left. - } - move => [] //. - move => [_] /Z.lt_le_incl H_z_le. - contradict H_z_in. - by apply H_nin_xs. - } { - move => H_z_in. - have : List.In z (elementsZ xs) \/ y <= z < y + Z.of_N cy. { - rewrite H_equiv. - by left. - } - move => [] //. - move => [_] /Z.lt_le_incl H_z_le. - contradict H_z_in. - by apply H_nin_ys. - } - } + intros s s'. + move => H_ok_s H_ok_s' H_InZ_eq. + have [] : ((subset s s' = true) /\ (subset s' s = true)). { + rewrite !subset_spec /Subset. + split => x; rewrite !In_InZ H_InZ_eq //. } + have : interval_list_invariant s' = true by apply H_ok_s'. + have : interval_list_invariant s = true by apply H_ok_s. + clear H_ok_s H_ok_s' H_InZ_eq. + move : s s'. + induction s as [| [x1 c1] s1 IH]; + case s' as [| [x2 c2] s2] => //. + rewrite !interval_list_invariant_cons. + move => [H_gr_s1] [H_c1_neq_0] H_inv_s1. + move => [H_gr_s2] [H_c2_neq_0] H_inv_s2. + rewrite subset_flatten_alt_def + (subset_flatten_alt_def ((x2, c2)::s2)). + rewrite (interval_compare_swap x1 c1); last by left. + move : (interval_compare_elim x1 c1 x2 c2). + case (interval_compare (x1, c1) (x2, c2)) => //. + move => [->] -> H_sub_s12 H_sub_s21. + + suff -> : s1 = s2 by done. + by apply IH. Qed. + Lemma equal_spec : forall (s s' : t) {Hs : Ok s} {Hs' : Ok s'}, @@ -2215,86 +4498,538 @@ Module Raw (Enc : ElementEncode). } Qed. + (** *** compare *) + Definition lt (s1 s2 : t) : Prop := (compare s1 s2 = Lt). + + Lemma compare_eq_Eq : forall s1 s2, + (compare s1 s2 = Eq <-> equal s1 s2 = true). + Proof. + induction s1 as [| [y1 c1] s1' IH]; + case s2 as [| [y2 c2] s2'] => //. + rewrite /= !andb_true_iff -IH Z.eqb_eq N.eqb_eq. + move : (Z.compare_eq_iff y1 y2). + case (Z.compare y1 y2). { + move => H. + have -> : y1 = y2. by apply H. + clear H. + + move : (N.compare_eq_iff c1 c2). + case (N.compare c1 c2). { + move => H. + have -> : c1 = c2. by apply H. + tauto. + } { + move => H. + have H_neq : ~(c1 = c2). by rewrite -H => {H}. + tauto. + } { + move => H. + have H_neq : ~(c1 = c2). by rewrite -H => {H}. + tauto. + } + } { + move => H. + have H_neq : ~(y1 = y2). by rewrite -H => {H}. + tauto. + } { + move => H. + have H_neq : ~(y1 = y2). by rewrite -H => {H}. + tauto. + } + Qed. + + Lemma compare_eq_Lt_nil_l : forall s, + compare nil s = Lt <-> s <> nil. + Proof. + intros s. + case s => //=. + Qed. + + Lemma compare_eq_Lt_nil_r : forall s, + ~(compare s nil = Lt). + Proof. + intros s. + case s as [| [y1 c1] s'] => //=. + Qed. + + Lemma compare_eq_Lt_cons : forall y1 y2 c1 c2 s1 s2, + compare ((y1, c1)::s1) ((y2, c2)::s2) = Lt <-> + (y1 < y2) \/ ((y1 = y2) /\ (c1 < c2)%N) \/ + ((y1 = y2) /\ (c1 = c2) /\ compare s1 s2 = Lt). + Proof. + intros y1 y2 c1 c2 s1 s2. + rewrite /=. + case_eq (Z.compare y1 y2). { + move => /Z.compare_eq_iff ->. + case_eq (N.compare c1 c2). { + move => /N.compare_eq_iff ->. + split. { + move => H. + right; right. + done. + } { + move => [| []]. { + move => /Z.lt_irrefl //. + } { + move => [_] /N.lt_irrefl //. + } { + move => [_] [_] -> //. + } + } + } { + move => /N.compare_lt_iff H_c1_lt. + split => //. + move => _. + right; left. done. + } { + move => /N.compare_gt_iff H_c2_lt. + split => //. + move => [| []]. { + move => /Z.lt_irrefl //. + } { + move => [_] /N.lt_asymm //. + } { + move => [_] [] H_c1_eq. + contradict H_c2_lt. + subst c1. + by apply N.lt_irrefl. + } + } + } { + move => /Z.compare_lt_iff. + tauto. + } { + move => /Z.compare_gt_iff H_y2_lt. + split => //. + move => [| []]. { + move => /Z.lt_asymm //. + } { + move => [] H_y1_eq. + exfalso. lia. + } { + move => [] H_y1_eq. + exfalso. lia. + } + } + Qed. + + + Lemma compare_antisym: forall (s1 s2 : t), + (compare s1 s2) = CompOpp (compare s2 s1). + Proof. + induction s1 as [| [y1 c1] s1' IH]; + case s2 as [| [y2 c2] s2'] => //. + rewrite /= (Z.compare_antisym y1 y2) (N.compare_antisym c1 c2). + case (Z.compare y1 y2) => //=. + case (N.compare c1 c2) => //=. + Qed. + + + Lemma compare_spec : forall s1 s2, + CompSpec eq lt s1 s2 (compare s1 s2). + Proof. + intros s1 s2. + rewrite /CompSpec /lt (compare_antisym s2 s1). + case_eq (compare s1 s2). { + rewrite compare_eq_Eq equal_alt_def => ->. + by apply CompEq. + } { + move => _. + by apply CompLt. + } { + move => _. + by apply CompGt. + } + Qed. + + Lemma lt_Irreflexive : Irreflexive lt. + Proof. + rewrite /Irreflexive /Reflexive /complement /lt. + intros x. + suff -> : compare x x = Eq by done. + rewrite compare_eq_Eq equal_alt_def //. + Qed. + + Lemma lt_Transitive : Transitive lt. + Proof. + rewrite /Transitive /lt. + induction x as [| [y1 c1] s1' IH]; + case y as [| [y2 c2] s2']; + case z as [| [y3 c3] s3'] => //. + + rewrite !compare_eq_Lt_cons. + move => [H_y1_lt | [[->] H_c1_lt | [->] [->] H_comp]] + [H_y2_lt | [[<-] H_c2_lt | [<-] [<-] H_comp']]. { + left. + by apply Z.lt_trans with (m := y2). + } { + by left. + } { + by left. + } { + by left. + } { + right; left. + split => //. + by apply N.lt_trans with (m := c2). + } { + by right; left. + } { + by left. + } { + by right; left. + } { + right; right. + split => //. + split => //. + by apply (IH s2'). + } + Qed. + + (** *** elements is sorted *) + + Lemma elementsZ_single_sorted : forall c x, + sort Z.lt (elementsZ_single x c). + Proof. + induction c as [| c' IH] using N.peano_ind. { + intro x. + rewrite elementsZ_single_base. + apply Sorted_nil. + } { + intro x. + rewrite elementsZ_single_succ_front. + apply Sorted_cons. { + apply IH. + } { + case (N.zero_or_succ c'). { + move => ->. + rewrite elementsZ_single_base //. + } { + move => [c''] ->. + rewrite elementsZ_single_succ_front. + constructor. + apply Z.lt_succ_diag_r. + } + } + } + Qed. + + Lemma elementsZ_sorted : forall s, + interval_list_invariant s = true -> + sort Z.lt (rev (elementsZ s)). + Proof. + induction s as [| [y c] s' IH]. { + move => _. + rewrite elementsZ_nil. + apply Sorted_nil. + } { + rewrite interval_list_invariant_cons elementsZ_cons + rev_app_distr rev_involutive. + move => [H_gr] [H_c_neq_0] H_inv_s'. + apply SortA_app with (eqA := Logic.eq). { + apply eq_equivalence. + } { + apply elementsZ_single_sorted. + } { + by apply IH. + } { + intros x1 x2. + move => /InA_alt [_] [<-] /In_elementsZ_single [_ H_x1_lt]. + move => /InA_alt [_] [<-]. + rewrite -In_rev => H_x2_in. + + apply Z.lt_trans with (m := (y + Z.of_N c)) => //. + eapply interval_list_elements_greater_alt2_def; + eauto. + } + } + Qed. + + Lemma elements_sorted : forall s, + Ok s -> + sort Enc.E.lt (elements s). + Proof. + move => s [H_inv] H_enc. + rewrite /elements rev_map_alt_def -map_rev. + have : (forall x : Z, List.In x (rev (elementsZ s)) -> + exists e : Enc.E.t, Enc.encode e = x). { + move => x. + move : (H_enc x). + rewrite In_rev //. + } + move : (elementsZ_sorted s H_inv) => {H_enc}. + generalize (rev (elementsZ s)). + induction l as [| x xs IH]. { + rewrite /= => _ _. + apply Sorted_nil. + } { + move => H_sort H_enc. + apply Sorted_inv in H_sort as [H_sort H_hd_rel]. + simpl. + apply Sorted_cons. { + apply IH => //. + move => xx H_xx_in. + apply H_enc. + by apply in_cons. + } { + move : H_hd_rel H_enc. + case xs => //=. + move => x' xs' H_hd_rel H_enc. + apply HdRel_inv in H_hd_rel. + apply HdRel_cons. + rewrite -Enc.encode_lt. + have [y H_y] : (exists y, Enc.encode y = x). { + apply H_enc. by left. + } + have [y' H_y'] : (exists y', Enc.encode y' = x'). { + apply H_enc. by right; left. + } + move : H_hd_rel. + rewrite -!H_y -!H_y' !Enc.decode_encode_ok //. + } + } + Qed. + + (** *** choose specification *) - Lemma choose_alt_def : forall s, - choose s = match chooseZ s with - | None => None - | Some e => Some (Enc.decode e) - end. + Definition min_eltZ_spec1 : + forall (s : t) (x : Z), + interval_list_invariant s = true -> + min_eltZ s = Some x -> InZ x s. + Proof. + intros s x. + case s as [| [x' c] s']. { + rewrite /min_eltZ //. + } { + rewrite /min_eltZ InZ_cons interval_list_invariant_cons. + move => [_] [H_c_neq] _ [->]. + left. + by apply In_elementsZ_single_hd. + } + Qed. + + Lemma min_eltZ_spec2 : + forall (s : t) (x y : Z) (Hs : Ok s), + min_eltZ s = Some x -> InZ y s -> ~ Z.lt y x. Proof. + intros s x y H_ok H_min H_in H_y_lt_x. + eapply (Nin_elements_greater s (Z.pred x)) => //; last apply H_in. { + move : H_ok H_min. + case s => //. + move => [z c] s' _ [<-]. + rewrite interval_list_elements_greater_cons. + apply Z.lt_pred_l. + } { + apply H_ok. + } { + by apply Z.lt_le_pred. + } + Qed. + + Definition min_eltZ_spec3 : + forall (s : t), + min_eltZ s = None -> forall x, ~InZ x s. + Proof. intros s. - rewrite /choose /chooseZ /elements /rev' rev_append_rev app_nil_r - rev_map_alt_def -map_rev. - case (rev (elementsZ s)) => //. + case s as [| [x' c] s']; + rewrite /min_eltZ //. + move => _ x //. + Qed. + + Definition min_elt_spec1 : + forall (s : t) (x : elt) (Hs : Ok s), min_elt s = Some x -> In x s. + Proof. + rewrite /min_elt. + move => s x H_ok. + case_eq (min_eltZ s) => //. + move => z H_min_elt [<-]. + apply InZ_In => //. + apply min_eltZ_spec1 => //. + apply H_ok. + Qed. + + Definition min_elt_spec2 : + forall (s : t) (x y : elt) (Hs : Ok s), min_elt s = Some x -> In y s -> ~(Enc.E.lt y x). + Proof. + rewrite /min_elt. + move => s x y H_ok. + case_eq (min_eltZ s) => //. + move => z H_min_elt [<-]. + rewrite In_InZ => H_inZ. + have H_y_eq : y = Enc.decode (Enc.encode y). { + by rewrite Enc.decode_encode_ok. + } + rewrite H_y_eq -Enc.encode_lt. + apply (min_eltZ_spec2 _ _ _ H_ok); last first. { + by rewrite Enc.decode_encode_ok. + } + suff -> : Enc.encode (Enc.decode z) = z by assumption. + apply encode_decode_eq with (s := s) => //. + apply min_eltZ_spec1 => //. + apply H_ok. + Qed. + + Definition min_elt_spec3 : + forall s : t, min_elt s = None -> Empty s. + Proof. + rewrite /min_elt /min_eltZ /Empty /In. + case s as [| [x' c] s'] => //. + move => _ e. + rewrite elements_nil InA_nil //. + Qed. + + + Definition choose_spec1 : + forall (s : t) (x : elt) (Hs : Ok s), choose s = Some x -> In x s. + Proof. + rewrite /choose. + apply min_elt_spec1. + Qed. + + Definition choose_spec2 : + forall s : t, choose s = None -> Empty s. + Proof. + rewrite /choose. + apply min_elt_spec3. + Qed. + + Lemma choose_spec3: forall s s' x x', Ok s -> Ok s' -> + choose s = Some x -> choose s' = Some x' -> Equal s s' -> x = x'. + Proof. + intros s s' x x' Hs Hs' Hx Hx'. + rewrite -equal_spec equal_alt_def => H_s_eq. + move : Hx Hx'. + rewrite H_s_eq => -> [] //. Qed. - Definition choose_spec1 : - forall (s : t) (x : elt), choose s = Some x -> In x s. + + Definition max_eltZ_spec1 : + forall (s : t) (x : Z), + interval_list_invariant s = true -> + max_eltZ s = Some x -> InZ x s. Proof. intros s x. - rewrite /choose /In. - case (elements s) => //. - move => z l [<-]. - apply InA_cons_hd. - apply Enc.E.eq_equiv. + induction s as [| [x' c] s' IH]. { + rewrite /max_eltZ //. + } { + rewrite InZ_cons interval_list_invariant_cons /=. + move => [_] [H_c_neq]. + case s' as [| [y' c'] s'']. { + move => _ [<-]. + left. { + rewrite In_elementsZ_single. + split. { + rewrite -Z.lt_le_pred. + by apply Z_lt_add_r. + } { + apply Z.lt_pred_l. + } + } + } { + move => H_inv H_max_eq. + right. + by apply IH. + } + } Qed. - Definition choose_spec2 : - forall s : t, choose s = None -> Empty s. - Proof. - rewrite /choose /Empty /In. - intro s. - case (elements s) => //. - move => _ a. - rewrite InA_nil //. + Lemma max_eltZ_spec2 : + forall (s : t) (x y : Z), + interval_list_invariant s = true -> + max_eltZ s = Some x -> InZ y s -> ~ Z.lt x y. + Proof. + induction s as [| [y c] s' IH]. { + done. + } { + move => x x'. + rewrite interval_list_invariant_cons. + move => [H_gr] [H_c_neq_0] H_inv_s'. + have H_gr' : (forall xx : Z, InZ xx (s') -> y + Z.of_N c < xx). { + apply interval_list_elements_greater_alt2_def => //. + } + + case s' as [| [y' c'] s'']. { + move => [<-]. + rewrite InZ_cons InZ_nil In_elementsZ_single. + lia. + } { + move => H_max_eq. + rewrite InZ_cons. + move => []; last by apply IH. + rewrite In_elementsZ_single. + move => [_] H_x'_lt H_lt_x'. + + have H_x_in : InZ x ((y', c')::s''). { + by apply max_eltZ_spec1. + } + + move : (H_gr' _ H_x_in). + apply Z.nlt_ge, Z.lt_le_incl. + by apply Z.lt_trans with (m := x'). + } + } Qed. + Lemma max_eltZ_eq_None : + forall (s : t), + max_eltZ s = None -> s = nil. + Proof. + induction s as [| [x' c] s' IH] => //. + move : IH. + case s' as [| [y' c'] s''] => //=. + move => H H_pre. + move : (H H_pre) => //. + Qed. + - Lemma chooseZ_min : - forall (s : t) (x y : Z) (Hs : Ok s), - chooseZ s = Some x -> InZ y s -> ~ Z.lt y x. + Definition max_eltZ_spec3 : + forall (s : t), + max_eltZ s = None -> forall x, ~InZ x s. Proof. - intros s x y H_ok H_min H_in H_y_lt_x. - eapply (Nin_elements_greater s (Z.pred x)) => //; last apply H_in. { - move : H_ok H_min. - case s => //. - move => [z c] s'. - rewrite /chooseZ Ok_cons elementsZ_cons /rev' -rev_alt rev_app_distr - rev_involutive. - move => [_] [/N.neq_0_r] [c'] -> _. - rewrite elementsZ_single_succ_front /=. - move => [->]. - apply Z.ltb_lt, Z.lt_pred_l. - } { - apply H_ok. - } { - by apply Z.lt_le_pred. - } + move => s /max_eltZ_eq_None -> x /InZ_nil //. Qed. - Lemma chooseZ_InZ : - forall (s : t) (x : Z), - chooseZ s = Some x -> InZ x s. + Definition max_elt_spec1 : + forall (s : t) (x : elt) (Hs : Ok s), max_elt s = Some x -> In x s. Proof. - intros s x. - rewrite /chooseZ /InZ /rev' -rev_alt in_rev. - case (rev (elementsZ s)) => //. - move => z l [<-] /=. - by left. + rewrite /max_elt. + move => s x H_ok. + case_eq (max_eltZ s) => //. + move => z H_max_elt [<-]. + apply InZ_In => //. + apply max_eltZ_spec1 => //. + apply H_ok. Qed. + Definition max_elt_spec2 : + forall (s : t) (x y : elt) (Hs : Ok s), max_elt s = Some x -> In y s -> ~(Enc.E.lt x y). + Proof. + rewrite /max_elt. + move => s x y H_ok. + move : (H_ok) => [H_inv] _. + case_eq (max_eltZ s) => //. + move => z H_max_elt [<-]. + rewrite In_InZ => H_inZ. + rewrite -Enc.encode_lt. + apply (max_eltZ_spec2 _ _ _ H_inv) => //. + suff -> : Enc.encode (Enc.decode z) = z => //. + apply encode_decode_eq with (s := s) => //. + apply max_eltZ_spec1 => //. + Qed. - Lemma chooseZ_spec3: forall s s' x x', Ok s -> Ok s' -> - chooseZ s = Some x -> chooseZ s' = Some x' -> Equal s s' -> x = x'. + Definition max_elt_spec3 : + forall s : t, max_elt s = None -> Empty s. Proof. - intros s s' x x' Hs Hs' Hx Hx'. - rewrite -equal_spec equal_alt_def => H_s_eq. - move : Hx Hx'. - rewrite H_s_eq => -> [] //. + intro s. + rewrite /max_elt /Empty. + case_eq (max_eltZ s) => //. + move => /max_eltZ_eq_None -> _ x. + rewrite /In elements_nil InA_nil //. Qed. + (** *** fold specification *) Lemma fold_spec : @@ -2302,7 +5037,16 @@ Module Raw (Enc : ElementEncode). fold f s i = fold_left (flip f) (elements s) i. Proof. intros s A i f. - rewrite /fold //. + rewrite /fold fold_elementsZ_alt_def /elements + rev_map_alt_def -map_rev. + move : i. + generalize (rev (elementsZ s)). + induction l as [| x xs IH]. { + done. + } { + move => i. + rewrite /= IH //. + } Qed. @@ -2341,11 +5085,43 @@ Module Raw (Enc : ElementEncode). (for_all f s = true <-> For_all (fun x => f x = true) s). Proof. intros s f Hs H. - rewrite /for_all forallb_forall /For_all //. - split; ( - move => HH x; move : {HH} (HH x); - rewrite In_alt_def // - ). + rewrite /for_all /For_all /In fold_elementsZ_alt_def + /elements rev_map_alt_def -map_rev. + generalize (rev (elementsZ s)). + induction l as [| x xs IH]. { + split => // _ x /= /InA_nil //. + } { + rewrite /=. + case_eq (f (Enc.decode x)) => H_f_eq. { + rewrite IH. + split. { + move => HH x' /InA_cons []. { + by move => ->. + } { + apply HH. + } + } { + move => HH x' H_in. + apply HH. + apply InA_cons. + by right. + } + } { + split; move => HH. { + contradict HH. + case xs => //. + } { + exfalso. + have H_in: (InA Enc.E.eq (Enc.decode x) (Enc.decode x :: map Enc.decode xs)). { + apply InA_cons. + left. + apply Enc.E.eq_equiv. + } + move : (HH _ H_in). + rewrite H_f_eq => //. + } + } + } Qed. (** *** exists specification *) @@ -2356,46 +5132,526 @@ Module Raw (Enc : ElementEncode). (exists_ f s = true <-> Exists (fun x => f x = true) s). Proof. intros s f Hs H. - rewrite /exists_ /Exists existsb_exists //. - split; ( - move => [x] [HH1 HH2]; exists x; move : HH1 HH2; - rewrite In_alt_def // - ). + rewrite /exists_ /Exists /In fold_elementsZ_alt_def + /elements rev_map_alt_def -map_rev. + generalize (rev (elementsZ s)). + induction l as [| x xs IH]. { + split => //. + move => [x] /= [] /InA_nil //. + } { + rewrite /=. + case_eq (f (Enc.decode x)) => H_f_eq. { + split => _. { + exists (Enc.decode x). + split => //. + apply InA_cons. + left. + apply Enc.E.eq_equiv. + } { + case xs => //. + } + } { + rewrite IH. + split. { + move => [x0] [H_in] H_f_x0. + exists x0. + split => //. + apply InA_cons. + by right. + } { + move => [x0] [] /InA_cons H_in H_f_x0. + exists x0. + split => //. + move : H_in => [] // H_in. + contradict H_f_x0. + rewrite H_in H_f_eq //. + } + } + } + Qed. + + + (** *** filter specification *) + + Definition partitionZ_aux_invariant (x : Z) acc c := + interval_list_invariant (List.rev (partitionZ_fold_skip acc c)) = true /\ + match c with + None => (forall y', InZ y' acc -> Z.succ y' < x) + | Some (y, c') => (x = y + Z.of_N c') + end. + + Lemma partitionZ_aux_invariant_insert : forall x acc c, + partitionZ_aux_invariant x acc c -> + partitionZ_aux_invariant (Z.succ x) acc + (Some (partitionZ_fold_insert c x)). + Proof. + intros x acc c. + rewrite /partitionZ_fold_insert /partitionZ_aux_invariant + /partitionZ_fold_skip. + case c; last first. { + move => [H_inv] H_in. + rewrite /= interval_list_invariant_app_iff Z.add_1_r. + split; last done. + split; first done. + split; first done. + move => x1 x2. + rewrite InZ_rev InZ_cons InZ_nil In_elementsZ_single1. + move => H_x1_in [] // <-. + by apply H_in. + } { + move => [y c']. + rewrite /= !interval_list_invariant_app_iff + N2Z.inj_succ Z.add_succ_r . + rewrite !interval_list_invariant_cons !interval_list_invariant_nil. + move => [] [H_inv_acc] [] [] _ [H_c_neq_0] _ + H_in_c ->. + split; last done. + split; first done. + split. { + split; first done. + split; last done. + apply N.neq_succ_0. + } { + move => x1 x2. + rewrite InZ_cons InZ_nil In_elementsZ_single. + move => H_x1_in [] // [H_y_le] H_x2_lt. + apply Z.lt_le_trans with (m := y) => //. + apply H_in_c => //. + rewrite InZ_cons In_elementsZ_single. + left. + split. { + apply Z.le_refl. + } { + by apply Z_lt_add_r. + } + } + } + Qed. + + Lemma partitionZ_aux_invariant_skip : forall x acc c, + partitionZ_aux_invariant x acc c -> + partitionZ_aux_invariant (Z.succ x) (partitionZ_fold_skip acc c) None. + Proof. + intros x acc c. + rewrite /partitionZ_fold_skip /partitionZ_aux_invariant + /partitionZ_fold_skip. + case c; last first. { + move => [H_inv] H_in. + split; first done. + move => y' H_y'_in. + apply Z.lt_trans with (m := x). { + by apply H_in. + } { + apply Z.lt_succ_diag_r. + } + } { + move => [y c'] [H_inv] ->. + split => //. + move => y'. + rewrite InZ_cons In_elementsZ_single. + move => []. { + move => [_]. + rewrite -Z.succ_lt_mono //. + } { + move : H_inv. + rewrite /= !interval_list_invariant_app_iff interval_list_invariant_cons. + move => [_] [] [_] [H_c'_neq] _ H_pre H_y'_in. + apply Z.lt_trans with (m := y). { + apply H_pre. { + by rewrite InZ_rev. + } { + rewrite InZ_cons. + left. + by apply In_elementsZ_single_hd. + } + } + apply Z.lt_succ_r, Z_le_add_r. + } + } + Qed. + + Definition partitionZ_fold_current (c : option (Z * N)) := + match c with + None => nil + | Some yc => yc::nil + end. + + Lemma InZ_partitionZ_fold_current_Some : forall yc y, + InZ y (partitionZ_fold_current (Some yc)) <-> + InZ y (yc :: nil). + Proof. done. Qed. + + Lemma InZ_partitionZ_fold_insert : forall c x y l, + match c with + | Some (y, c') => x = y + Z.of_N c' + | None => True + end -> ( + InZ y (partitionZ_fold_insert c x :: l) <-> + ((x = y) \/ InZ y (partitionZ_fold_current c) \/ + InZ y l)). + Proof. + intros c x y l. + rewrite /partitionZ_fold_insert /partitionZ_fold_current + /partitionZ_fold_skip. + case c. { + move => [y' c'] ->. + rewrite !InZ_cons elementsZ_single_succ in_app_iff + InZ_nil /=. + tauto. + } { + rewrite InZ_cons InZ_nil In_elementsZ_single1. + tauto. + } + Qed. + + Lemma InZ_partitionZ_fold_skip : forall c acc y, + InZ y (partitionZ_fold_skip acc c) <-> + (InZ y (partitionZ_fold_current c) \/ InZ y acc). + Proof. + intros c acc y. + rewrite /partitionZ_fold_skip /partitionZ_fold_current + /partitionZ_fold_skip. + case c. { + move => [y' c']. + rewrite !InZ_cons InZ_nil /=. + tauto. + } { + rewrite InZ_nil. + tauto. + } + Qed. + + Lemma filterZ_single_aux_props : + forall f c x acc cur, + partitionZ_aux_invariant x acc cur -> + match (filterZ_single_aux f (acc, cur) x c) with + (acc', c') => + let r := partitionZ_fold_skip acc' c' in + interval_list_invariant (List.rev r) = true /\ + (forall y', InZ y' r <-> (InZ y' (partitionZ_fold_skip acc cur) \/ + (f y' = true /\ List.In y' (elementsZ_single x c)))) + + end. + Proof. + intro f. + induction c as [| c' IH] using N.peano_ind. { + intros x acc cur. + rewrite /partitionZ_aux_invariant. + move => [H_inv] _. + rewrite /filterZ_single_aux fold_elementsZ_single_zero /=. + tauto. + } + intros x acc cur H_inv. + have -> : filterZ_single_aux f (acc, cur) x (N.succ c') = + filterZ_single_aux f (filterZ_fold_fun f (acc, cur) x) (Z.succ x) c'. { + by rewrite /filterZ_single_aux fold_elementsZ_single_succ. + } + case_eq (filterZ_fold_fun f (acc, cur) x). + move => acc' cur' H_fold_eq. + + case_eq (filterZ_single_aux f (acc', cur') (Z.succ x) c'). + move => acc'' cur'' H_succ_eq. + + have H_inv' : partitionZ_aux_invariant (Z.succ x) acc' cur'. { + move : H_fold_eq H_inv. + rewrite /filterZ_fold_fun. + case (f x); move => [<-] <-. { + apply partitionZ_aux_invariant_insert. + } { + apply partitionZ_aux_invariant_skip. + } + } + + move : (IH (Z.succ x) acc' cur' H_inv') => {IH}. + rewrite H_succ_eq /=. + set r := partitionZ_fold_skip acc'' cur''. + move => [H_inv_r] H_in_r. + split; first assumption. + + move => y'. + move : H_fold_eq. + rewrite H_in_r /filterZ_fold_fun. + case_eq (f x) => H_fx [<-] <-. { + rewrite InZ_partitionZ_fold_skip InZ_partitionZ_fold_current_Some InZ_partitionZ_fold_skip elementsZ_single_succ_front. + rewrite InZ_partitionZ_fold_insert; last first. { + move : H_inv. + rewrite /partitionZ_aux_invariant => [[_]]. + case cur => //. + } + rewrite InZ_nil /=. + split; last by tauto. + move => []; last by tauto. + move => []; last by tauto. + move => []. { + move => <-. + tauto. + } { + tauto. + } + } { + rewrite InZ_partitionZ_fold_skip /partitionZ_fold_current InZ_partitionZ_fold_skip elementsZ_single_succ_front !InZ_nil /=. + split; first by tauto. + move => []; first by tauto. + move => [] H_fy' []. { + move => H_x_eq; subst y'. + contradict H_fy'. + by rewrite H_fx. + } { + tauto. + } + } + Qed. + + + Lemma filterZ_single_props : + forall f c x acc, + interval_list_invariant (rev acc) = true -> + (forall y' : Z, InZ y' acc -> Z.succ y' < x) -> + match (filterZ_single f acc x c) with + r => + interval_list_invariant (List.rev r) = true /\ + (forall y', InZ y' r <-> (InZ y' acc \/ + (f y' = true /\ List.In y' (elementsZ_single x c)))) + + end. + Proof. + intros f c x acc. + move => H_inv H_acc. + rewrite /filterZ_single. + + have H_inv' : partitionZ_aux_invariant x acc None. { + by rewrite /partitionZ_aux_invariant /=. + } + move : (filterZ_single_aux_props f c x acc None H_inv'). + case_eq (filterZ_single_aux f (acc, None) x c). + move => acc' cur' /= H_res. + tauto. + Qed. + + + Lemma filterZ_aux_props : + forall f s acc, + interval_list_invariant s = true -> + interval_list_invariant (rev acc) = true -> + (forall x1 x2 : Z, InZ x1 acc -> InZ x2 s -> Z.succ x1 < x2) -> + match (filterZ_aux acc f s) with + r => + interval_list_invariant r = true /\ + (forall y', InZ y' r <-> (InZ y' acc \/ + (f y' = true /\ InZ y' s))) + end. + Proof. + intro f. + induction s as [| [y c] s' IH]. { + intros acc. + move => _ H_inv _. + rewrite /filterZ_aux. + split; first assumption. + move => y'; rewrite InZ_rev InZ_nil; tauto. + } { + intros acc. + rewrite interval_list_invariant_cons. + move => [H_gr] [H_c_neq_0] H_inv_s' H_inv H_in_acc /=. + move : H_gr. + rewrite interval_list_elements_greater_alt2_def => // H_gr. + + have H_pre : (forall y' : Z, InZ y' acc -> Z.succ y' < y). { + move => x1 H_x1_in. + apply H_in_acc => //. + rewrite InZ_cons. + by left; apply In_elementsZ_single_hd. + } + + move : (filterZ_single_props f c y acc H_inv H_pre) => {H_pre}. + set acc' := filterZ_single f acc y c. + move => [H_inv'] H_in_acc'. + + have H_pre : (forall x1 x2 : Z, + InZ x1 acc' -> InZ x2 s' -> Z.succ x1 < x2). { + move => x1 x2. + rewrite H_in_acc' In_elementsZ_single. + move => []. { + move => H_x1_in H_x2_in. + apply H_in_acc => //. + rewrite InZ_cons. + by right. + } { + move => [_] [_] H_x1_lt H_x2_in. + apply Z.le_lt_trans with (m := y + Z.of_N c). + - by apply Z.le_succ_l. + - by apply H_gr. + } + } + move : (IH acc' H_inv_s' H_inv' H_pre) => {H_pre}. + + move => [H_inv_r] H_in_r. + split; first assumption. + move => y'. + rewrite H_in_r H_in_acc' InZ_cons. + tauto. + } + Qed. + + Lemma filterZ_props : + forall f s, + interval_list_invariant s = true -> + match (filterZ f s) with r => + interval_list_invariant r = true /\ + (forall y', InZ y' r <-> (f y' = true /\ InZ y' s)) + end. + Proof. + intros f s H_inv_s. + rewrite /filterZ. + + have H_pre_1 : interval_list_invariant (rev nil) = true by done. + have H_pre_2 : (forall x1 x2 : Z, InZ x1 nil -> InZ x2 s -> Z.succ x1 < x2) by done. + + move : (filterZ_aux_props f s nil H_inv_s H_pre_1 H_pre_2) => {H_pre_1} {H_pre_2}. + move => [H_inv'] H_in_r. + split; first assumption. + move => y'. + rewrite H_in_r InZ_nil. + tauto. + Qed. + + Global Instance filter_ok s f : forall `(Ok s), Ok (filter f s). + Proof. + move => [H_inv H_enc]. + rewrite /filter. + set f' := (fun z : Z => f (Enc.decode z)). + move : (filterZ_props f' s H_inv). + move => [H_inv'] H_in_r. + rewrite /Ok /IsOk /is_encoded_elems_list. + split; first assumption. + move => x /H_in_r [_] H_x_in. + by apply H_enc. + Qed. + + Lemma filter_spec : + forall (s : t) (x : elt) (f : elt -> bool), + Ok s -> + (In x (filter f s) <-> In x s /\ f x = true). + Proof. + move => s x f H_ok. + suff H_suff : + (forall x, (InZ x (filter f s)) <-> + InZ x s /\ f (Enc.decode x) = true). { + rewrite !In_alt_def /elements !rev_map_alt_def + -!in_rev !in_map_iff. + setoid_rewrite H_suff. + rewrite /InZ. + split. { + move => [y] [<-] [?] ?. + split => //. + by exists y. + } { + move => [] [y] [<-] ? ?. + by exists y. + } + } + rewrite /filter. + set f' := (fun z : Z => f (Enc.decode z)). + move : (H_ok) => [H_inv _]. + move : (filterZ_props f' s H_inv). + move => [H_inv'] H_in_r. + move => y; rewrite H_in_r; tauto. + Qed. + + + (** *** partition specification *) + + Lemma partitionZ_single_aux_alt_def : forall f c y acc_t c_t acc_f c_f, + partitionZ_single_aux f ((acc_t, c_t), (acc_f, c_f)) y c = + (filterZ_single_aux f (acc_t, c_t) y c, + filterZ_single_aux (fun x : Z => negb (f x)) (acc_f, c_f) y c). + Proof. + intros f. + rewrite /partitionZ_single_aux /filterZ_single_aux. + induction c as [| c' IH] using N.peano_ind. { + intros y acc_t c_t acc_f c_f. + rewrite !fold_elementsZ_single_zero //. } { + intros y acc_t c_t acc_f c_f. + rewrite !fold_elementsZ_single_succ. + case_eq (partitionZ_fold_fun f (acc_t, c_t, (acc_f, c_f)) y) => [] [acc_t' c_t'] [acc_f' c_f'] H_fold_eq. + rewrite IH => {IH}. + suff : (filterZ_fold_fun f (acc_t, c_t) y = (acc_t', c_t')) /\ + (filterZ_fold_fun (fun x : Z => negb (f x)) (acc_f, c_f) y = (acc_f', c_f')). { + move => [->] -> //. + } + move : H_fold_eq. + rewrite /partitionZ_fold_fun /filterZ_fold_fun. + case (f y); move => [<-] <- <- <- //. + } + Qed. + + Lemma partitionZ_aux_alt_def : forall f s acc_t acc_f, + partitionZ_aux acc_t acc_f f s = + (filterZ_aux acc_t f s, + filterZ_aux acc_f (fun x : Z => negb (f x)) s). + Proof. + intros f. + induction s as [| [y c] s' IH]. { + done. + } { + intros acc_t acc_f. + rewrite /= /partitionZ_single /filterZ_single + partitionZ_single_aux_alt_def. + case (filterZ_single_aux f (acc_t, None) y c) => acc_t' c_t'. + case (filterZ_single_aux (fun x : Z => negb (f x)) (acc_f, None) y c) => acc_f' c_f'. + rewrite IH //. + } + Qed. + + Lemma partitionZ_alt_def : forall f s, + partitionZ f s = (filterZ f s, + filterZ (fun x => negb (f x)) s). + Proof. + intros f s. + rewrite /partitionZ /filterZ + partitionZ_aux_alt_def //. + Qed. + + Lemma partition_alt_def : forall f s, + partition f s = (filter f s, + filter (fun x => negb (f x)) s). + Proof. + intros f s. + rewrite /partition /filter partitionZ_alt_def. + done. Qed. - (** *** partition specification *) Global Instance partition_ok1 s f : forall `(Ok s), Ok (fst (partition f s)). Proof. - intros H_ok. - rewrite /partition /fst. + move => H_ok. + rewrite partition_alt_def /fst. by apply filter_ok. - Qed. + Qed. Global Instance partition_ok2 s f : forall `(Ok s), Ok (snd (partition f s)). Proof. - intros H_ok. - rewrite /partition /snd. + move => H_ok. + rewrite partition_alt_def /snd. by apply filter_ok. Qed. Lemma partition_spec1 : forall (s : t) (f : elt -> bool), - Proper (Enc.E.eq==>eq) f -> Equal (fst (partition f s)) (filter f s). + Equal (fst (partition f s)) (filter f s). Proof. - intros s f H_ok. - rewrite /partition /fst /Equal //. + intros s f. + rewrite partition_alt_def /fst /Equal //. Qed. Lemma partition_spec2 : forall (s : t) (f : elt -> bool), - Proper (Enc.E.eq==>eq) f -> + Ok s -> Equal (snd (partition f s)) (filter (fun x => negb (f x)) s). Proof. - intros s f H_ok. - rewrite /partition /snd /Equal //. + intros s f. + rewrite partition_alt_def /snd /Equal //. Qed. - + End Raw. @@ -2404,7 +5660,7 @@ End Raw. We can now build the invariant into the set type to obtain an instantiation of module type [WSetsOn]. *) -Module MSetIntervals (Enc : ElementEncode) <: WSetsOn Enc.E. +Module MSetIntervals (Enc : ElementEncode) <: SetsOn Enc.E. Module E := Enc.E. Module Raw := Raw Enc. @@ -2416,7 +5672,7 @@ Module MSetIntervals (Enc : ElementEncode) <: WSetsOn Enc.E. Record t_ := Mkt {this :> Raw.t; is_ok : Raw.Ok this}. Definition t := t_. Arguments Mkt this {is_ok}. - Hint Resolve is_ok : typeclass_instances. + #[local] Hint Resolve is_ok : typeclass_instances. Definition In (x : elt)(s : t) := Raw.In x s.(this). Definition Equal (s s' : t) := forall a : elt, In a s <-> In a s'. @@ -2437,7 +5693,10 @@ Module MSetIntervals (Enc : ElementEncode) <: WSetsOn Enc.E. Definition empty : t := Mkt Raw.empty. Definition is_empty (s : t) := Raw.is_empty s. Definition elements (s : t) : list elt := Raw.elements s. + Definition min_elt (s : t) : option elt := Raw.min_elt s. + Definition max_elt (s : t) : option elt := Raw.max_elt s. Definition choose (s : t) : option elt := Raw.choose s. + Definition compare (s1 s2 : t) : comparison := Raw.compare s1 s2. Definition fold {A : Type}(f : elt -> A -> A)(s : t) : A -> A := Raw.fold f s. Definition cardinal (s : t) := Raw.cardinal s. Definition filter (f : elt -> bool)(s : t) : t := Mkt (Raw.filter f s). @@ -2446,7 +5705,7 @@ Module MSetIntervals (Enc : ElementEncode) <: WSetsOn Enc.E. Definition partition (f : elt -> bool)(s : t) : t * t := let p := Raw.partition f s in (Mkt (fst p), Mkt (snd p)). - Instance In_compat : Proper (E.eq==>eq==>iff) In. + #[local] Instance In_compat : Proper (E.eq==>eq==>iff) In. Proof. repeat red. move => x y H_eq_xy x' y' ->. @@ -2457,10 +5716,9 @@ Module MSetIntervals (Enc : ElementEncode) <: WSetsOn Enc.E. Definition eq : t -> t -> Prop := Equal. - Instance eq_equiv : Equivalence eq. + #[local] Instance eq_equiv : Equivalence eq. Proof. firstorder. Qed. - Definition eq_dec : forall (s s':t), { eq s s' }+{ ~eq s s' }. Proof. intros (s,Hs) (s',Hs'). @@ -2469,7 +5727,39 @@ Module MSetIntervals (Enc : ElementEncode) <: WSetsOn Enc.E. rewrite <- Raw.equal_spec; congruence. Defined. + Definition lt : t -> t -> Prop := Raw.lt. + + #[local] Instance lt_strorder : StrictOrder lt. + Proof. + unfold lt. + constructor. { + move : Raw.lt_Irreflexive. + rewrite /Irreflexive /complement /Reflexive. + move => H x. + apply H. + } { + move : Raw.lt_Transitive. + rewrite /Transitive. + move => H x y z. + apply H. + } + Qed. + #[local] Instance lt_compat : Proper (eq==>eq==>iff) lt. + Proof. + repeat red. + move => [x1 H_x1_ok] [y1 H_y1_ok] H_eq. + move => [x2 H_x2_ok] [y2 H_y2_ok]. + move : H_eq. + rewrite /eq /lt /Equal /In /=. + replace (forall a : elt, Raw.In a x1 <-> Raw.In a y1) with + (Raw.Equal x1 y1) by done. + replace (forall a : elt, Raw.In a x2 <-> Raw.In a y2) with + (Raw.Equal x2 y2) by done. + rewrite -!Raw.equal_spec !Raw.equal_alt_def. + move => -> -> //. + Qed. + Section Spec. Variable s s' : t. Variable x y : elt. @@ -2505,7 +5795,7 @@ Module MSetIntervals (Enc : ElementEncode) <: WSetsOn Enc.E. Proof. exact (@Raw.cardinal_spec s). Qed. Lemma filter_spec : compatb f -> (In x (filter f s) <-> In x s /\ f x = true). - Proof. exact (@Raw.filter_spec _ _ _). Qed. + Proof. move => _; exact (@Raw.filter_spec _ _ _ _). Qed. Lemma for_all_spec : compatb f -> (for_all f s = true <-> For_all (fun x => f x = true) s). Proof. exact (@Raw.for_all_spec _ _ _). Qed. @@ -2513,19 +5803,60 @@ Module MSetIntervals (Enc : ElementEncode) <: WSetsOn Enc.E. (exists_ f s = true <-> Exists (fun x => f x = true) s). Proof. exact (@Raw.exists_spec _ _ _). Qed. Lemma partition_spec1 : compatb f -> Equal (fst (partition f s)) (filter f s). - Proof. exact (@Raw.partition_spec1 _ _). Qed. + Proof. move => _; exact (@Raw.partition_spec1 _ _). Qed. Lemma partition_spec2 : compatb f -> Equal (snd (partition f s)) (filter (fun x => negb (f x)) s). - Proof. exact (@Raw.partition_spec2 _ _). Qed. + Proof. move => _; exact (@Raw.partition_spec2 _ _ _). Qed. Lemma elements_spec1 : InA E.eq x (elements s) <-> In x s. Proof. rewrite /In /Raw.In /elements //. Qed. Lemma elements_spec2w : NoDupA E.eq (elements s). Proof. exact (Raw.elements_spec2w _ _). Qed. + Lemma elements_spec2 : sort E.lt (elements s). + Proof. exact (Raw.elements_sorted _ _). Qed. Lemma choose_spec1 : choose s = Some x -> In x s. - Proof. exact (Raw.choose_spec1 _ _). Qed. + Proof. exact (Raw.choose_spec1 _ _ _). Qed. Lemma choose_spec2 : choose s = None -> Empty s. Proof. exact (Raw.choose_spec2 _). Qed. + Lemma choose_spec3 : choose s = Some x -> choose s' = Some y -> + Equal s s' -> E.eq x y. + Proof. + intros H1 H2 H3. + suff -> : x = y. { + apply E.eq_equiv. + } + move : H1 H2 H3. + exact (Raw.choose_spec3 _ _ _ _ _ _). + Qed. + Lemma min_elt_spec1 : choose s = Some x -> In x s. + Proof. exact (Raw.min_elt_spec1 _ _ _). Qed. + Lemma min_elt_spec2 : min_elt s = Some x -> In y s -> ~ E.lt y x. + Proof. exact (Raw.min_elt_spec2 _ _ _ _). Qed. + Lemma min_elt_spec3 : choose s = None -> Empty s. + Proof. exact (Raw.min_elt_spec3 _). Qed. + + Lemma max_elt_spec1 : max_elt s = Some x -> In x s. + Proof. exact (Raw.max_elt_spec1 _ _ _). Qed. + Lemma max_elt_spec2 : max_elt s = Some x -> In y s -> ~ E.lt x y. + Proof. exact (Raw.max_elt_spec2 _ _ _ _). Qed. + Lemma max_elt_spec3 : max_elt s = None -> Empty s. + Proof. exact (Raw.max_elt_spec3 _). Qed. + + Lemma compare_spec : CompSpec eq lt s s' (compare s s'). + Proof. + generalize s s'. + move => [s1 H_ok_s1] [s2 H_ok_s2]. + move : (Raw.compare_spec s1 s2). + rewrite /CompSpec /eq /Equal /In /lt /compare /=. + replace (forall a : elt, Raw.In a s1 <-> Raw.In a s2) with + (Raw.Equal s1 s2) by done. + suff H_eq : (Raw.Equal s1 s2) <-> (s1 = s2). { + move => [] H; constructor => //. + by rewrite H_eq. + } + rewrite -Raw.equal_spec Raw.equal_alt_def //. + Qed. + End Spec. End MSetIntervals. @@ -2552,10 +5883,14 @@ Module ElementEncodeZ <: ElementEncode. (Z.eq (encode e1) (encode e2)) <-> E.eq e1 e2. Proof. by []. Qed. + Lemma encode_lt : forall (e1 e2 : E.t), + (Z.lt (encode e1) (encode e2)) <-> E.lt e1 e2. + Proof. by []. Qed. + End ElementEncodeZ. -Module MSetIntervalsZ <: WSetsOn Z := MSetIntervals ElementEncodeZ. +Module MSetIntervalsZ <: SetsOn Z := MSetIntervals ElementEncodeZ. (** *** N *) @@ -2578,14 +5913,22 @@ Module ElementEncodeN <: ElementEncode. intros e1 e2. rewrite /encode /Z.eq N2Z.inj_iff /E.eq //. Qed. + + Lemma encode_lt : forall (e1 e2 : E.t), + (Z.lt (encode e1) (encode e2)) <-> E.lt e1 e2. + Proof. + intros e1 e2. + rewrite /encode -N2Z.inj_lt //. + Qed. + End ElementEncodeN. -Module MSetIntervalsN <: WSetsOn N := MSetIntervals ElementEncodeN. +Module MSetIntervalsN <: SetsOn N := MSetIntervals ElementEncodeN. (** *** nat *) Module ElementEncodeNat <: ElementEncode. - Module E := NPeano.Nat. + Module E := Nat. Definition encode (n : nat) := Z.of_nat n. Definition decode (z : Z) := Z.to_nat z. @@ -2603,7 +5946,17 @@ Module ElementEncodeNat <: ElementEncode. intros e1 e2. rewrite /encode /Z.eq Nat2Z.inj_iff /E.eq //. Qed. + + Lemma encode_lt : forall (e1 e2 : E.t), + (Z.lt (encode e1) (encode e2)) <-> E.lt e1 e2. + Proof. + intros e1 e2. + rewrite /encode -Nat2Z.inj_lt //. + Qed. + End ElementEncodeNat. -Module MSetIntervalsNat <: WSetsOn NPeano.Nat := MSetIntervals ElementEncodeNat. +Module MSetIntervalsNat <: SetsOn Nat := MSetIntervals ElementEncodeNat. + + diff --git a/MSetListWithDups.v b/MSetListWithDups.v index 6ad388a..fefef58 100644 --- a/MSetListWithDups.v +++ b/MSetListWithDups.v @@ -34,7 +34,7 @@ Require Export MSetInterface. -Require Import ssreflect. +Require Import mathcomp.ssreflect.ssreflect. Require Import List OrdersFacts OrdersLists. Require Import Sorting Permutation. Require Import MSetWithDups. @@ -325,8 +325,7 @@ Module RemoveDupsFromSorted (Import X:OrderedType). rewrite !InA_alt. setoid_rewrite H_in_sort => //. } { - - move : (LocallySorted_sort l). + move : (Sorted_sort l). rewrite /is_true /le /leb //. } Qed. @@ -447,7 +446,7 @@ Module Make (E:OrderedType) <: WSetsOnWithDupsExtra E. (** Logical predicates *) Definition In x (s : t) := SetoidList.InA E.eq x s. - Instance In_compat : Proper (E.eq==>eq==>iff) In. + #[local] Instance In_compat : Proper (E.eq==>eq==>iff) In. Proof. repeat red. intros. rewrite H H0. auto. Qed. Definition Equal s s' := forall a : elt, In a s <-> In a s'. @@ -489,9 +488,9 @@ Module Make (E:OrderedType) <: WSetsOnWithDupsExtra E. case (E.compare x y). { tauto. } { - rewrite IH; intuition; inversion H. + rewrite IH; intuition; inversion H1. } { - rewrite IH; intuition; inversion H. + rewrite IH; intuition; inversion H1. } } Qed. @@ -570,10 +569,6 @@ Module Make (E:OrderedType) <: WSetsOnWithDupsExtra E. } Qed. - Hint Resolve (@Equivalence_Reflexive _ _ E.eq_equiv). - Hint Immediate (@Equivalence_Symmetric _ _ E.eq_equiv). - Hint Resolve (@Equivalence_Transitive _ _ E.eq_equiv). - Lemma rev_filter_aux_spec : forall s acc x f, compatb f -> (In x (rev_filter_aux acc f s) <-> (In x s /\ f x = true) \/ (In x acc)). Proof. @@ -717,7 +712,7 @@ Module Make (E:OrderedType) <: WSetsOnWithDupsExtra E. } apply H. apply InA_cons_hd. - done. + apply (@Equivalence_Reflexive _ _ E.eq_equiv). } } Qed. @@ -738,7 +733,7 @@ Module Make (E:OrderedType) <: WSetsOnWithDupsExtra E. exists x. split => //. apply InA_cons_hd. - done. + apply (@Equivalence_Reflexive _ _ E.eq_equiv). } { rewrite IH. split. { diff --git a/MSetWithDups.v b/MSetWithDups.v index f92023d..87d7d4b 100644 --- a/MSetWithDups.v +++ b/MSetWithDups.v @@ -50,7 +50,7 @@ *) Require Import Coq.MSets.MSetInterface. -Require Import ssreflect. +Require Import mathcomp.ssreflect.ssreflect. (** ** WSetsOnWithDups @@ -67,7 +67,7 @@ Module Type WSetsOnWithDups (E : DecidableType). Include WOps E. Parameter In : elt -> t -> Prop. - Declare Instance In_compat : Proper (E.eq==>eq==>iff) In. + #[local] Declare Instance In_compat : Proper (E.eq==>eq==>iff) In. Definition Equal s s' := forall a : elt, In a s <-> In a s'. Definition Subset s s' := forall a : elt, In a s -> In a s'. diff --git a/Makefile b/Makefile index f389935..b10449a 100644 --- a/Makefile +++ b/Makefile @@ -1,85 +1,953 @@ -# File: Makefile +########################################################################## +## # The Coq Proof Assistant / The Coq Development Team ## +## v # Copyright INRIA, CNRS and contributors ## +## /dev/null 2>/dev/null; echo $$?)) +STDTIME?=command time -f $(TIMEFMT) +else +ifeq (0,$(shell gtime -f "" true >/dev/null 2>/dev/null; echo $$?)) +STDTIME?=gtime -f $(TIMEFMT) +else +STDTIME?=command time +endif +endif +else +STDTIME?=command time -f $(TIMEFMT) +endif + +COQBIN?= +ifneq (,$(COQBIN)) +# add an ending / +COQBIN:=$(COQBIN)/ +endif + +# Coq binaries +COQC ?= "$(COQBIN)coqc" +COQTOP ?= "$(COQBIN)coqtop" +COQCHK ?= "$(COQBIN)coqchk" +COQNATIVE ?= "$(COQBIN)coqnative" +COQDEP ?= "$(COQBIN)coqdep" +COQDOC ?= "$(COQBIN)coqdoc" +COQPP ?= "$(COQBIN)coqpp" +COQMKFILE ?= "$(COQBIN)coq_makefile" +OCAMLLIBDEP ?= "$(COQBIN)ocamllibdep" + +# Timing scripts +COQMAKE_ONE_TIME_FILE ?= "$(COQCORELIB)/tools/make-one-time-file.py" +COQMAKE_BOTH_TIME_FILES ?= "$(COQCORELIB)/tools/make-both-time-files.py" +COQMAKE_BOTH_SINGLE_TIMING_FILES ?= "$(COQCORELIB)/tools/make-both-single-timing-files.py" +BEFORE ?= +AFTER ?= + +# OCaml binaries +CAMLC ?= "$(OCAMLFIND)" ocamlc -c +CAMLOPTC ?= "$(OCAMLFIND)" opt -c +CAMLLINK ?= "$(OCAMLFIND)" ocamlc -linkall +CAMLOPTLINK ?= "$(OCAMLFIND)" opt -linkall +CAMLDOC ?= "$(OCAMLFIND)" ocamldoc +CAMLDEP ?= "$(OCAMLFIND)" ocamldep -slash -ml-synonym .mlpack + +# DESTDIR is prepended to all installation paths +DESTDIR ?= + +# Debug builds, typically -g to OCaml, -debug to Coq. +CAMLDEBUG ?= +COQDEBUG ?= + +# Extra packages to be linked in (as in findlib -package) +CAMLPKGS ?= +FINDLIBPKGS = -package coq-core.plugins.ltac $(CAMLPKGS) + +# Option for making timing files +TIMING?= +# Option for changing sorting of timing output file +TIMING_SORT_BY ?= auto +# Option for changing the fuzz parameter on the output file +TIMING_FUZZ ?= 0 +# Option for changing whether to use real or user time for timing tables +TIMING_REAL?= +# Option for including the memory column(s) +TIMING_INCLUDE_MEM?= +# Option for sorting by the memory column +TIMING_SORT_BY_MEM?= +# Output file names for timed builds +TIME_OF_BUILD_FILE ?= time-of-build.log +TIME_OF_BUILD_BEFORE_FILE ?= time-of-build-before.log +TIME_OF_BUILD_AFTER_FILE ?= time-of-build-after.log +TIME_OF_PRETTY_BUILD_FILE ?= time-of-build-pretty.log +TIME_OF_PRETTY_BOTH_BUILD_FILE ?= time-of-build-both.log +TIME_OF_PRETTY_BUILD_EXTRA_FILES ?= - # also output to the command line + +TGTS ?= + +# Retro compatibility (DESTDIR is standard on Unix, DSTROOT is not) +ifdef DSTROOT +DESTDIR := $(DSTROOT) +endif + +# Substitution of the path by appending $(DESTDIR) if needed. +# The variable $(COQMF_WINDRIVE) can be needed for Cygwin environments. +windrive_path = $(if $(COQMF_WINDRIVE),$(subst $(COQMF_WINDRIVE),/,$(1)),$(1)) +destination_path = $(if $(DESTDIR),$(DESTDIR)/$(call windrive_path,$(1)),$(1)) + +# Installation paths of libraries and documentation. +COQLIBINSTALL ?= $(call destination_path,$(COQLIB)/user-contrib) +COQDOCINSTALL ?= $(call destination_path,$(DOCDIR)/coq/user-contrib) +COQPLUGININSTALL ?= $(call destination_path,$(COQCORELIB)/..) +COQTOPINSTALL ?= $(call destination_path,$(COQLIB)/toploop) # FIXME: Unused variable? + +# findlib files installation +FINDLIBPREINST= mkdir -p "$(COQPLUGININSTALL)/" +FINDLIBDESTDIR= -destdir "$(COQPLUGININSTALL)/" + +# we need to move out of sight $(METAFILE) otherwise findlib thinks the +# package is already installed +findlib_install = \ + $(HIDE)if [ "$(METAFILE)" ]; then \ + $(FINDLIBPREINST) && \ + mv "$(METAFILE)" "$(METAFILE).skip" ; \ + "$(OCAMLFIND)" install $(2) $(FINDLIBDESTDIR) $(FINDLIBPACKAGE) $(1); \ + rc=$$?; \ + mv "$(METAFILE).skip" "$(METAFILE)"; \ + exit $$rc; \ + fi +findlib_remove = \ + $(HIDE)if [ ! -z "$(METAFILE)" ]; then\ + "$(OCAMLFIND)" remove $(FINDLIBDESTDIR) $(FINDLIBPACKAGE); \ + fi + + +########## End of parameters ################################################## +# What follows may be relevant to you only if you need to +# extend this Makefile. If so, look for 'Extension point' here and +# put in Makefile.local double colon rules accordingly. +# E.g. to perform some work after the all target completes you can write +# +# post-all:: +# echo "All done!" +# +# in Makefile.local +# +############################################################################### + + + + +# Flags ####################################################################### +# +# We define a bunch of variables combining the parameters. +# To add additional flags to coq, coqchk or coqdoc, set the +# {COQ,COQCHK,COQDOC}EXTRAFLAGS variable to whatever you want to add. +# To overwrite the default choice and set your own flags entirely, set the +# {COQ,COQCHK,COQDOC}FLAGS variable. + +SHOW := $(if $(VERBOSE),@true "",@echo "") +HIDE := $(if $(VERBOSE),,@) + +TIMER=$(if $(TIMED), $(STDTIME), $(TIMECMD)) + +OPT?= + +# The DYNOBJ and DYNLIB variables are used by "coqdep -dyndep var" in .v.d +ifeq '$(OPT)' '-byte' +USEBYTE:=true +DYNOBJ:=.cma +DYNLIB:=.cma +else +USEBYTE:= +DYNOBJ:=.cmxs +DYNLIB:=.cmxs +endif + +# these variables are meant to be overridden if you want to add *extra* flags +COQEXTRAFLAGS?= +COQCHKEXTRAFLAGS?= +COQDOCEXTRAFLAGS?= + +# Find the last argument of the form "-native-compiler FLAG" +COQUSERNATIVEFLAG:=$(strip \ +$(subst -native-compiler-,,\ +$(lastword \ +$(filter -native-compiler-%,\ +$(subst -native-compiler ,-native-compiler-,\ +$(strip $(COQEXTRAFLAGS))))))) + +COQFILTEREDEXTRAFLAGS:=$(strip \ +$(filter-out -native-compiler-%,\ +$(subst -native-compiler ,-native-compiler-,\ +$(strip $(COQEXTRAFLAGS))))) + +COQACTUALNATIVEFLAG:=$(lastword $(COQMF_COQ_NATIVE_COMPILER_DEFAULT) $(COQMF_COQPROJECTNATIVEFLAG) $(COQUSERNATIVEFLAG)) + +ifeq '$(COQACTUALNATIVEFLAG)' 'yes' + COQNATIVEFLAG="-w" "-deprecated-native-compiler-option" "-native-compiler" "ondemand" + COQDONATIVE="yes" +else +ifeq '$(COQACTUALNATIVEFLAG)' 'ondemand' + COQNATIVEFLAG="-w" "-deprecated-native-compiler-option" "-native-compiler" "ondemand" + COQDONATIVE="no" +else + COQNATIVEFLAG="-w" "-deprecated-native-compiler-option" "-native-compiler" "no" + COQDONATIVE="no" +endif +endif + +# these flags do NOT contain the libraries, to make them easier to overwrite +COQFLAGS?=-q $(OTHERFLAGS) $(COQFILTEREDEXTRAFLAGS) $(COQNATIVEFLAG) +COQCHKFLAGS?=-silent -o $(COQCHKEXTRAFLAGS) +COQDOCFLAGS?=-interpolate -utf8 $(COQDOCEXTRAFLAGS) + +COQDOCLIBS?=$(COQLIBS_NOML) + +# The version of Coq being run and the version of coq_makefile that +# generated this makefile +COQ_VERSION:=$(shell $(COQC) --print-version | cut -d " " -f 1) +COQMAKEFILE_VERSION:=8.16.1 + +# COQ_SRC_SUBDIRS is for user-overriding, usually to add +# `user-contrib/Foo` to the includes, we keep COQCORE_SRC_SUBDIRS for +# Coq's own core libraries, which should be replaced by ocamlfind +# options at some point. +COQ_SRC_SUBDIRS?= +COQSRCLIBS?= $(foreach d,$(COQ_SRC_SUBDIRS), -I "$(COQLIB)/$(d)") + +CAMLFLAGS+=$(OCAMLLIBS) $(COQSRCLIBS) +# ocamldoc fails with unknown argument otherwise +CAMLDOCFLAGS:=$(filter-out -annot, $(filter-out -bin-annot, $(CAMLFLAGS))) +CAMLFLAGS+=$(OCAMLWARN) + +ifneq (,$(TIMING)) +TIMING_ARG=-time +ifeq (after,$(TIMING)) +TIMING_EXT=after-timing +else +ifeq (before,$(TIMING)) +TIMING_EXT=before-timing +else +TIMING_EXT=timing +endif +endif +else +TIMING_ARG= +endif + +# Files ####################################################################### # -# Author: FireEye, Inc. - Formal Methods Team +# We here define a bunch of variables about the files being part of the +# Coq project in order to ease the writing of build target and build rules -COQINCLUDES=-I . -COQC=coqtop -q $(COQINCLUDES) -batch -compile -COQDOC=coqdoc -COQDEP=coqdep $(COQINCLUDES) -COQFILES=\ - MSetWithDups.v \ - MSetFoldWithAbort.v \ - MSetIntervals.v \ - MSetListWithDups.v +VDFILE := .Makefile.d +ALLSRCFILES := \ + $(MLGFILES) \ + $(MLFILES) \ + $(MLPACKFILES) \ + $(MLLIBFILES) \ + $(MLIFILES) -####################################### -########## GLOBAL RULES ############### +# helpers +vo_to_obj = $(addsuffix .o,\ + $(filter-out Warning: Error:,\ + $(shell $(COQTOP) -q -noinit -batch -quiet -print-mod-uid $(1)))) +strip_dotslash = $(patsubst ./%,%,$(1)) -.DEFAULT_GOAL: all +# without this we get undefined variables in the expansion for the +# targets of the [deprecated,use-mllib-or-mlpack] rule +with_undef = $(if $(filter-out undefined, $(origin $(1))),$($(1))) -.PHONY: all coqhtml coqtex clean doc +VO = vo +VOS = vos +VOFILES = $(VFILES:.v=.$(VO)) +GLOBFILES = $(VFILES:.v=.glob) +HTMLFILES = $(VFILES:.v=.html) +GHTMLFILES = $(VFILES:.v=.g.html) +BEAUTYFILES = $(addsuffix .beautified,$(VFILES)) +TEXFILES = $(VFILES:.v=.tex) +GTEXFILES = $(VFILES:.v=.g.tex) +CMOFILES = \ + $(MLGFILES:.mlg=.cmo) \ + $(MLFILES:.ml=.cmo) \ + $(MLPACKFILES:.mlpack=.cmo) +CMXFILES = $(CMOFILES:.cmo=.cmx) +OFILES = $(CMXFILES:.cmx=.o) +CMAFILES = $(MLLIBFILES:.mllib=.cma) $(MLPACKFILES:.mlpack=.cma) +CMXAFILES = $(CMAFILES:.cma=.cmxa) +CMIFILES = \ + $(CMOFILES:.cmo=.cmi) \ + $(MLIFILES:.mli=.cmi) +# the /if/ is because old _CoqProject did not list a .ml(pack|lib) but just +# a .mlg file +CMXSFILES = \ + $(MLPACKFILES:.mlpack=.cmxs) \ + $(CMXAFILES:.cmxa=.cmxs) \ + $(if $(MLPACKFILES)$(CMXAFILES),,\ + $(MLGFILES:.mlg=.cmxs) $(MLFILES:.ml=.cmxs)) -proof: $(COQFILES:.v=.vo) -doc: coqhtml coqtex doc/main.tex -all: proof doc +# files that are packed into a plugin (no extension) +PACKEDFILES = \ + $(call strip_dotslash, \ + $(foreach lib, \ + $(call strip_dotslash, \ + $(MLPACKFILES:.mlpack=_MLPACK_DEPENDENCIES)),$(call with_undef,$(lib)))) +# files that are archived into a .cma (mllib) +LIBEDFILES = \ + $(call strip_dotslash, \ + $(foreach lib, \ + $(call strip_dotslash, \ + $(MLLIBFILES:.mllib=_MLLIB_DEPENDENCIES)),$(call with_undef,$(lib)))) +CMIFILESTOINSTALL = $(filter-out $(addsuffix .cmi,$(PACKEDFILES)),$(CMIFILES)) +CMOFILESTOINSTALL = $(filter-out $(addsuffix .cmo,$(PACKEDFILES)),$(CMOFILES)) +OBJFILES = $(call vo_to_obj,$(VOFILES)) +ALLNATIVEFILES = \ + $(OBJFILES:.o=.cmi) \ + $(OBJFILES:.o=.cmx) \ + $(OBJFILES:.o=.cmxs) +FINDLIBPACKAGE=$(patsubst .%,%,$(suffix $(METAFILE))) +# trick: wildcard filters out non-existing files, so that `install` doesn't show +# warnings and `clean` doesn't pass to rm a list of files that is too long for +# the shell. +NATIVEFILES = $(wildcard $(ALLNATIVEFILES)) +FILESTOINSTALL = \ + $(VOFILES) \ + $(VFILES) \ + $(GLOBFILES) \ + $(NATIVEFILES) \ + $(CMXSFILES) # to be removed when we remove legacy loading +FINDLIBFILESTOINSTALL = \ + $(CMIFILESTOINSTALL) +ifeq '$(HASNATDYNLINK)' 'true' +DO_NATDYNLINK = yes +FINDLIBFILESTOINSTALL += $(CMXSFILES) $(CMXAFILES) $(CMOFILESTOINSTALL:.cmo=.cmx) +else +DO_NATDYNLINK = +endif +ALLDFILES = $(addsuffix .d,$(ALLSRCFILES)) $(VDFILE) -####################################### -########## COQ RULES ################## +# Compilation targets ######################################################### -%.vo %.glob: %.v - $(COQC) $* +all: + $(HIDE)$(MAKE) --no-print-directory -f "$(SELF)" pre-all + $(HIDE)$(MAKE) --no-print-directory -f "$(SELF)" real-all + $(HIDE)$(MAKE) --no-print-directory -f "$(SELF)" post-all +.PHONY: all -%.v.d: %.v - $(COQDEP) "$<" > "$@" || ( RV=$$?; rm -f "$@"; exit $${RV} ) +all.timing.diff: + $(HIDE)$(MAKE) --no-print-directory -f "$(SELF)" pre-all + $(HIDE)$(MAKE) --no-print-directory -f "$(SELF)" real-all.timing.diff TIME_OF_PRETTY_BUILD_EXTRA_FILES="" + $(HIDE)$(MAKE) --no-print-directory -f "$(SELF)" post-all +.PHONY: all.timing.diff -CLEAN_TARGETS := clean clean_doc clean_coq +ifeq (0,$(TIMING_REAL)) +TIMING_REAL_ARG := +TIMING_USER_ARG := --user +else +ifeq (1,$(TIMING_REAL)) +TIMING_REAL_ARG := --real +TIMING_USER_ARG := +else +TIMING_REAL_ARG := +TIMING_USER_ARG := +endif +endif + +ifeq (0,$(TIMING_INCLUDE_MEM)) +TIMING_INCLUDE_MEM_ARG := --no-include-mem +else +TIMING_INCLUDE_MEM_ARG := +endif -ifeq (,$(filter $(CLEAN_TARGETS),$(MAKECMDGOALS))) - -include $(addsuffix .d,$(COQFILES)) - .SECONDARY: $(addsuffix .d,$(COQFILES)) +ifeq (1,$(TIMING_SORT_BY_MEM)) +TIMING_SORT_BY_MEM_ARG := --sort-by-mem +else +TIMING_SORT_BY_MEM_ARG := endif -####################################### -########## DOCUMENTATION ############# +make-pretty-timed-before:: TIME_OF_BUILD_FILE=$(TIME_OF_BUILD_BEFORE_FILE) +make-pretty-timed-after:: TIME_OF_BUILD_FILE=$(TIME_OF_BUILD_AFTER_FILE) +make-pretty-timed make-pretty-timed-before make-pretty-timed-after:: + $(HIDE)rm -f pretty-timed-success.ok + $(HIDE)($(MAKE) --no-print-directory -f "$(PARENT)" $(TGTS) TIMED=1 2>&1 && touch pretty-timed-success.ok) | tee -a $(TIME_OF_BUILD_FILE) + $(HIDE)rm pretty-timed-success.ok # must not be -f; must fail if the touch failed +print-pretty-timed:: + $(HIDE)$(COQMAKE_ONE_TIME_FILE) $(TIMING_INCLUDE_MEM_ARG) $(TIMING_SORT_BY_MEM_ARG) $(TIMING_REAL_ARG) $(TIME_OF_BUILD_FILE) $(TIME_OF_PRETTY_BUILD_FILE) $(TIME_OF_PRETTY_BUILD_EXTRA_FILES) +print-pretty-timed-diff:: + $(HIDE)$(COQMAKE_BOTH_TIME_FILES) --sort-by=$(TIMING_SORT_BY) $(TIMING_INCLUDE_MEM_ARG) $(TIMING_SORT_BY_MEM_ARG) $(TIMING_REAL_ARG) $(TIME_OF_BUILD_AFTER_FILE) $(TIME_OF_BUILD_BEFORE_FILE) $(TIME_OF_PRETTY_BOTH_BUILD_FILE) $(TIME_OF_PRETTY_BUILD_EXTRA_FILES) +ifeq (,$(BEFORE)) +print-pretty-single-time-diff:: + @echo 'Error: Usage: $(MAKE) print-pretty-single-time-diff AFTER=path/to/file.v.after-timing BEFORE=path/to/file.v.before-timing' + $(HIDE)false +else +ifeq (,$(AFTER)) +print-pretty-single-time-diff:: + @echo 'Error: Usage: $(MAKE) print-pretty-single-time-diff AFTER=path/to/file.v.after-timing BEFORE=path/to/file.v.before-timing' + $(HIDE)false +else +print-pretty-single-time-diff:: + $(HIDE)$(COQMAKE_BOTH_SINGLE_TIMING_FILES) --fuzz=$(TIMING_FUZZ) --sort-by=$(TIMING_SORT_BY) $(TIMING_USER_ARG) $(AFTER) $(BEFORE) $(TIME_OF_PRETTY_BUILD_FILE) $(TIME_OF_PRETTY_BUILD_EXTRA_FILES) +endif +endif +pretty-timed: + $(HIDE)$(MAKE) --no-print-directory -f "$(PARENT)" make-pretty-timed + $(HIDE)$(MAKE) --no-print-directory -f "$(SELF)" print-pretty-timed +.PHONY: pretty-timed make-pretty-timed make-pretty-timed-before make-pretty-timed-after print-pretty-timed print-pretty-timed-diff print-pretty-single-time-diff + +# Extension points for actions to be performed before/after the all target +pre-all:: + @# Extension point + $(HIDE)if [ "$(COQMAKEFILE_VERSION)" != "$(COQ_VERSION)" ]; then\ + echo "W: This Makefile was generated by Coq $(COQMAKEFILE_VERSION)";\ + echo "W: while the current Coq version is $(COQ_VERSION)";\ + fi +.PHONY: pre-all + +post-all:: + @# Extension point +.PHONY: post-all + +real-all: $(VOFILES) $(if $(USEBYTE),bytefiles,optfiles) +.PHONY: real-all + +real-all.timing.diff: $(VOFILES:.vo=.v.timing.diff) +.PHONY: real-all.timing.diff + +bytefiles: $(CMOFILES) $(CMAFILES) +.PHONY: bytefiles + +optfiles: $(if $(DO_NATDYNLINK),$(CMXSFILES)) +.PHONY: optfiles + +# FIXME, see Ralf's bugreport +# quick is deprecated, now renamed vio +vio: $(VOFILES:.vo=.vio) +.PHONY: vio +quick: vio + $(warning "'make quick' is deprecated, use 'make vio' or consider using 'vos' files") +.PHONY: quick + +vio2vo: + $(TIMER) $(COQC) $(COQDEBUG) $(COQFLAGS) $(COQLIBS) \ + -schedule-vio2vo $(J) $(VOFILES:%.vo=%.vio) +.PHONY: vio2vo + +# quick2vo is undocumented +quick2vo: + $(HIDE)make -j $(J) vio + $(HIDE)VIOFILES=$$(for vofile in $(VOFILES); do \ + viofile="$$(echo "$$vofile" | sed "s/\.vo$$/.vio/")"; \ + if [ "$$vofile" -ot "$$viofile" -o ! -e "$$vofile" ]; then printf "$$viofile "; fi; \ + done); \ + echo "VIO2VO: $$VIOFILES"; \ + if [ -n "$$VIOFILES" ]; then \ + $(TIMER) $(COQC) $(COQDEBUG) $(COQFLAGS) $(COQLIBS) -schedule-vio2vo $(J) $$VIOFILES; \ + fi +.PHONY: quick2vo + +checkproofs: + $(TIMER) $(COQC) $(COQDEBUG) $(COQFLAGS) $(COQLIBS) \ + -schedule-vio-checking $(J) $(VOFILES:%.vo=%.vio) +.PHONY: checkproofs + +vos: $(VOFILES:%.vo=%.vos) +.PHONY: vos + +vok: $(VOFILES:%.vo=%.vok) +.PHONY: vok + +validate: $(VOFILES) + $(TIMER) $(COQCHK) $(COQCHKFLAGS) $(COQLIBS_NOML) $^ +.PHONY: validate + +only: $(TGTS) +.PHONY: only + +# Documentation targets ####################################################### + +html: $(GLOBFILES) $(VFILES) + $(SHOW)'COQDOC -d html $(GAL)' + $(HIDE)mkdir -p html + $(HIDE)$(COQDOC) \ + -toc $(COQDOCFLAGS) -html $(GAL) $(COQDOCLIBS) -d html $(VFILES) + +mlihtml: $(MLIFILES:.mli=.cmi) + $(SHOW)'CAMLDOC -d $@' + $(HIDE)mkdir $@ || rm -rf $@/* + $(HIDE)$(CAMLDOC) -html \ + -d $@ -m A $(CAMLDEBUG) $(CAMLDOCFLAGS) $(MLIFILES) $(FINDLIBPKGS) + +all-mli.tex: $(MLIFILES:.mli=.cmi) + $(SHOW)'CAMLDOC -latex $@' + $(HIDE)$(CAMLDOC) -latex \ + -o $@ -m A $(CAMLDEBUG) $(CAMLDOCFLAGS) $(MLIFILES) $(FINDLIBPKGS) + +all.ps: $(VFILES) + $(SHOW)'COQDOC -ps $(GAL)' + $(HIDE)$(COQDOC) \ + -toc $(COQDOCFLAGS) -ps $(GAL) $(COQDOCLIBS) \ + -o $@ `$(COQDEP) -sort $(VFILES)` + +all.pdf: $(VFILES) + $(SHOW)'COQDOC -pdf $(GAL)' + $(HIDE)$(COQDOC) \ + -toc $(COQDOCFLAGS) -pdf $(GAL) $(COQDOCLIBS) \ + -o $@ `$(COQDEP) -sort $(VFILES)` + +# FIXME: not quite right, since the output name is different +gallinahtml: GAL=-g +gallinahtml: html + +all-gal.ps: GAL=-g +all-gal.ps: all.ps + +all-gal.pdf: GAL=-g +all-gal.pdf: all.pdf + +# ? +beautify: $(BEAUTYFILES) + for file in $^; do mv $${file%.beautified} $${file%beautified}old && mv $${file} $${file%.beautified}; done + @echo 'Do not do "make clean" until you are sure that everything went well!' + @echo 'If there were a problem, execute "for file in $$(find . -name \*.v.old -print); do mv $${file} $${file%.old}; done" in your shell/' +.PHONY: beautify + +# Installation targets ######################################################## +# +# There rules can be extended in Makefile.local +# Extensions can't assume when they run. + +# findlib needs the package to not be installed, so we remove it before +# installing it (see the call to findlib_remove) +install: META + $(HIDE)code=0; for f in $(FILESTOINSTALL); do\ + if ! [ -f "$$f" ]; then >&2 echo $$f does not exist; code=1; fi \ + done; exit $$code + $(HIDE)for f in $(FILESTOINSTALL); do\ + df="`$(COQMKFILE) -destination-of "$$f" $(COQLIBS)`";\ + if [ "$$?" != "0" -o -z "$$df" ]; then\ + echo SKIP "$$f" since it has no logical path;\ + else\ + install -d "$(COQLIBINSTALL)/$$df" &&\ + install -m 0644 "$$f" "$(COQLIBINSTALL)/$$df" &&\ + echo INSTALL "$$f" "$(COQLIBINSTALL)/$$df";\ + fi;\ + done + $(call findlib_remove) + $(call findlib_install, META $(FINDLIBFILESTOINSTALL)) + $(HIDE)$(MAKE) install-extra -f "$(SELF)" +install-extra:: + @# Extension point +.PHONY: install install-extra + +META: $(METAFILE) + $(HIDE)if [ "$(METAFILE)" ]; then \ + cat "$(METAFILE)" | grep -v 'directory.*=.*' > META; \ + fi + +install-byte: + $(call findlib_install, $(CMAFILES) $(CMOFILESTOINSTALL), -add) + +install-doc:: html mlihtml + @# Extension point + $(HIDE)install -d "$(COQDOCINSTALL)/$(INSTALLCOQDOCROOT)/html" + $(HIDE)for i in html/*; do \ + dest="$(COQDOCINSTALL)/$(INSTALLCOQDOCROOT)/$$i";\ + install -m 0644 "$$i" "$$dest";\ + echo INSTALL "$$i" "$$dest";\ + done + $(HIDE)install -d \ + "$(COQDOCINSTALL)/$(INSTALLCOQDOCROOT)/mlihtml" + $(HIDE)for i in mlihtml/*; do \ + dest="$(COQDOCINSTALL)/$(INSTALLCOQDOCROOT)/$$i";\ + install -m 0644 "$$i" "$$dest";\ + echo INSTALL "$$i" "$$dest";\ + done +.PHONY: install-doc + +uninstall:: + @# Extension point + $(call findlib_remove) + $(HIDE)for f in $(FILESTOINSTALL); do \ + df="`$(COQMKFILE) -destination-of "$$f" $(COQLIBS)`" &&\ + instf="$(COQLIBINSTALL)/$$df/`basename $$f`" &&\ + rm -f "$$instf" &&\ + echo RM "$$instf" ;\ + done + $(HIDE)for f in $(FILESTOINSTALL); do \ + df="`$(COQMKFILE) -destination-of "$$f" $(COQLIBS)`" &&\ + echo RMDIR "$(COQLIBINSTALL)/$$df/" &&\ + (rmdir "$(COQLIBINSTALL)/$$df/" 2>/dev/null || true); \ + done + +.PHONY: uninstall + +uninstall-doc:: + @# Extension point + $(SHOW)'RM $(COQDOCINSTALL)/$(INSTALLCOQDOCROOT)/html' + $(HIDE)rm -rf "$(COQDOCINSTALL)/$(INSTALLCOQDOCROOT)/html" + $(SHOW)'RM $(COQDOCINSTALL)/$(INSTALLCOQDOCROOT)/mlihtml' + $(HIDE)rm -rf "$(COQDOCINSTALL)/$(INSTALLCOQDOCROOT)/mlihtml" + $(HIDE) rmdir "$(COQDOCINSTALL)/$(INSTALLCOQDOCROOT)/" || true +.PHONY: uninstall-doc + +# Cleaning #################################################################### +# +# There rules can be extended in Makefile.local +# Extensions can't assume when they run. + +clean:: + @# Extension point + $(SHOW)'CLEAN' + $(HIDE)rm -f $(CMOFILES) + $(HIDE)rm -f $(CMIFILES) + $(HIDE)rm -f $(CMAFILES) + $(HIDE)rm -f $(CMOFILES:.cmo=.cmx) + $(HIDE)rm -f $(CMXAFILES) + $(HIDE)rm -f $(CMXSFILES) + $(HIDE)rm -f $(CMOFILES:.cmo=.o) + $(HIDE)rm -f $(CMXAFILES:.cmxa=.a) + $(HIDE)rm -f $(MLGFILES:.mlg=.ml) + $(HIDE)rm -f $(ALLDFILES) + $(HIDE)rm -f $(NATIVEFILES) + $(HIDE)find . -name .coq-native -type d -empty -delete + $(HIDE)rm -f $(VOFILES) + $(HIDE)rm -f $(VOFILES:.vo=.vio) + $(HIDE)rm -f $(VOFILES:.vo=.vos) + $(HIDE)rm -f $(VOFILES:.vo=.vok) + $(HIDE)rm -f $(BEAUTYFILES) $(VFILES:=.old) + $(HIDE)rm -f all.ps all-gal.ps all.pdf all-gal.pdf all.glob all-mli.tex + $(HIDE)rm -f $(VFILES:.v=.glob) + $(HIDE)rm -f $(VFILES:.v=.tex) + $(HIDE)rm -f $(VFILES:.v=.g.tex) + $(HIDE)rm -f pretty-timed-success.ok + $(HIDE)rm -f META + $(HIDE)rm -rf html mlihtml +.PHONY: clean + +cleanall:: clean + @# Extension point + $(SHOW)'CLEAN *.aux *.timing' + $(HIDE)rm -f $(foreach f,$(VFILES:.v=),$(dir $(f)).$(notdir $(f)).aux) + $(HIDE)rm -f $(TIME_OF_BUILD_FILE) $(TIME_OF_BUILD_BEFORE_FILE) $(TIME_OF_BUILD_AFTER_FILE) $(TIME_OF_PRETTY_BUILD_FILE) $(TIME_OF_PRETTY_BOTH_BUILD_FILE) + $(HIDE)rm -f $(VOFILES:.vo=.v.timing) + $(HIDE)rm -f $(VOFILES:.vo=.v.before-timing) + $(HIDE)rm -f $(VOFILES:.vo=.v.after-timing) + $(HIDE)rm -f $(VOFILES:.vo=.v.timing.diff) + $(HIDE)rm -f .lia.cache .nia.cache +.PHONY: cleanall + +archclean:: + @# Extension point + $(SHOW)'CLEAN *.cmx *.o' + $(HIDE)rm -f $(NATIVEFILES) + $(HIDE)rm -f $(CMOFILES:%.cmo=%.cmx) +.PHONY: archclean + + +# Compilation rules ########################################################### + +$(MLIFILES:.mli=.cmi): %.cmi: %.mli + $(SHOW)'CAMLC -c $<' + $(HIDE)$(TIMER) $(CAMLC) $(CAMLDEBUG) $(CAMLFLAGS) $(FINDLIBPKGS) $< + +$(MLGFILES:.mlg=.ml): %.ml: %.mlg + $(SHOW)'COQPP $<' + $(HIDE)$(COQPP) $< + +# Stupid hack around a deficient syntax: we cannot concatenate two expansions +$(filter %.cmo, $(MLFILES:.ml=.cmo) $(MLGFILES:.mlg=.cmo)): %.cmo: %.ml + $(SHOW)'CAMLC -c $<' + $(HIDE)$(TIMER) $(CAMLC) $(CAMLDEBUG) $(CAMLFLAGS) $(FINDLIBPKGS) $< + +# Same hack +$(filter %.cmx, $(MLFILES:.ml=.cmx) $(MLGFILES:.mlg=.cmx)): %.cmx: %.ml + $(SHOW)'CAMLOPT -c $(FOR_PACK) $<' + $(HIDE)$(TIMER) $(CAMLOPTC) $(CAMLDEBUG) $(CAMLFLAGS) $(FINDLIBPKGS) $(FOR_PACK) $< + + +$(MLLIBFILES:.mllib=.cmxs): %.cmxs: %.cmxa + $(SHOW)'CAMLOPT -shared -o $@' + $(HIDE)$(TIMER) $(CAMLOPTLINK) $(CAMLDEBUG) $(CAMLFLAGS) $(FINDLIBPKGS) \ + -shared -o $@ $< + +$(MLLIBFILES:.mllib=.cma): %.cma: | %.mllib + $(SHOW)'CAMLC -a -o $@' + $(HIDE)$(TIMER) $(CAMLLINK) $(CAMLDEBUG) $(CAMLFLAGS) $(FINDLIBPKGS) -a -o $@ $^ + +$(MLLIBFILES:.mllib=.cmxa): %.cmxa: | %.mllib + $(SHOW)'CAMLOPT -a -o $@' + $(HIDE)$(TIMER) $(CAMLOPTLINK) $(CAMLDEBUG) $(CAMLFLAGS) $(FINDLIBPKGS) -a -o $@ $^ + + +$(MLPACKFILES:.mlpack=.cmxs): %.cmxs: %.cmxa + $(SHOW)'CAMLOPT -shared -o $@' + $(HIDE)$(TIMER) $(CAMLOPTLINK) $(CAMLDEBUG) $(CAMLFLAGS) $(FINDLIBPKGS) \ + -shared -o $@ $< + +$(MLPACKFILES:.mlpack=.cmxa): %.cmxa: %.cmx | %.mlpack + $(SHOW)'CAMLOPT -a -o $@' + $(HIDE)$(TIMER) $(CAMLOPTLINK) $(CAMLDEBUG) $(CAMLFLAGS) $(FINDLIBPKGS) -a -o $@ $< + +$(MLPACKFILES:.mlpack=.cma): %.cma: %.cmo | %.mlpack + $(SHOW)'CAMLC -a -o $@' + $(HIDE)$(TIMER) $(CAMLLINK) $(CAMLDEBUG) $(CAMLFLAGS) $(FINDLIBPKGS) -a -o $@ $^ + +$(MLPACKFILES:.mlpack=.cmo): %.cmo: | %.mlpack + $(SHOW)'CAMLC -pack -o $@' + $(HIDE)$(TIMER) $(CAMLLINK) $(CAMLDEBUG) $(CAMLFLAGS) $(FINDLIBPKGS) -pack -o $@ $^ + +$(MLPACKFILES:.mlpack=.cmx): %.cmx: | %.mlpack + $(SHOW)'CAMLOPT -pack -o $@' + $(HIDE)$(TIMER) $(CAMLOPTLINK) $(CAMLDEBUG) $(CAMLFLAGS) $(FINDLIBPKGS) -pack -o $@ $^ + +# This rule is for _CoqProject with no .mllib nor .mlpack +$(filter-out $(MLLIBFILES:.mllib=.cmxs) $(MLPACKFILES:.mlpack=.cmxs) $(addsuffix .cmxs,$(PACKEDFILES)) $(addsuffix .cmxs,$(LIBEDFILES)),$(MLFILES:.ml=.cmxs) $(MLGFILES:.mlg=.cmxs)): %.cmxs: %.cmx + $(SHOW)'[deprecated,use-mllib-or-mlpack] CAMLOPT -shared -o $@' + $(HIDE)$(TIMER) $(CAMLOPTLINK) $(CAMLDEBUG) $(CAMLFLAGS) $(FINDLIBPKGS) \ + -shared -o $@ $< + +ifneq (,$(TIMING)) +TIMING_EXTRA = > $<.$(TIMING_EXT) +else +TIMING_EXTRA = +endif + +$(VOFILES): %.vo: %.v | $(VDFILE) + $(SHOW)COQC $< + $(HIDE)$(TIMER) $(COQC) $(COQDEBUG) $(TIMING_ARG) $(COQFLAGS) $(COQLIBS) $< $(TIMING_EXTRA) +ifeq ($(COQDONATIVE), "yes") + $(SHOW)COQNATIVE $@ + $(HIDE)$(COQNATIVE) $(COQLIBS) $@ +endif + +# FIXME ?merge with .vo / .vio ? +$(GLOBFILES): %.glob: %.v + $(TIMER) $(COQC) $(COQDEBUG) $(COQFLAGS) $(COQLIBS) $< + +$(VFILES:.v=.vio): %.vio: %.v + $(SHOW)COQC -vio $< + $(HIDE)$(TIMER) $(COQC) -vio $(COQDEBUG) $(COQFLAGS) $(COQLIBS) $< + +$(VFILES:.v=.vos): %.vos: %.v + $(SHOW)COQC -vos $< + $(HIDE)$(TIMER) $(COQC) -vos $(COQDEBUG) $(COQFLAGS) $(COQLIBS) $< + +$(VFILES:.v=.vok): %.vok: %.v + $(SHOW)COQC -vok $< + $(HIDE)$(TIMER) $(COQC) -vok $(COQDEBUG) $(COQFLAGS) $(COQLIBS) $< + +$(addsuffix .timing.diff,$(VFILES)): %.timing.diff : %.before-timing %.after-timing + $(SHOW)PYTHON TIMING-DIFF $*.{before,after}-timing + $(HIDE)$(MAKE) --no-print-directory -f "$(SELF)" print-pretty-single-time-diff BEFORE=$*.before-timing AFTER=$*.after-timing TIME_OF_PRETTY_BUILD_FILE="$@" + +$(BEAUTYFILES): %.v.beautified: %.v + $(SHOW)'BEAUTIFY $<' + $(HIDE)$(TIMER) $(COQC) $(COQDEBUG) $(COQFLAGS) $(COQLIBS) -beautify $< + +$(TEXFILES): %.tex: %.v + $(SHOW)'COQDOC -latex $<' + $(HIDE)$(COQDOC) $(COQDOCFLAGS) -latex $< -o $@ + +$(GTEXFILES): %.g.tex: %.v + $(SHOW)'COQDOC -latex -g $<' + $(HIDE)$(COQDOC) $(COQDOCFLAGS) -latex -g $< -o $@ + +$(HTMLFILES): %.html: %.v %.glob + $(SHOW)'COQDOC -html $<' + $(HIDE)$(COQDOC) $(COQDOCFLAGS) -html $< -o $@ + +$(GHTMLFILES): %.g.html: %.v %.glob + $(SHOW)'COQDOC -html -g $<' + $(HIDE)$(COQDOC) $(COQDOCFLAGS) -html -g $< -o $@ + +# Dependency files ############################################################ + +ifndef MAKECMDGOALS + -include $(ALLDFILES) +else + ifneq ($(filter-out archclean clean cleanall printenv make-pretty-timed make-pretty-timed-before make-pretty-timed-after print-pretty-timed print-pretty-timed-diff print-pretty-single-time-diff,$(MAKECMDGOALS)),) + -include $(ALLDFILES) + endif +endif + +.SECONDARY: $(ALLDFILES) + +redir_if_ok = > "$@" || ( RV=$$?; rm -f "$@"; exit $$RV ) + +GENMLFILES:=$(MLGFILES:.mlg=.ml) +$(addsuffix .d,$(ALLSRCFILES)): $(GENMLFILES) + +$(addsuffix .d,$(MLIFILES)): %.mli.d: %.mli + $(SHOW)'CAMLDEP $<' + $(HIDE)$(CAMLDEP) $(OCAMLLIBS) "$<" $(redir_if_ok) + +$(addsuffix .d,$(MLGFILES)): %.mlg.d: %.ml + $(SHOW)'CAMLDEP $<' + $(HIDE)$(CAMLDEP) $(OCAMLLIBS) "$<" $(redir_if_ok) + +$(addsuffix .d,$(MLFILES)): %.ml.d: %.ml + $(SHOW)'CAMLDEP $<' + $(HIDE)$(CAMLDEP) $(OCAMLLIBS) "$<" $(redir_if_ok) + +$(addsuffix .d,$(MLLIBFILES)): %.mllib.d: %.mllib + $(SHOW)'OCAMLLIBDEP $<' + $(HIDE)$(OCAMLLIBDEP) -c $(OCAMLLIBS) "$<" $(redir_if_ok) + +$(addsuffix .d,$(MLPACKFILES)): %.mlpack.d: %.mlpack + $(SHOW)'OCAMLLIBDEP $<' + $(HIDE)$(OCAMLLIBDEP) -c $(OCAMLLIBS) "$<" $(redir_if_ok) + +# If this makefile is created using a _CoqProject we have coqdep get +# options from it. This avoids argument length limits for pathological +# projects. Note that extra options might be on the command line. +VDFILE_FLAGS:=$(if _CoqProject,-f _CoqProject,) $(CMDLINE_COQLIBS) $(CMDLINE_VFILES) + +$(VDFILE): _CoqProject $(VFILES) + $(SHOW)'COQDEP VFILES' + $(HIDE)$(COQDEP) $(if $(strip $(METAFILE)),-m "$(METAFILE)") -vos -dyndep var $(VDFILE_FLAGS) $(redir_if_ok) -coqhtml: - mkdir -p coqdoc - $(COQDOC) -toc --html -g -d coqdoc $(COQFILES) +# Misc ######################################################################## -coqtex: - mkdir -p coqdoc - $(COQDOC) -toc --latex -g -o coqdoc/mset_doc.tex $(COQFILES) - cd coqdoc; pdflatex mset_doc.tex - cd coqdoc; pdflatex mset_doc.tex +byte: + $(HIDE)$(MAKE) all "OPT:=-byte" -f "$(SELF)" +.PHONY: byte -%.html: %.md - pandoc -N $< -o $@ +opt: + $(HIDE)$(MAKE) all "OPT:=-opt" -f "$(SELF)" +.PHONY: opt -%.pdf: %.md - pandoc -N $< -o $@ +# This is deprecated. To extend this makefile use +# extension points and Makefile.local +printenv:: + $(warning printenv is deprecated) + $(warning write extensions in Makefile.local or include Makefile.conf) + @echo 'COQLIB = $(COQLIB)' + @echo 'COQCORELIB = $(COQCORELIB)' + @echo 'DOCDIR = $(DOCDIR)' + @echo 'OCAMLFIND = $(OCAMLFIND)' + @echo 'HASNATDYNLINK = $(HASNATDYNLINK)' + @echo 'SRC_SUBDIRS = $(SRC_SUBDIRS)' + @echo 'COQ_SRC_SUBDIRS = $(COQ_SRC_SUBDIRS)' + @echo 'COQCORE_SRC_SUBDIRS = $(COQCORE_SRC_SUBDIRS)' + @echo 'OCAMLFIND = $(OCAMLFIND)' + @echo 'PP = $(PP)' + @echo 'COQFLAGS = $(COQFLAGS)' + @echo 'COQLIB = $(COQLIBS)' + @echo 'COQLIBINSTALL = $(COQLIBINSTALL)' + @echo 'COQDOCINSTALL = $(COQDOCINSTALL)' +.PHONY: printenv -doc/mset.pdf: doc/mset.tex doc/mset.bib - cd doc; pdflatex mset.tex - cd doc; bibtex mset - cd doc; pdflatex mset.tex - cd doc; pdflatex mset.tex +# Generate a .merlin file. If you need to append directives to this +# file you can extend the merlin-hook target in Makefile.local +.merlin: + $(SHOW)'FILL .merlin' + $(HIDE)echo 'FLG $(COQMF_CAMLFLAGS)' > .merlin + $(HIDE)echo 'B $(COQCORELIB)' >> .merlin + $(HIDE)echo 'S $(COQCORELIB)' >> .merlin + $(HIDE)$(foreach d,$(COQCORE_SRC_SUBDIRS), \ + echo 'B $(COQCORELIB)$(d)' >> .merlin;) + $(HIDE)$(foreach d,$(COQ_SRC_SUBDIRS), \ + echo 'S $(COQLIB)$(d)' >> .merlin;) + $(HIDE)$(foreach d,$(SRC_SUBDIRS), echo 'B $(d)' >> .merlin;) + $(HIDE)$(foreach d,$(SRC_SUBDIRS), echo 'S $(d)' >> .merlin;) + $(HIDE)$(MAKE) merlin-hook -f "$(SELF)" +.PHONY: merlin -####################################### -########## CLEANING RULES ############# +merlin-hook:: + @# Extension point +.PHONY: merlin-hook -clean_coq: - rm -f $(COQFILES:.v=.v.d) $(COQFILES:.v=.vo) $(COQFILES:.v=.glob) +# prints all variables +debug: + $(foreach v,\ + $(sort $(filter-out $(INITIAL_VARS) INITIAL_VARS,\ + $(.VARIABLES))),\ + $(info $(v) = $($(v)))) +.PHONY: debug -clean_doc: - rm -rf coqdoc - rm -f readme.html readme.pdf +.DEFAULT_GOAL := all -clean_tex: - cd doc; rm -f *.ps *~ *.dvi *.aux *.log *.idx *.toc *.nav *.out *.snm *.flc *.vrb *.bbl *.blg +# Users can create Makefile.local-late to hook into double-colon rules +# or add other needed Makefile code, using defined +# variables if necessary. +-include Makefile.local-late -clean: clean_coq clean_doc clean_tex - rm -f *~ +# Local Variables: +# mode: makefile-gmake +# End: diff --git a/README.md b/README.md index 827d15d..a143cbe 100644 --- a/README.md +++ b/README.md @@ -21,17 +21,26 @@ There are the following files - `readme.md` (this readme) - `LICENSE` (license information, LGPL 2.1) +- `configure.sh` +- `_CoqProject` - `Makefile` - `doc/*` (high level documentation) -- `coqdoc/*` (generated coqdoc documentation) -The `Makefile` provided is set up to generate documentation as well as -process Coq files. The default target `proof` just processes the Coq -files. For convenience coqdoc and a pdf version of top-level -documentation is part of the repository. If you want to rebuild them -use target `doc` or target `all`. +The `Makefile` is generated via `coq_makefile` from `_CoqProject`. This +is performed by `configure.sh`. +## OPAM + +This library is available as an opam package as `coq-msets-extra`. In +order to use it, add the coq opam repository + + opam repo add coq-released https://coq.inria.fr/opam/released + opam update + +Afterwards you can install this libaray via + + opam install coq-msets-extra ## Interval Sets diff --git a/_CoqProject b/_CoqProject new file mode 100644 index 0000000..2f02e9b --- /dev/null +++ b/_CoqProject @@ -0,0 +1,6 @@ +-R . MSetsExtra + +MSetFoldWithAbort.v +MSetIntervals.v +MSetListWithDups.v +MSetWithDups.v diff --git a/all.pdf b/all.pdf new file mode 100644 index 0000000..4442799 Binary files /dev/null and b/all.pdf differ diff --git a/configure.sh b/configure.sh new file mode 100755 index 0000000..9d71478 --- /dev/null +++ b/configure.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +coq_makefile -f _CoqProject -o Makefile diff --git a/coqdoc/MSetFoldWithAbort.html b/coqdoc/MSetFoldWithAbort.html deleted file mode 100644 index 55cd5c8..0000000 --- a/coqdoc/MSetFoldWithAbort.html +++ /dev/null @@ -1,1361 +0,0 @@ - - - - - -MSetFoldWithAbort - - - - -
- - - -
- -

Library MSetFoldWithAbort

- -
- -
-
- -
-

Fold with abort for sets

- - -
- - This file provided an efficient fold operation for set interfaces. - The standard fold iterates over all elements of the set. The - efficient one - called foldWithAbort - is allowed to skip - certain elements and thereby abort early. - -
-
- -
-Require Export MSetInterface.
-Require Import ssreflect.
-Require Import MSetWithDups.
-Require Import Int.
-Require Import MSetGenTree MSetAVL MSetRBT.
-Require Import MSetList MSetWeakList.
- -
-
- -
-

Fold With Abort Operations

- - -
- - We want to provide an efficient folding operation. Efficieny is - gained by aborting the folding early, if we know that continuing - would not have an effect any more. Formalising this leads to the following - specification of foldWithAbort. -
-
- -
-Definition foldWithAbortType
-    elt
- -
-element type of set -
-
-    t
- -
-type of set -
-
-    A
- -
-return type -
-
- :=
-    (elt -> A -> A) ->
- -
-f -
-
-    (elt -> A -> bool) ->
- -
-f_abort -
-
-    t ->
- -
-input set -
-
-    A ->
- -
-base value -
-
-    A.
- -
-Definition foldWithAbortSpecPred {elt t : Type}
-    (In : elt -> t -> Prop)
-    (fold : forall {A : Type}, (elt -> A -> A) -> t -> A -> A)
-    (foldWithAbort : forall {A : Type}, foldWithAbortType elt t A) : Prop :=
-
-    forall
-      (A : Type)
-      
- -
-result type -
-
-
-      (i : A)
-      
- -
-base values for foldWithAbort and fold -
-
-
-      (f : elt -> A -> A) ( : elt -> A -> A)
-      
- -
-fold functions for foldWithAbort and fold -
-
-
-      (f_abort : elt -> A -> bool)
-      
- -
-abort function -
-
-
-      (s : t)
- -
-sets to fold over -
-
-
-      (P : A -> A -> Prop)
- -
-equivalence relation on results -
-
-,
-
-    
- -
-P is an equivalence relation -
-
-    Equivalence P ->
-      
-    
- -
-f is for the elements of s compatible with the equivalence relation P -
-
-    (forall st st´ e, In e s -> P st st´ -> P (f e st) (f e st´)) ->
-
-    
- -
-f and agree for the elements of s -
-
-    (forall e st, In e s -> (P (f e st) ( e st))) ->
-
-    
- -
-f_abort is OK, i.e. all other elements can be skipped without - leaving the equivalence relation. -
-
-    (forall e1 st,
-        In e1 s -> f_abort e1 st = true ->
-        (forall st´ e2, P st st´ ->
-                        In e2 s -> e2 <> e1 ->
-                        P st (f e2 st´))) ->
-
-    
- -
-The base values are in equivalence relation -
-
-    P i ->
-
-    
- -
-The results are in equivalence relation -
-
-    P (foldWithAbort f f_abort s i) (fold s ).
- -
-
- -
-The specification of folding for ordered sets (as represented by - interface Sets) demands that elements are visited in increasing - order. For ordered sets we can therefore abort folding based on - the weaker knowledge that greater elements have no effect on the - result. The following definition captures this. -
-
- -
-Definition foldWithAbortGtType
-    elt
- -
-element type of set -
-
-    t
- -
-type of set -
-
-    A
- -
-return type -
-
- :=
-    (elt -> A -> A) ->
- -
-f -
-
-    (elt -> A -> bool) ->
- -
-f_gt -
-
-    t ->
- -
-input set -
-
-    A ->
- -
-base value -
-
-    A.
- -
-Definition foldWithAbortGtSpecPred {elt t : Type}
-    (lt : elt -> elt -> Prop)
-    (In : elt -> t -> Prop)
-    (fold : forall {A : Type}, (elt -> A -> A) -> t -> A -> A)
-    (foldWithAbortGt : forall {A : Type}, foldWithAbortType elt t A) : Prop :=
-
-    forall
-      (A : Type)
-      
- -
-result type -
-
-
-      (i : A)
-      
- -
-base values for foldWithAbort and fold -
-
-
-      (f : elt -> A -> A) ( : elt -> A -> A)
-      
- -
-fold functions for foldWithAbort and fold -
-
-
-      (f_gt : elt -> A -> bool)
-      
- -
-abort function -
-
-
-      (s : t)
- -
-sets to fold over -
-
-
-      (P : A -> A -> Prop)
- -
-equivalence relation on results -
-
-,
-
-    
-    
- -
-P is an equivalence relation -
-
-    Equivalence P ->
-
-    
- -
-f is for the elements of s compatible with the equivalence relation P -
-
-    (forall st st´ e, In e s -> P st st´ -> P (f e st) (f e st´)) ->
-
-    
- -
-f and agree for the elements of s -
-
-    (forall e st, In e s -> (P (f e st) ( e st))) ->
-
-    
- -
-f_abort is OK, i.e. all other elements can be skipped without - leaving the equivalence relation. -
-
-    (forall e1 st,
-        In e1 s -> f_gt e1 st = true ->
-        (forall st´ e2, P st st´ ->
-                        In e2 s -> lt e1 e2 ->
-                        P st (f e2 st´))) ->
-
-    
- -
-The base values are in equivalence relation -
-
-    P i ->
-
-    
- -
-The results are in equivalence relation -
-
-    P (foldWithAbortGt f f_gt s i) (fold s ).
- -
-
- -
-For ordered sets, we can safely skip elements at the end - based on the knowledge that they are all greater than the current element. - This leads to serious performance improvements for operations like - filtering. It is tempting to try the symmetric operation and skip elements at - the beginning based on the knowledge that they are too small to be interesting. - So, we would like to start late as well as abort early. - -
- - This is indeed a very natural and efficient operation for set implementations - based on binary search trees (i.e. the AVL and RBT sets). We can completely symmetrically - to skipping greater elements also skip smaller elements. This leads to the following - specification. -
-
- -
-Definition foldWithAbortGtLtType
-    elt
- -
-element type of set -
-
-    t
- -
-type of set -
-
-    A
- -
-return type -
-
- :=
-    (elt -> A -> bool) ->
- -
-f_lt -
-
-    (elt -> A -> A) ->
- -
-f -
-
-    (elt -> A -> bool) ->
- -
-f_gt -
-
-    t ->
- -
-input set -
-
-    A ->
- -
-base value -
-
-    A.
- -
-Definition foldWithAbortGtLtSpecPred {elt t : Type}
-    (lt : elt -> elt -> Prop)
-    (In : elt -> t -> Prop)
-    (fold : forall {A : Type}, (elt -> A -> A) -> t -> A -> A)
-    (foldWithAbortGtLt : forall {A : Type}, foldWithAbortGtLtType elt t A) : Prop :=
-
-    forall
-      (A : Type)
-      
- -
-result type -
-
-
-      (i : A)
-      
- -
-base values for foldWithAbort and fold -
-
-
-      (f : elt -> A -> A) ( : elt -> A -> A)
-      
- -
-fold functions for foldWithAbort and fold -
-
-
-      (f_lt f_gt : elt -> A -> bool)
-      
- -
-abort functions -
-
-
-      (s : t)
- -
-sets to fold over -
-
-
-      (P : A -> A -> Prop)
- -
-equivalence relation on results -
-
-,
-
-    
-    
- -
-P is an equivalence relation -
-
-    Equivalence P ->
-
-    
- -
-f is for the elements of s compatible with the equivalence relation P -
-
-    (forall st st´ e, In e s -> P st st´ -> P (f e st) (f e st´)) ->
-
-    
- -
-f and agree for the elements of s -
-
-    (forall e st, In e s -> (P (f e st) ( e st))) ->
-
-    
- -
-f_lt is OK, i.e. smaller elements can be skipped without - leaving the equivalence relation. -
-
-    (forall e1 st,
-        In e1 s -> f_lt e1 st = true ->
-        (forall st´ e2, P st st´ ->
-                        In e2 s -> lt e2 e1 ->
-                        P st (f e2 st´))) ->
-
-    
- -
-f_gt is OK, i.e. greater elements can be skipped without - leaving the equivalence relation. -
-
-    (forall e1 st,
-        In e1 s -> f_gt e1 st = true ->
-        (forall st´ e2, P st st´ ->
-                        In e2 s -> lt e1 e2 ->
-                        P st (f e2 st´))) ->
-
-    
- -
-The base values are in equivalence relation -
-
-    P i ->
-
-    
- -
-The results are in equivalence relation -
-
-    P (foldWithAbortGtLt f_lt f f_gt s i) (fold s ).
- -
-
- -
-We are interested in folding with abort mainly for runtime - performance reasons of extracted code. The argument functions - f_lt, f_gt and f of foldWithAbortGtLt often share a large, - comparably expensive part of their computation. - -
- - In order to further improve runtime performance, therefore another - version foldWithAbortPrecompute f_precompute f_lt f f_gt that - uses an extra function f_precompute to allows to compute the - commonly used parts of these functions only once. This leads to - the following definitions. -
-
- -
-Definition foldWithAbortPrecomputeType
-    elt
- -
-element type of set -
-
-    t
- -
-type of set -
-
-    A
- -
-return type -
-
-    B
- -
-type of precomputed results -
-
- :=
-
-    (elt -> B) ->
- -
-f_precompute -
-
-    (elt -> B -> A -> bool) ->
- -
-f_lt -
-
-    (elt -> B -> A -> A) ->
- -
-f -
-
-    (elt -> B -> A -> bool) ->
- -
-f_gt -
-
-    t ->
- -
-input set -
-
-    A ->
- -
-base value -
-
-    A.
- -
-
- -
-The specification is similar to the one without precompute, - but uses f_precompute so avoid doing computations multiple times -
-
-Definition foldWithAbortPrecomputeSpecPred {elt t : Type}
-    (lt : elt -> elt -> Prop)
-    (In : elt -> t -> Prop)
-    (fold : forall {A : Type}, (elt -> A -> A) -> t -> A -> A)
-    (foldWithAbortPrecompute : forall {A B : Type}, foldWithAbortPrecomputeType elt t A B) : Prop :=
-
-    forall
-      (A B : Type)
-      
- -
-result type -
-
-
-      (i : A)
-      
- -
-base values for foldWithAbortPrecompute and fold -
-
-
-      (f_precompute : elt -> B)
-      
- -
-precompute function -
-
-
-      (f : elt -> B -> A -> A) ( : elt -> A -> A)
-      
- -
-fold functions for foldWithAbortPrecompute and fold -
-
-
-      (f_lt f_gt : elt -> B -> A -> bool)
-      
- -
-abort functions -
-
-
-      (s : t)
- -
-sets to fold over -
-
-
-      (P : A -> A -> Prop)
- -
-equivalence relation on results -
-
-,
-
-    
-    
- -
-P is an equivalence relation -
-
-    Equivalence P ->
-
-    
- -
-f is for the elements of s compatible with the equivalence relation P -
-
-    (forall st st´ e, In e s -> P st st´ -> P (f e (f_precompute e) st) (f e (f_precompute e) st´)) ->
-
-    
- -
-f and agree for the elements of s -
-
-    (forall e st, In e s -> (P (f e (f_precompute e) st) ( e st))) ->
-
-    
- -
-f_lt is OK, i.e. smaller elements can be skipped without - leaving the equivalence relation. -
-
-    (forall e1 st,
-        In e1 s -> f_lt e1 (f_precompute e1) st = true ->
-        (forall st´ e2, P st st´ ->
-                        In e2 s -> lt e2 e1 ->
-                        P st (f e2 (f_precompute e2) st´))) ->
-
-    
- -
-f_gt is OK, i.e. greater elements can be skipped without - leaving the equivalence relation. -
-
-    (forall e1 st,
-        In e1 s -> f_gt e1 (f_precompute e1) st = true ->
-        (forall st´ e2, P st st´ ->
-                        In e2 s -> lt e1 e2 ->
-                        P st (f e2 (f_precompute e2) st´))) ->
-
-    
- -
-The base values are in equivalence relation -
-
-    P i ->
-
-    
- -
-The results are in equivalence relation -
-
-    P (foldWithAbortPrecompute f_precompute f_lt f f_gt s i) (fold s ).
- -
-
- -
-

Module Types

- -
- - We now define a module type for foldWithAbort. This module - type demands only the existence of the precompute version, since - the other ones can be easily defined via this most efficient one. -
-
- -
-Module Type HasFoldWithAbort (E : OrderedType) (Import C : WSetsOnWithDups E).
- -
-  Parameter foldWithAbortPrecompute : forall {A B : Type},
-    foldWithAbortPrecomputeType elt t A B.
- -
-  Parameter foldWithAbortPrecomputeSpec :
-     foldWithAbortPrecomputeSpecPred E.lt In (@fold) (@foldWithAbortPrecompute).
- -
-End HasFoldWithAbort.
- -
-
- -
-

Derived operations

- - -
- - Using these efficient fold operations, many operations can - be implemented efficiently. We provide lemmata and efficient implementations - of useful algorithms via module HasFoldWithAbortOps. -
-
- -
-Module HasFoldWithAbortOps (E : OrderedType) (C : WSetsOnWithDups E)
-                           (FT : HasFoldWithAbort E C).
- -
-  Import FT.
-  Import C.
- -
-
- -
-

First lets define the other folding with abort variants

- -
-
- -
-  Definition foldWithAbortGtLt {A} f_lt (f : (elt -> A -> A)) f_gt :=
-    foldWithAbortPrecompute (fun _ => tt) (fun e _ st => f_lt e st)
-      (fun e _ st => f e st) (fun e _ st => f_gt e st).
- -
-  Lemma foldWithAbortGtLtSpec :
-     foldWithAbortGtLtSpecPred E.lt In (@fold) (@foldWithAbortGtLt).
- -
-  Definition foldWithAbortGt {A} (f : (elt -> A -> A)) f_gt :=
-    foldWithAbortPrecompute (fun _ => tt) (fun _ _ _ => false)
-      (fun e _ st => f e st) (fun e _ st => f_gt e st).
- -
-  Lemma foldWithAbortGtSpec :
-     foldWithAbortGtSpecPred E.lt In (@fold) (@foldWithAbortGt).
- -
-  Definition foldWithAbort {A} (f : (elt -> A -> A)) f_abort :=
-    foldWithAbortPrecompute (fun _ => tt) (fun e _ st => f_abort e st)
-      (fun e _ st => f e st) (fun e _ st => f_abort e st).
- -
-  Lemma foldWithAbortSpec :
-     foldWithAbortSpecPred In (@fold) (@foldWithAbort).
- -
-
- -
-

Specialisations for equality

- -
- - Let's provide simplified specifications, which use equality instead - of an arbitrary equivalence relation on results. -
-
-  Lemma foldWithAbortPrecomputeSpec_Equal : forall (A B : Type) (i : A) (f_pre : elt -> B)
-      (f : elt -> B -> A -> A) ( : elt -> A -> A) (f_lt f_gt : elt -> B -> A -> bool) (s : t),
-
-      (forall e st, In e s -> (f e (f_pre e) st = e st)) ->
-
-      
-      (forall e1 st,
-          In e1 s -> f_lt e1 (f_pre e1) st = true ->
-          (forall e2, In e2 s -> E.lt e2 e1 ->
-                      (f e2 (f_pre e2) st = st))) ->
-
-      
-      (forall e1 st,
-          In e1 s -> f_gt e1 (f_pre e1) st = true ->
-          (forall e2, In e2 s -> E.lt e1 e2 ->
-                      (f e2 (f_pre e2) st = st))) ->
-
-      (foldWithAbortPrecompute f_pre f_lt f f_gt s i) = (fold s i).
-  Lemma foldWithAbortGtLtSpec_Equal : forall (A : Type) (i : A)
-      (f : elt -> A -> A) ( : elt -> A -> A) (f_lt f_gt : elt -> A -> bool) (s : t),
-
-      (forall e st, In e s -> (f e st = e st)) ->
-
-      
-      (forall e1 st,
-          In e1 s -> f_lt e1 st = true ->
-          (forall e2, In e2 s -> E.lt e2 e1 ->
-                      (f e2 st = st))) ->
-
-      
-      (forall e1 st,
-          In e1 s -> f_gt e1 st = true ->
-          (forall e2, In e2 s -> E.lt e1 e2 ->
-                      (f e2 st = st))) ->
-
-      (foldWithAbortGtLt f_lt f f_gt s i) = (fold s i).
-  Lemma foldWithAbortGtSpec_Equal : forall (A : Type) (i : A)
-      (f : elt -> A -> A) ( : elt -> A -> A) (f_gt : elt -> A -> bool) (s : t),
-
-      (forall e st, In e s -> (f e st = e st)) ->
-
-      
-      (forall e1 st,
-          In e1 s -> f_gt e1 st = true ->
-          (forall e2, In e2 s -> E.lt e1 e2 ->
-                      (f e2 st = st))) ->
-
-      (foldWithAbortGt f f_gt s i) = (fold s i).
-  Lemma foldWithAbortSpec_Equal : forall (A : Type) (i : A)
-      (f : elt -> A -> A) ( : elt -> A -> A) (f_abort : elt -> A -> bool) (s : t),
-
-      (forall e st, In e s -> (f e st = e st)) ->
-
-      
-      (forall e1 st,
-          In e1 s -> f_abort e1 st = true ->
-          (forall e2, In e2 s -> e1 <> e2 ->
-                      (f e2 st = st))) ->
-
-      (foldWithAbort f f_abort s i) = (fold s i).
-
- -
-

FoldWithAbortSpecArgs

- -
- - While folding, we are often interested in skipping elements that do not - satisfy a certain property P. This needs expressing in terms of - skips of smaller of larger elements in order to be done efficiently by - our folding functions. Formally, this leads to the definition - of foldWithAbortSpecForPred. - -
- - Given a FoldWithAbortSpecArg for a predicate P and a - set s, many operations can be implemented efficiently. Below we will provide - efficient versions of filter, choose, exists, forall and more. - -
-
-  Record FoldWithAbortSpecArg {B} := {
-     fwasa_f_pre : (elt -> B);
- -
-The precompute function -
-
-     fwasa_f_lt : (elt -> B -> bool);
- -
-f_lt without state argument -
-
-     fwasa_f_gt : (elt -> B -> bool);
- -
-f_gt without state argument -
-
-     fwasa_P´ : (elt -> B -> bool)
- -
-the predicate P -
-
-  }.
- -
-
- -
-foldWithAbortSpecForPred s P fwasa holds, if - the argument fwasa fits the predicate P for set s. -
-
-  Definition foldWithAbortSpecArgsForPred {A : Type}
-     (s : t) (P : elt -> bool) (fwasa : @FoldWithAbortSpecArg A) :=
-
-     
- -
-the predicate coincides for s and the given precomputation with P -
-
-     (forall e, In e s -> (fwasa_P´ fwasa e (fwasa_f_pre fwasa e) = P e)) /\
-
-     
- -
-If fwasa_f_lt holds, all elements smaller than the current one - don't satisfy predicate P. -
-
-     (forall e1,
-          In e1 s -> fwasa_f_lt fwasa e1 (fwasa_f_pre fwasa e1) = true ->
-          (forall e2, In e2 s -> E.lt e2 e1 -> (P e2 = false))) /\
-
-     
- -
-If fwasa_f_gt holds, all elements greater than the current one - don't satisfy predicate P. -
-
-     (forall e1,
-          In e1 s -> fwasa_f_gt fwasa e1 (fwasa_f_pre fwasa e1) = true ->
-          (forall e2, In e2 s -> E.lt e1 e2 -> (P e2 = false))).
- -
- -
-
- -
-

Filter with abort

- -
-
-  Definition filter_with_abort {B} (fwasa : @FoldWithAbortSpecArg B) s :=
-     @foldWithAbortPrecompute t B (fwasa_f_pre fwasa) (fun e p _ => fwasa_f_lt fwasa e p)
-       (fun e e_pre s => if fwasa_P´ fwasa e e_pre then add e s else s)
-       (fun e p _ => fwasa_f_gt fwasa e p) s empty.
- -
-  Lemma filter_with_abort_spec {B} : forall fwasa P s,
-    @foldWithAbortSpecArgsForPred B s P fwasa ->
-    Proper (E.eq ==> Logic.eq) P ->
-    Equal (filter_with_abort fwasa s)
-          (filter P s).
-
- -
-

Choose with abort

- -
-
-  Definition choose_with_abort {B} (fwasa : @FoldWithAbortSpecArg B) s :=
-     foldWithAbortPrecompute (fwasa_f_pre fwasa)
-       (fun e p st => match st with None => (fwasa_f_lt fwasa e p) | _ => true end)
-       (fun e e_pre st => match st with None =>
-          if (fwasa_P´ fwasa e e_pre) then Some e else None | _ => st end)
-
-       (fun e p st => match st with None => (fwasa_f_gt fwasa e p) | _ => true end)
-       s None.
- -
-  Lemma choose_with_abort_spec {B} : forall fwasa P s,
-    @foldWithAbortSpecArgsForPred B s P fwasa ->
-    Proper (E.eq ==> Logic.eq) P ->
-    (match (choose_with_abort fwasa s) with
-       | None => (forall e, In e s -> P e = false)
-       | Some e => In e s /\ (P e = true)
-     end).
-
- -
-

Exists and Forall with abort

- -
-
-  Definition exists_with_abort {B} (fwasa : @FoldWithAbortSpecArg B) s :=
-    match choose_with_abort fwasa s with
-      | None => false
-      | Some _ => true
-    end.
- -
-  Lemma exists_with_abort_spec {B} : forall fwasa P s,
-    @foldWithAbortSpecArgsForPred B s P fwasa ->
-    Proper (E.eq ==> Logic.eq) P ->
-    (exists_with_abort fwasa s =
-     exists_ P s).
-
- -
-Negation leads to forall. -
-
-  Definition forall_with_abort {B} fwasa s :=
-     negb (@exists_with_abort B fwasa s).
- -
-  Lemma forall_with_abort_spec {B} : forall fwasa s P,
-    @foldWithAbortSpecArgsForPred B s P fwasa ->
-    Proper (E.eq ==> Logic.eq) P ->
-    (forall_with_abort fwasa s =
-     for_all (fun e => negb (P e)) s).
- End HasFoldWithAbortOps.
- -
-
- -
-

Modules Types For Sets with Fold with Abort

- -
-
-Module Type WSetsWithDupsFoldA.
-  Declare Module E : OrderedType.
-  Include WSetsOnWithDups E.
-  Include HasFoldWithAbort E.
-  Include HasFoldWithAbortOps E.
-End WSetsWithDupsFoldA.
- -
-Module Type WSetsWithFoldA <: WSets.
-  Declare Module E : OrderedType.
-  Include WSetsOn E.
-  Include HasFoldWithAbort E.
-  Include HasFoldWithAbortOps E.
-End WSetsWithFoldA.
- -
-Module Type SetsWithFoldA <: Sets.
-  Declare Module E : OrderedType.
-  Include SetsOn E.
-  Include HasFoldWithAbort E.
-  Include HasFoldWithAbortOps E.
-End SetsWithFoldA.
- -
-
- -
-

Implementations

- -
- -

GenTree implementation

- - Finally, provide such a fold with abort operation for generic trees. -
-
-Module MakeGenTreeFoldA (Import E : OrderedType) (Import I:InfoTyp)
-  (Import Raw:Ops E I)
-  (M : MSetGenTree.Props E I Raw).
- -
-  Fixpoint foldWithAbort_Raw {A B: Type} (f_pre : E.t -> B) f_lt (f: E.t -> B -> A -> A) f_gt t (base: A) : A :=
-    match t with
-    | Raw.Leaf => base
-    | Raw.Node _ l x r =>
-        let x_pre := f_pre x in
-        let st0 := if f_lt x x_pre base then base else foldWithAbort_Raw f_pre f_lt f f_gt l base in
-        let st1 := f x x_pre st0 in
-        let st2 := if f_gt x x_pre st1 then st1 else foldWithAbort_Raw f_pre f_lt f f_gt r st1 in
-        st2
-    end.
- -
-  Lemma foldWithAbort_RawSpec : forall (A B : Type) (i : A) (f_pre : E.t -> B)
-      (f : E.t -> B -> A -> A) ( : E.t -> A -> A) (f_lt f_gt : E.t -> B -> A -> bool) (s : Raw.tree)
-      (P : A -> A -> Prop),
-
-      (M.bst s) ->
-      Equivalence P ->
-      (forall st st´ e, M.In e s -> P st st´ -> P (f e (f_pre e) st) (f e (f_pre e) st´)) ->
-      (forall e st, M.In e s -> P (f e (f_pre e) st) ( e st)) ->
-
-      
-      (forall e1 st,
-          M.In e1 s -> f_lt e1 (f_pre e1) st = true ->
-          (forall st´ e2, P st st´ ->
-                          M.In e2 s -> E.lt e2 e1 ->
-                          P st (f e2 (f_pre e2) st´))) ->
-
-      
-      (forall e1 st,
-          M.In e1 s -> f_gt e1 (f_pre e1) st = true ->
-          (forall st´ e2, P st st´ ->
-                          M.In e2 s -> E.lt e1 e2 ->
-                          P st (f e2 (f_pre e2) st´))) ->
-
-      P i ->
-      P (foldWithAbort_Raw f_pre f_lt f f_gt s i) (fold s ).
-End MakeGenTreeFoldA.
- -
-
- -
-

AVL implementation

- - The generic tree implementation naturally leads to an AVL one. -
-
- -
-Module MakeAVLSetsWithFoldA (X : OrderedType) <: SetsWithFoldA with Module E := X.
-  Include MSetAVL.Make X.
-  Include MakeGenTreeFoldA X Z_as_Int Raw Raw.
- -
-  Definition foldWithAbortPrecompute {A B: Type} f_pre f_lt (f: elt -> B -> A -> A) f_gt t (base: A) : A :=
-    foldWithAbort_Raw f_pre f_lt f f_gt (t.(this)) base.
- -
-  Lemma foldWithAbortPrecomputeSpec : foldWithAbortPrecomputeSpecPred X.lt In fold (@foldWithAbortPrecompute).
- -
-  Include HasFoldWithAbortOps X.
- -
-End MakeAVLSetsWithFoldA.
- -
-
- -
-

RBT implementation

- - The generic tree implementation naturally leads to an RBT one. -
-
-Module MakeRBTSetsWithFoldA (X : OrderedType) <: SetsWithFoldA with Module E := X.
-  Include MSetRBT.Make X.
-  Include MakeGenTreeFoldA X Color Raw Raw.
- -
-  Definition foldWithAbortPrecompute {A B: Type} f_pre f_lt (f: elt -> B -> A -> A) f_gt t (base: A) : A :=
-    foldWithAbort_Raw f_pre f_lt f f_gt (t.(this)) base.
- -
-  Lemma foldWithAbortPrecomputeSpec : foldWithAbortPrecomputeSpecPred X.lt In fold (@foldWithAbortPrecompute).
- -
-  Include HasFoldWithAbortOps X.
- -
-End MakeRBTSetsWithFoldA.
- -
-
- -
-

Sorted Lists Implementation

- -
-
-Module MakeListSetsWithFoldA (X : OrderedType) <: SetsWithFoldA with Module E := X.
-  Include MSetList.Make X.
- -
-  Fixpoint foldWithAbortRaw {A B: Type} (f_pre : X.t -> B) (f_lt : X.t -> B -> A -> bool)
-    (f: X.t -> B -> A -> A) (f_gt : X.t -> B -> A -> bool) (t : list X.t) (acc : A) : A :=
-  match t with
-    | nil => acc
-    | x :: xs => (
-        let pre_x := f_pre x in
-        let acc := f x (pre_x) acc in
-        if (f_gt x pre_x acc) then
-          acc
-        else
-          foldWithAbortRaw f_pre f_lt f f_gt xs acc
-      )
-  end.
- -
-  Definition foldWithAbortPrecompute {A B: Type} f_pre f_lt f f_gt t acc :=
-    @foldWithAbortRaw A B f_pre f_lt f f_gt t.(this) acc.
- -
-  Lemma foldWithAbortPrecomputeSpec : foldWithAbortPrecomputeSpecPred X.lt In fold (@foldWithAbortPrecompute).
-  Include HasFoldWithAbortOps X.
- -
-End MakeListSetsWithFoldA.
- -
-
- -
-

Unsorted Lists without Dups Implementation

- -
-
-Module MakeWeakListSetsWithFoldA (X : OrderedType) <: WSetsWithFoldA with Module E := X.
-  Module Raw := MSetWeakList.MakeRaw X.
-  Module E := X.
-  Include WRaw2SetsOn E Raw.
- -
-  Fixpoint foldWithAbortRaw {A B: Type} (f_pre : X.t -> B) (f_lt : X.t -> B -> A -> bool)
-    (f: X.t -> B -> A -> A) (f_gt : X.t -> B -> A -> bool) (t : list X.t) (acc : A) : A :=
-  match t with
-    | nil => acc
-    | x :: xs => (
-        let pre_x := f_pre x in
-        let acc := f x (pre_x) acc in
-        if (f_gt x pre_x acc) && (f_lt x pre_x acc) then
-          acc
-        else
-          foldWithAbortRaw f_pre f_lt f f_gt xs acc
-      )
-  end.
- -
-  Definition foldWithAbortPrecompute {A B: Type} f_pre f_lt f f_gt t acc :=
-    @foldWithAbortRaw A B f_pre f_lt f f_gt t.(this) acc.
- -
-  Lemma foldWithAbortPrecomputeSpec : foldWithAbortPrecomputeSpecPred X.lt In fold (@foldWithAbortPrecompute).
-  Include HasFoldWithAbortOps X.
- -
-End MakeWeakListSetsWithFoldA.
- -
-
-
- - - -
- - - \ No newline at end of file diff --git a/coqdoc/MSetIntervals.html b/coqdoc/MSetIntervals.html deleted file mode 100644 index e26f698..0000000 --- a/coqdoc/MSetIntervals.html +++ /dev/null @@ -1,1363 +0,0 @@ - - - - - -MSetIntervals - - - - -
- - - -
- -

Library MSetIntervals

- -
- -
-
- -
-

Weak sets implemented by interval lists

- - -
- - This file contains an implementation of the weak set interface - WSetsOn which uses internally intervals of Z. This allows some - large sets, which naturally map to intervals of integers to be - represented very efficiently. - -
- - Internally intervals of Z are used. However, via an encoding - and decoding layer, other types of elements can be handled as - well. There are instantiations for Z, N and nat currently. - More can be easily added. - -
-
- -
-Require Import MSetInterface OrdersFacts OrdersLists.
-Require Import BinNat.
-Require Import ssreflect.
-Require Import NArith.
-Require Import ZArith.
-Require Import NOrder.
-Require Import DecidableTypeEx.
-Module Import NOP := NOrderProp N.
-Open Scope Z_scope.
- -
-
- -
-

Auxiliary stuff

- -
- - Simple auxiliary lemmata -
-
-Lemma Z_le_add_r : forall (z : Z) (n : N),
-  z <= z + Z.of_N n.
- -
-Lemma add_add_sub_eq : forall (x y : Z), (x + (y - x) = y).
- -
-Lemma NoDupA_map {A B} : forall (eqA : A -> A -> Prop) (eqB : B -> B -> Prop) (f : A -> B) l,
-  NoDupA eqA l ->
-  (forall x1 x2, List.In x1 l -> List.In x2 l ->
-                  eqB (f x1) (f x2) -> eqA x1 x2) ->
-  NoDupA eqB (map f l).
-
- -
-

rev_map

- - -
- - rev_map is used for efficiency. -
-
-Fixpoint rev_map_aux {A B} (f : A -> B) (acc : list B) (l : list A) :=
-  match l with
-   | nil => acc
-   | x :: xs => rev_map_aux f ((f x)::acc) xs
-  end.
- -
-Definition rev_map {A B} (f : A -> B) (l : list A) : list B := rev_map_aux f nil l.
- -
-
- -
-Lemmata about rev_map -
-
-Lemma rev_map_aux_alt_def {A B} : forall (f : A -> B) l acc,
-  rev_map_aux f acc l = List.rev_append (List.map f l) acc.
-Lemma rev_map_alt_def {A B} : forall (f : A -> B) l,
-  rev_map f l = List.rev (List.map f l).
- -
-
- -
-

Encoding Elements

- -
- - We want to encode not only elements of type Z, but other types - as well. In order to do so, an encoding / decoding layer is used. - This layer is represented by module type ElementEncode. It - provides encode and decode function. -
-
- -
-Module Type ElementEncode.
-  Declare Module E : DecidableType.
- -
-  Parameter encode : E.t -> Z.
-  Parameter decode : Z -> E.t.
- -
-
- -
-Decoding is the inverse of encoding. Notice that - the reverse is not demanded. This means that - we do need to provide for all integers z an - element e with encode v = z. -
-
-  Axiom decode_encode_ok: forall (e : E.t),
-    decode (encode e) = e.
- -
-
- -
-Encoding is compatible with the equality of elements. -
-
-  Axiom encode_eq : forall (e1 e2 : E.t),
-    (Z.eq (encode e1) (encode e2)) <-> E.eq e1 e2.
- -
-End ElementEncode.
- -
-
- -
-

Set Operations

- - -
- - We represent sets of Z via lists of intervals. The intervals are all - in increasing order and non-overlapping. Moreover, we require the most compact - representation, i.e. no two intervals can be merged. For example - -
- - 0-2, 4-4, 6-8 is a valid interval list for the set {0;1;2;4;6;7;8} - -
- - In contrast - -
- - 4-4, 0-2, 6-8 is a invalid because the intervals are not ordered andb - 0-2, 4-5, 6-8 is a invalid because it is not compact (0-2, 4--8 is valid). - -
- - Intervals we represent by tuples (Z, N). The tuple (z, c) represents the - interval z-(z+c). - -
- - We apply the encode function before adding an element to such interval sets and - the decode function when checking it. This allows for sets with other element types - than Z. - -
-
-Module Ops (Enc : ElementEncode) <: WOps Enc.E.
-  Definition elt := Enc.E.t.
-  Definition t := list (Z * N).
- -
-
- -
-The empty list is trivial to define and check for. -
-
-  Definition empty : t := nil.
-  Definition is_empty (l : t) := match l with nil => true | _ => false end.
- -
- -
-
- -
-Defining the list of elements, is much more tricky, especially, - if it needs to be executable. -
-
-  Lemma acc_pred : forall n p, n = Npos p -> Acc N.lt n -> Acc N.lt (N.pred n).
- -
-  Fixpoint elementsZ_aux´´ (acc : list Z) (x : Z) (c : N) (H : Acc N.lt c) { struct H } : list Z :=
-    match c as c0 return c = c0 -> list Z with
-    | N0 => fun _ => acc
-    | c => fun Heq => elementsZ_aux´´ (x::acc) (Z.succ x) (N.pred c) (acc_pred _ _ Heq H)
-    end (refl_equal _).
- -
-  Extraction Inline elementsZ_aux´´.
- -
-  Definition elementsZ_aux´ acc x c := elementsZ_aux´´ acc x c (lt_wf_0 _).
- -
-  Fixpoint elementsZ_aux acc (s : t) : list Z :=
-    match s with
-    | nil => acc
-    | (x, c) :: =>
-        elementsZ_aux (elementsZ_aux´ acc x c)
-    end.
- -
-  Definition elementsZ (s : t) : list Z :=
-    elementsZ_aux nil s.
- -
-  Definition elements (s : t) : list elt :=
-    rev_map Enc.decode (elementsZ s).
- -
-
- -
-membership is easily defined -
-
-  Fixpoint memZ (x : Z) (s : t) :=
-    match s with
-    | nil => false
-    | (y, c) :: l =>
-        if (Z.ltb x y) then false else
-        if (Z.ltb x (y+Z.of_N c)) then true else
-        memZ x l
-    end.
- -
-  Definition mem (x : elt) (s : t) := memZ (Enc.encode x) s.
- -
-
- -
-adding an element needs to be defined carefully again in order to - generate efficient code -
-
-  Fixpoint addZ_aux (acc : list (Z * N)) (x : Z) (s : t) :=
-    match s with
-    | nil => List.rev´ ((x, (1%N))::acc)
-    | (y, c) :: l =>
-        match (Z.compare (Z.succ x) y) with
-        | Lt => List.rev_append ((x, (1%N))::acc) s
-        | Eq => List.rev_append ((x, N.succ c)::acc) l
-        | Gt => match (Z.compare x (y+Z.of_N c)) with
-                 | Lt => List.rev_append acc s
-                 | Gt => addZ_aux ((y,c) :: acc) x l
-                 | Eq => match l with
-                           | nil => List.rev´ ((y, N.succ c)::acc)
-                           | (z, ) :: => if (Z.eqb z (Z.succ x)) then
-                                List.rev_append ((y,N.succ (c+)) :: acc)
-                             else
-                                List.rev_append ((y,N.succ c) :: acc) l
-                         end
-                end
-        end
-    end.
- -
-  Definition addZ x s := addZ_aux nil x s.
-  Definition add x s := addZ (Enc.encode x) s.
- -
-
- -
-add_list simple extension to add many elements, which then allows to - define from_elements. -
-
-  Definition add_list (l : list elt) (s : t) : t :=
-     List.fold_left (fun s x => add x s) l s.
- -
-  Definition from_elements (l : list elt) : t := add_list l empty.
- -
-
- -
-singleton is trivial to define -
-
-  Definition singleton (x : elt) : t := (Enc.encode x, 1%N) :: nil.
- -
-  Lemma singleton_alt_def : forall x, singleton x = add x empty.
- -
-
- -
-removing needs to be done with code extraction in mind again. -
-
-  Definition removeZ_aux_insert_guarded (x : Z) (c : N) s :=
-     if (N.eqb c 0) then s else (x, c) :: s.
- -
-  Fixpoint removeZ_aux (acc : list (Z * N)) (x : Z) (s : t) : t :=
-    match s with
-    | nil => List.rev´ acc
-    | (y, c) :: l =>
-        if (Z.ltb x y) then List.rev_append acc s else
-        if (Z.ltb x (y+Z.of_N c)) then (
-           List.rev_append (removeZ_aux_insert_guarded (Z.succ x)
-              (Z.to_N ((y+Z.of_N c)- (Z.succ x)))
-             (removeZ_aux_insert_guarded y (Z.to_N (x-y)) acc)) l
-        ) else removeZ_aux ((y,c)::acc) x l
-    end.
- -
-  Definition removeZ (x : Z) (s : t) : t := removeZ_aux nil x s.
-  Definition remove (x : elt) (s : t) : t := removeZ (Enc.encode x) s.
- -
-  Definition remove_list (l : list elt) (s : t) : t :=
-     List.fold_left (fun s x => remove x s) l s.
- -
-
- -
-all other operations are defined trivially (if not always efficiently) - in terms of already defined ones. In the future it might be worth implementing - some of them more efficiently. -
-
-  Definition union (s1 s2 : t) :=
-    add_list (elements s1) s2.
- -
-  Definition filter (f : elt -> bool) (s : t) : t :=
-    from_elements (List.filter f (elements s)).
- -
-  Definition inter (s1 s2 : t) : t :=
-    filter (fun x => mem x s2) s1.
- -
-  Definition diff (s1 s2 : t) : t :=
-    remove_list (elements s2) s1.
- -
-  Definition subset s :=
-    List.forallb (fun x => mem x ) (elements s).
- -
-  Fixpoint equal (s : t) : bool := match s, with
-    | nil, nil => true
-    | ((x,cx)::xs), ((y,cy)::ys) => andb (Z.eqb x y) (andb (N.eqb cx cy) (equal xs ys))
-    | _, _ => false
-  end.
- -
-  Definition fold {B : Type} (f : elt -> B -> B) (s : t) (i : B) : B :=
-    List.fold_left (flip f) (elements s) i.
- -
-  Definition for_all (f : elt -> bool) (s : t) : bool :=
-    List.forallb f (elements s).
- -
-  Definition exists_ (f : elt -> bool) (s : t) : bool :=
-    List.existsb f (elements s).
- -
-  Definition partition (f : elt -> bool) (s : t) : t * t :=
-    (filter f s, filter (fun x => negb (f x)) s).
- -
-  Fixpoint cardinalN c (s : t) : N := match s with
-    | nil => c
-    | (_,cx)::xs => cardinalN (c + cx)%N xs
-  end.
- -
-  Definition cardinal (s : t) : nat := N.to_nat (cardinalN (0%N) s).
- -
-  Definition chooseZ (s : t) : option Z :=
-    match List.rev´ (elementsZ s) with
-    | nil => None
-    | x :: _ => Some x
-    end.
- -
-  Definition choose (s : t) : option elt :=
-    match elements s with
-      | nil => None
-      | e :: _ => Some e
-    end.
- -
-End Ops.
- -
-
- -
-

Raw Module

- - -
- - Following the idea of MSetInterface.RawSets, we first - define a module Raw proves all the required properties with - respect to an explicitly provided invariant. In a next step, this - invariant is then moved into the set type. This allows to instantiate - the WSetsOn interface. -
-
-Module Raw (Enc : ElementEncode).
-  Include (Ops Enc).
- -
-
- -
-

Defining invariant IsOk

- -
-
- -
-  Definition inf (x:Z) (l: t) :=
-   match l with
-   | nil => true
-   | (y,_)::_ => Z.ltb x y
-   end.
- -
-  Fixpoint isok (l : t) :=
-   match l with
-   | nil => true
-   | (x, c) ::l => inf (x+(Z.of_N c)) l && negb (N.eqb c 0) && isok l
-   end.
- -
-  Definition is_encoded_elems_list (l : list Z) : Prop :=
-    (forall x, List.In x l -> exists e, Enc.encode e = x).
- -
-  Definition IsOk s := (isok s = true /\ is_encoded_elems_list (elementsZ s)).
- -
-
- -
-

Defining notations

- -
-
-  Section ForNotations.
- -
-    Class Ok (s:t) : Prop := ok : IsOk s.
-    Hint Resolve @ok.
-    Hint Unfold Ok.
-    Instance IsOk_Ok s `(Hs : IsOk s) : Ok s := { ok := Hs }.
- -
-    Definition In x s := (SetoidList.InA Enc.E.eq x (elements s)).
-    Definition InZ x s := (List.In x (elementsZ s)).
-    Definition Equal s := forall a : elt, In a s <-> In a .
-    Definition Subset s := forall a : elt, In a s -> In a .
-    Definition Empty s := forall a : elt, ~ In a s.
-    Definition For_all (P : elt -> Prop) s := forall x, In x s -> P x.
-    Definition Exists (P : elt -> Prop) (s : t) := exists x, In x s /\ P x.
- -
-  End ForNotations.
- -
-
- -
-

elements list properties

- - -
- - The functions elementsZ, elementsZ_single, - elements and elements_single are crucial and used - everywhere. Therefore, we first establish a few properties of - these important functions. -
-
- -
-  Lemma elementsZ_nil : (elementsZ (nil : t) = nil).
- -
-  Lemma elements_nil : (elements (nil : t) = nil).
- -
-  Definition elementsZ_single (x:Z) (c:N) :=
-      List.rev´ (N.peano_rec (fun _ => list Z)
-                  nil (fun n ls => (x+Z.of_N n)%Z :: ls) c).
- -
-  Definition elements_single x c :=
-    List.map Enc.decode (elementsZ_single x c).
- -
-  Lemma elementsZ_single_base : forall x,
-    elementsZ_single x (0%N) = nil.
- -
-  Lemma elementsZ_single_succ : forall x c,
-    elementsZ_single x (N.succ c) =
-    elementsZ_single x c ++ (x+Z.of_N c)::nil.
- -
-  Lemma elementsZ_single_add : forall x c2 c1,
-    elementsZ_single x (c1 + c2)%N =
-    elementsZ_single x c1 ++ elementsZ_single (x+Z.of_N c1) c2.
-   Lemma elementsZ_single_succ_front : forall x c,
-    elementsZ_single x (N.succ c) =
-    x :: elementsZ_single (Z.succ x) c.
- -
-  Lemma In_elementsZ_single : forall c y x,
-    List.In y (elementsZ_single x c) <->
-    (x <= y) /\ (y < (x+Z.of_N c)).
-  Lemma In_elementsZ_single1 : forall y x,
-    List.In y (elementsZ_single x (1%N)) <->
-    (x = y).
-  Lemma length_elementsZ_single : forall cx x,
-    length (elementsZ_single x cx) = N.to_nat cx.
-  Lemma elementsZ_aux´´_irrel : forall c acc x H1 H2,
-      elementsZ_aux´´ acc x c H1 = elementsZ_aux´´ acc x c H2.
-  Lemma elementsZ_aux´_pos : forall s x p,
-      elementsZ_aux´ s x (N.pos p) = elementsZ_aux´ (x::s) (Z.succ x) (Pos.pred_N p).
- -
-  Lemma elementsZ_aux´_zero : forall s x,
-      elementsZ_aux´ s x (0%N) = s.
- -
-  Lemma elementsZ_aux´_succ : forall s x c,
-      elementsZ_aux´ s x (N.succ c) = elementsZ_aux´ (x::s) (Z.succ x) c.
- -
-  Lemma elementsZ_single_intro : forall c s x,
-     elementsZ_aux´ s x c =
-     (List.rev (elementsZ_single x c)) ++ s.
-  Lemma elementsZ_aux_alt_def : forall s acc,
-    elementsZ_aux acc s = elementsZ s ++ acc.
-  Lemma elementsZ_cons : forall x c s, elementsZ (((x, c) :: s) : t) =
-     ((elementsZ s) ++ (List.rev (elementsZ_single x c))).
- -
-  Lemma elements_cons : forall x c s, elements (((x, c) :: s) : t) =
-     ((elements_single x c) ++ elements s).
- -
-  Lemma In_elementsZ_single_hd : forall (c : N) x, (c <> 0)%N -> List.In x (elementsZ_single x c).
-
- -
-

Alternative definition of addZ

- -
- - addZ is defined with efficient execution in mind. - We derive first an alternative definition that demonstrates - the intention better and is better suited for proofs. -
-
-  Lemma addZ_ind :
-    forall (P : Z -> list (Z * N) -> Prop),
-       
-       (forall (x : Z), P x nil) ->
-
-       
-       (forall (x : Z) (l : list (Z * N)) (c : N),
-        P x ((x + 1, c) :: l)) ->
-
-       
-       (forall (x : Z) (l : list (Z * N)) (y : Z) (c : N),
-        (x + 1 ?= y) = Lt ->
-        P x ((y, c) :: l)) ->
-
-       
-       (forall (y : Z) (c : N),
-        ((y + Z.of_N c) + 1 ?= y) = Gt ->
-        P (y + Z.of_N c) ((y, c) :: nil)) ->
-
-       
-       (forall (l : list (Z * N)) (y : Z) (c : N),
-        ((y + Z.of_N c) + 1 ?= y) = Gt ->
-        (P (y+Z.of_N c) l) ->
-        P (y+Z.of_N c) ((y, c) :: (((y+Z.of_N c) + 1, ) :: l))) ->
-
-       
-       (forall (l : list (Z * N)) (y : Z) (c : N) (z : Z) ( : N),
-        ((y + Z.of_N c) + 1 ?= y) = Gt ->
-        (z =? (y+Z.of_N c) + 1) = false ->
-        (P (y+Z.of_N c) ((y, c) :: (z, ) :: l))) ->
-
-
-       
-       (forall (x : Z) (l : list (Z * N)) (y : Z) (c : N),
-        (x + 1 ?= y) = Gt ->
-        (x ?= y + Z.of_N c) = Lt ->
-        P x ((y, c) :: l)) ->
-
-       
-       (forall (x : Z)(l : list (Z * N)) (y : Z) (c : N),
-        (x + 1 ?= y) = Gt ->
-        (x ?= y + (Z.of_N c)) = Gt ->
-        (P x l) ->
-        P x ((y, c) :: l)) ->
-
-
-       forall (x : Z) (s : list (Z * N)),
-       P x s.
-  Lemma addZ_aux_alt_def : forall x s acc,
-    addZ_aux acc x s = (List.rev acc) ++ addZ x s.
-  Lemma addZ_alt_def : forall x s,
-    addZ x s =
-    match s with
-    | nil => (x, 1%N)::nil
-    | (y, c) :: l =>
-        match (Z.compare (x+1) y) with
-        | Lt => (x, 1%N)::s
-        | Eq => (x, (c+1)%N)::l
-        | Gt => match (Z.compare x (y+Z.of_N c)) with
-                 | Lt => s
-                 | Gt => (y,c) :: addZ x l
-                 | Eq => match l with
-                           | nil => (y, (c+1)%N)::nil
-                           | (z, ) :: => if (Z.eqb z (x + 1)) then
-                                (y, (c + + 1)%N) ::
-                             else
-                                (y,(c+1)%N) :: (z, ) ::
-                         end
-                end
-        end
-    end.
-
- -
-

Alternative definition of removeZ

- -
- - removeZ is defined with efficient execution in mind. - We derive first an alternative definition that demonstrates - the intention better and is better suited for proofs. -
-
-  Lemma removeZ_aux_alt_def : forall s x acc,
-    removeZ_aux acc x s = (List.rev acc) ++ removeZ x s.
-  Lemma removeZ_alt_def : forall x s,
-    removeZ x s =
-    match s with
-    | nil => nil
-    | (y, c) :: l =>
-        if (Z.ltb x y) then s else
-        if (Z.ltb x (y+Z.of_N c)) then (
-           (removeZ_aux_insert_guarded y (Z.to_N (x-y))
-             (removeZ_aux_insert_guarded (Z.succ x) (Z.to_N ((y+Z.of_N c)- (Z.succ x))) l))
-        ) else (y, c) :: removeZ x l
-    end.
-
- -
-

Auxiliary Lemmata about Invariant

- -
-
-  Lemma inf_impl : forall x y s,
-    (y <= x) -> inf x s = true -> inf y s = true.
- -
-  Lemma Ok_nil : Ok nil <-> True.
- -
-  Lemma is_encoded_elems_list_app : forall l1 l2,
-    is_encoded_elems_list (l1 ++ l2) <->
-    (is_encoded_elems_list l1 /\ is_encoded_elems_list l2).
- -
-  Lemma is_encoded_elems_list_rev : forall l,
-    is_encoded_elems_list (List.rev l) <->
-    is_encoded_elems_list l.
- -
-  Lemma isok_cons : forall y c , isok ((y, c) :: ) = true <->
-    (inf (y+Z.of_N c) = true /\ ((c <> 0)%N) /\ isok = true).
-  Lemma Ok_cons : forall y c , Ok ((y, c) :: ) <->
-    (inf (y+Z.of_N c) = true /\ ((c <> 0)%N) /\
-     is_encoded_elems_list (elementsZ_single y c) /\ Ok ).
- -
-  Lemma Nin_elements_greater : forall s y,
-     inf y s = true ->
-     isok s = true ->
-     forall x, x <= y ->
-     ~(InZ x s).
-  Lemma isok_inf_nin :
-     forall x s,
-       isok s = true ->
-       inf x s = true ->
-       ~ (InZ x s).
-
- -
-

Properties of In and InZ

- -
-
-  Lemma In_alt_def : forall x s, Ok s ->
-    (In x s <-> List.In x (elements s)).
-  Lemma In_InZ : forall x s, Ok s ->
-    (In x s <-> InZ (Enc.encode x) s).
- -
-
- -
-

Membership specification

- -
-
- -
-  Lemma memZ_spec :
-   forall (s : t) (x : Z) (Hs : Ok s), memZ x s = true <-> InZ x s.
-  Lemma mem_spec :
-   forall (s : t) (x : elt) (Hs : Ok s), mem x s = true <-> In x s.
- -
-
- -
-

add specification

- -
-
-  Lemma addZ_spec :
-   forall (s : t) (x y : Z) (Hs : Ok s),
-    InZ y (addZ x s) <-> Z.eq y x \/ InZ y s.
-  Lemma addZ_isok : forall s x, isok s = true -> isok (addZ x s) = true.
-   Global Instance add_ok s x : forall `(Ok s), Ok (add x s).
-   Lemma add_spec :
-   forall (s : t) (x y : elt) (Hs : Ok s),
-     In y (add x s) <-> Enc.E.eq y x \/ In y s.
- -
-
- -
-

remove specification

- -
-
- -
-  Lemma isok_removeZ_aux_insert_guarded : forall x c s,
-    isok s = true -> inf (x + Z.of_N c) s = true ->
-    isok (removeZ_aux_insert_guarded x c s) = true.
- -
-  Lemma inf_removeZ_aux_insert_guarded : forall x c y s,
-    inf y (removeZ_aux_insert_guarded x c s) = true <->
-    (if (c =? 0)%N then (inf y s = true) else (y < x)).
- -
-  Lemma removeZ_counter_pos_aux : forall y c x,
-     x < y + Z.of_N c ->
-     0 <= y + Z.of_N c - Z.succ x.
- -
-  Lemma removeZ_isok : forall s x, isok s = true -> isok (removeZ x s) = true.
-  Lemma elementsZ_removeZ_aux_insert_guarded : forall x c s,
-    elementsZ (removeZ_aux_insert_guarded x c s) = elementsZ ((x, c) :: s).
- -
-  Lemma removeZ_spec :
-   forall (s : t) (x y : Z) (Hs : isok s = true),
-    InZ y (removeZ x s) <-> InZ y s /\ ~Z.eq y x.
-  Global Instance remove_ok s x : forall `(Ok s), Ok (remove x s).
-  Lemma remove_spec :
-   forall (s : t) (x y : elt) (Hs : Ok s),
-    In y (remove x s) <-> In y s /\ ~Enc.E.eq y x.
-
- -
-

empty specification

- -
-
-  Global Instance empty_ok : Ok empty.
- -
-  Lemma empty_spec´ : forall x, (In x empty <-> False).
- -
-  Lemma empty_spec : Empty empty.
- -
-
- -
-

is_empty specification

- -
-
- -
-  Lemma is_empty_spec : forall (s : t) (Hs : Ok s), is_empty s = true <-> Empty s.
-
- -
-

singleton specification

- -
-
-  Global Instance singleton_ok x : Ok (singleton x).
- -
-  Lemma singleton_spec : forall x y : elt, In y (singleton x) <-> Enc.E.eq y x.
-
- -
-

add_list specification

- -
-
-  Lemma add_list_ok : forall l s, Ok s -> Ok (add_list l s).
-  Lemma add_list_spec : forall x l s, Ok s ->
-     (In x (add_list l s) <-> (SetoidList.InA Enc.E.eq x l) \/ In x s).
-
- -
-

remove_list specification

- -
-
-  Lemma remove_list_ok : forall l s, Ok s -> Ok (remove_list l s).
-  Lemma remove_list_spec : forall x l s, Ok s ->
-     (In x (remove_list l s) <-> ~(InA Enc.E.eq x l) /\ In x s).
-
- -
-

union specification

- -
-
-  Global Instance union_ok s : forall `(Ok s, Ok ), Ok (union s ).
- -
-  Lemma union_spec :
-   forall (s : t) (x : elt) (Hs : Ok s) (Hs´ : Ok ),
-   In x (union s ) <-> In x s \/ In x .
- -
-
- -
-

filter specification

- -
-
- -
-  Global Instance filter_ok s f : forall `(Ok s), Ok (filter f s).
- -
-  Lemma filter_spec :
-   forall (s : t) (x : elt) (f : elt -> bool),
-   Proper (Enc.E.eq==>eq) f ->
-   (In x (filter f s) <-> In x s /\ f x = true).
-
- -
-

inter specification

- -
-
-  Global Instance inter_ok s : forall `(Ok s, Ok ), Ok (inter s ).
- -
-  Lemma inter_spec :
-   forall (s : t) (x : elt) (Hs : Ok s) (Hs´ : Ok ),
-   In x (inter s ) <-> In x s /\ In x .
-
- -
-

diff specification

- -
-
-  Global Instance diff_ok s : forall `(Ok s, Ok ), Ok (diff s ).
- -
-  Lemma diff_spec :
-   forall (s : t) (x : elt) (Hs : Ok s) (Hs´ : Ok ),
-   In x (diff s ) <-> In x s /\ ~In x .
- -
-
- -
-

subset specification

- -
-
- -
-  Lemma subset_spec :
-   forall (s : t) (Hs : Ok s) (Hs´ : Ok ),
-   subset s = true <-> Subset s .
- -
-
- -
-

elements and elementsZ specification

- -
-
- -
-  Lemma elements_spec1 : forall (s : t) (x : elt) (Hs : Ok s), List.In x (elements s) <-> In x s.
- -
-  Lemma NoDupA_elementsZ_single: forall c x,
-    NoDupA Z.eq (elementsZ_single x c).
-  Lemma elementsZ_spec2w : forall (s : t) (Hs : Ok s), NoDupA Z.eq (elementsZ s).
-  Lemma elements_spec2w : forall (s : t) (Hs : Ok s), NoDupA Enc.E.eq (elements s).
-
- -
-

equal specification

- -
-
-  Lemma equal_alt_def : forall s1 s2,
-    equal s1 s2 = true <-> (s1 = s2).
-  Lemma elementsZ_cons_le_start : forall x cx xs y cy ys,
-     isok ((x, cx) :: xs) = true ->
-     isok ((y, cy) :: ys) = true ->
-     (forall z, List.In z (elementsZ ((y, cy) :: ys)) ->
-                List.In z (elementsZ ((x, cx) :: xs))) ->
-     (x <= y).
-  Lemma elementsZ_cons_le_end : forall x cx xs y cy ys,
-     isok ((x, cx) :: xs) = true ->
-     isok ((y, cy) :: ys) = true ->
-     (x <= y + Z.of_N cy) ->
-     (forall z, List.In z (elementsZ ((x, cx) :: xs)) ->
-                List.In z (elementsZ ((y, cy) :: ys))) ->
-     (x + Z.of_N cx <= y + Z.of_N cy).
-  Lemma elementsZ_cons_equiv_hd : forall x cx xs y cy ys,
-     isok ((x, cx) :: xs) = true ->
-     isok ((y, cy) :: ys) = true ->
-     (forall z, List.In z (elementsZ ((x, cx) :: xs)) <->
-                List.In z (elementsZ ((y, cy) :: ys))) ->
-     (x = y) /\ (cx = cy).
- -
-  Lemma elementsZ_single_equiv : forall x cx y cy,
-     (cx <> 0)%N ->
-     (cy <> 0)%N ->
-     (forall z, List.In z (elementsZ_single x cx) <->
-                List.In z (elementsZ_single y cy)) ->
-     (x = y) /\ (cx = cy).
-  Lemma equal_elementsZ :
-    forall (s : t) {Hs : Ok s} {Hs´ : Ok },
-    (forall x, (InZ x s <-> InZ x )) -> (s = ).
-  Lemma equal_spec :
-    forall (s : t) {Hs : Ok s} {Hs´ : Ok },
-    equal s = true <-> Equal s .
-
- -
-

choose specification

- -
-
-  Lemma choose_alt_def : forall s,
-    choose s = match chooseZ s with
-      | None => None
-      | Some e => Some (Enc.decode e)
-    end.
- -
-  Definition choose_spec1 :
-    forall (s : t) (x : elt), choose s = Some x -> In x s.
- -
-  Definition choose_spec2 :
-    forall s : t, choose s = None -> Empty s.
- -
-  Lemma chooseZ_min :
-    forall (s : t) (x y : Z) (Hs : Ok s),
-    chooseZ s = Some x -> InZ y s -> ~ Z.lt y x.
-  Lemma chooseZ_InZ :
-    forall (s : t) (x : Z),
-    chooseZ s = Some x -> InZ x s.
- -
-  Lemma chooseZ_spec3: forall s x , Ok s -> Ok ->
-   chooseZ s = Some x -> chooseZ = Some -> Equal s -> x = .
- -
-
- -
-

fold specification

- -
-
- -
-  Lemma fold_spec :
-   forall (s : t) (A : Type) (i : A) (f : elt -> A -> A),
-   fold f s i = fold_left (flip f) (elements s) i.
- -
- -
-
- -
-

cardinal specification

- -
-
- -
-  Lemma cardinalN_spec : forall (s : t) (c : N),
-    cardinalN c s = (c + N.of_nat (length (elements s)))%N.
-  Lemma cardinal_spec :
-   forall (s : t),
-   cardinal s = length (elements s).
- -
-
- -
-

for_all specification

- -
-
- -
-  Lemma for_all_spec :
-   forall (s : t) (f : elt -> bool) (Hs : Ok s),
-   Proper (Enc.E.eq==>eq) f ->
-   (for_all f s = true <-> For_all (fun x => f x = true) s).
- -
-
- -
-

exists specification

- -
-
- -
-  Lemma exists_spec :
-   forall (s : t) (f : elt -> bool) (Hs : Ok s),
-   Proper (Enc.E.eq==>eq) f ->
-   (exists_ f s = true <-> Exists (fun x => f x = true) s).
- -
-
- -
-

partition specification

- -
-
- -
-  Global Instance partition_ok1 s f : forall `(Ok s), Ok (fst (partition f s)).
- -
-  Global Instance partition_ok2 s f : forall `(Ok s), Ok (snd (partition f s)).
- -
-  Lemma partition_spec1 :
-   forall (s : t) (f : elt -> bool),
-   Proper (Enc.E.eq==>eq) f -> Equal (fst (partition f s)) (filter f s).
- -
-  Lemma partition_spec2 :
-   forall (s : t) (f : elt -> bool),
-   Proper (Enc.E.eq==>eq) f ->
-   Equal (snd (partition f s)) (filter (fun x => negb (f x)) s).
- -
-End Raw.
- -
-
- -
-

Main Module

- - -
- - We can now build the invariant into the set type to obtain an instantiation - of module type WSetsOn. -
-
- -
-Module MSetIntervals (Enc : ElementEncode) <: WSetsOn Enc.E.
-  Module E := Enc.E.
-  Module Raw := Raw Enc.
- -
Local Local -
Definition elt := Raw.elt.
Record t_ := Mkt {this :> Raw.t; is_ok : Raw.Ok this}.
Definition t := t_.
Hint Resolve is_ok : typeclass_instances.
- -
Definition In (x : elt)(s : t) := Raw.In x s.(this).
Definition Equal (s : t) := forall a : elt, In a s <-> In a .
Definition Subset (s : t) := forall a : elt, In a s -> In a .
Definition Empty (s : t) := forall a : elt, ~ In a s.
Definition For_all (P : elt -> Prop)(s : t) := forall x, In x s -> P x.
Definition Exists (P : elt -> Prop)(s : t) := exists x, In x s /\ P x.
- -
Definition mem (x : elt)(s : t) := Raw.mem x s.(this).
Definition add (x : elt)(s : t) : t := Mkt (Raw.add x s.(this)).
Definition remove (x : elt)(s : t) : t := Mkt (Raw.remove x s.(this)).
Definition singleton (x : elt) : t := Mkt (Raw.singleton x).
Definition union (s : t) : t := Mkt (Raw.union s ).
Definition inter (s : t) : t := Mkt (Raw.inter s ).
Definition diff (s : t) : t := Mkt (Raw.diff s ).
Definition equal (s : t) := Raw.equal s .
Definition subset (s : t) := Raw.subset s .(this).
Definition empty : t := Mkt Raw.empty.
Definition is_empty (s : t) := Raw.is_empty s.
Definition elements (s : t) : list elt := Raw.elements s.
Definition choose (s : t) : option elt := Raw.choose s.
Definition fold {A : Type}(f : elt -> A -> A)(s : t) : A -> A := Raw.fold f s.
Definition cardinal (s : t) := Raw.cardinal s.
Definition filter (f : elt -> bool)(s : t) : t := Mkt (Raw.filter f s).
Definition for_all (f : elt -> bool)(s : t) := Raw.for_all f s.
Definition exists_ (f : elt -> bool)(s : t) := Raw.exists_ f s.
Definition partition (f : elt -> bool)(s : t) : t * t :=
-   let p := Raw.partition f s in (Mkt (fst p), Mkt (snd p)).
- -
Instance In_compat : Proper (E.eq==>eq==>iff) In.
- -
Definition eq : t -> t -> Prop := Equal.
- -
Instance eq_equiv : Equivalence eq.
- -
Definition eq_dec : forall (s :t), { eq s }+{ ~eq s }.
- -
Section Spec.
-  Variable s : t.
-  Variable x y : elt.
-  Variable f : elt -> bool.
-  Notation compatb := (Proper (E.eq==>Logic.eq)) (only parsing).
- -
-  Lemma mem_spec : mem x s = true <-> In x s.
-   Lemma equal_spec : equal s = true <-> Equal s .
-   Lemma subset_spec : subset s = true <-> Subset s .
-   Lemma empty_spec : Empty empty.
-   Lemma is_empty_spec : is_empty s = true <-> Empty s.
-   Lemma add_spec : In y (add x s) <-> E.eq y x \/ In y s.
-   Lemma remove_spec : In y (remove x s) <-> In y s /\ ~E.eq y x.
-   Lemma singleton_spec : In y (singleton x) <-> E.eq y x.
-   Lemma union_spec : In x (union s ) <-> In x s \/ In x .
-   Lemma inter_spec : In x (inter s ) <-> In x s /\ In x .
-   Lemma diff_spec : In x (diff s ) <-> In x s /\ ~In x .
-   Lemma fold_spec : forall (A : Type) (i : A) (f : elt -> A -> A),
-      fold f s i = fold_left (fun a e => f e a) (elements s) i.
-   Lemma cardinal_spec : cardinal s = length (elements s).
-   Lemma filter_spec : compatb f ->
-    (In x (filter f s) <-> In x s /\ f x = true).
-   Lemma for_all_spec : compatb f ->
-    (for_all f s = true <-> For_all (fun x => f x = true) s).
-   Lemma exists_spec : compatb f ->
-    (exists_ f s = true <-> Exists (fun x => f x = true) s).
-   Lemma partition_spec1 : compatb f -> Equal (fst (partition f s)) (filter f s).
-   Lemma partition_spec2 : compatb f ->
-      Equal (snd (partition f s)) (filter (fun x => negb (f x)) s).
-   Lemma elements_spec1 : InA E.eq x (elements s) <-> In x s.
-   Lemma elements_spec2w : NoDupA E.eq (elements s).
-   Lemma choose_spec1 : choose s = Some x -> In x s.
-   Lemma choose_spec2 : choose s = None -> Empty s.
- -
End Spec.
- -
-End MSetIntervals.
- -
-
- -
-

Instantiations

- - -
- - It remains to provide instantiations for commonly used datatypes. -
- -

Z

- -
-
- -
-Module ElementEncodeZ <: ElementEncode.
-  Module E := Z.
- -
-  Definition encode (z : Z) := z.
-  Definition decode (z : Z) := z.
- -
-  Lemma decode_encode_ok: forall (e : E.t),
-    decode (encode e) = e.
- -
-  Lemma encode_eq : forall (e1 e2 : E.t),
-    (Z.eq (encode e1) (encode e2)) <-> E.eq e1 e2.
- -
-End ElementEncodeZ.
- -
-Module MSetIntervalsZ <: WSetsOn Z := MSetIntervals ElementEncodeZ.
- -
-
- -
-

N

- -
-
- -
-Module ElementEncodeN <: ElementEncode.
-  Module E := N.
- -
-  Definition encode (n : N) := Z.of_N n.
-  Definition decode (z : Z) := Z.to_N z.
- -
-  Lemma decode_encode_ok: forall (e : E.t),
-    decode (encode e) = e.
- -
-  Lemma encode_eq : forall (e1 e2 : E.t),
-    (Z.eq (encode e1) (encode e2)) <-> E.eq e1 e2.
- End ElementEncodeN.
- -
-Module MSetIntervalsN <: WSetsOn N := MSetIntervals ElementEncodeN.
- -
-
- -
-

nat

- -
-
-Module ElementEncodeNat <: ElementEncode.
-  Module E := NPeano.Nat.
- -
-  Definition encode (n : nat) := Z.of_nat n.
-  Definition decode (z : Z) := Z.to_nat z.
- -
-  Lemma decode_encode_ok: forall (e : E.t),
-    decode (encode e) = e.
- -
-  Lemma encode_eq : forall (e1 e2 : E.t),
-    (Z.eq (encode e1) (encode e2)) <-> E.eq e1 e2.
- End ElementEncodeNat.
- -
-Module MSetIntervalsNat <: WSetsOn NPeano.Nat := MSetIntervals ElementEncodeNat.
- -
-
-
- - - -
- - - \ No newline at end of file diff --git a/coqdoc/MSetListWithDups.html b/coqdoc/MSetListWithDups.html deleted file mode 100644 index 2289b36..0000000 --- a/coqdoc/MSetListWithDups.html +++ /dev/null @@ -1,469 +0,0 @@ - - - - - -MSetListWithDups - - - - -
- - - -
- -

Library MSetListWithDups

- -
- -
-
- -
-

Weak sets implemented as lists with duplicates

- - -
- - This file contains an implementation of the weak set interface - WSetsOnWithDupsExtra. As a datatype unsorted lists are used - that might contain duplicates. - -
- - This implementation is useful, if one needs very efficient - insert and union operation, and can guarantee that one does not - add too many duplicates. The operation elements_dist is implemented - by sorting the list first. Therefore this instantiation can only - be used if the element type is ordered. - -
-
- -
-Require Export MSetInterface.
-Require Import ssreflect.
-Require Import List OrdersFacts OrdersLists.
-Require Import Sorting Permutation.
-Require Import MSetWithDups.
- -
-
- -
-

Removing duplicates from sorted lists

- - -
- - The following module RemoveDupsFromSorted defines an operation - remove_dups_from_sortedA that removes duplicates from a sorted - list. In order to talk about sorted lists, the element type needs - to be ordered. - -
- - This function is combined with a sort function to get a function - remove_dups_by_sortingA to sort unsorted lists and then remove - duplicates. -
-
-Module RemoveDupsFromSorted (Import X:OrderedType).
- -
-
- -
-First, we need some infrastructure for our ordered type -
-
-  Module Import MX := OrderedTypeFacts X.
- -
-  Module Import XTotalLeBool <: TotalLeBool.
-    Definition t := X.t.
-    Definition leb x y :=
-      match X.compare x y with
-        | Lt => true
-        | Eq => true
-        | Gt => false
-      end.
- -
-    Infix "<=?" := leb (at level 35).
- -
-    Theorem leb_total : forall (a1 a2 : t), (a1 <=? a2 = true) \/ (a2 <=? a1 = true).
- -
-    Definition le x y := (leb x y = true).
-  End XTotalLeBool.
- -
-  Lemma eqb_eq_alt : forall x y, eqb x y = true <-> eq x y.
- -
-
- -
-Now we can define our main function -
-
-  Fixpoint remove_dups_from_sortedA_aux (acc : list t) (l : list t) : list t :=
-    match l with
-    | nil => List.rev´ acc
-    | x :: xs =>
-       match xs with
-       | nil => List.rev´ (x :: acc)
-       | y :: ys =>
-           if eqb x y then
-             remove_dups_from_sortedA_aux acc xs
-           else
-             remove_dups_from_sortedA_aux (x::acc) xs
-       end
-    end.
- -
-  Definition remove_dups_from_sortedA := remove_dups_from_sortedA_aux (nil : list t).
- -
-
- -
-We can prove some technical lemmata -
-
-  Lemma remove_dups_from_sortedA_aux_alt : forall (l : list X.t) acc,
-    remove_dups_from_sortedA_aux acc l =
-    List.rev acc ++ (remove_dups_from_sortedA l).
-  Lemma remove_dups_from_sortedA_alt :
-    forall (l : list t),
-    remove_dups_from_sortedA l =
-    match l with
-    | nil => nil
-    | x :: xs =>
-       match xs with
-       | nil => l
-       | y :: ys =>
-           if eqb x y then
-             remove_dups_from_sortedA xs
-           else
-             x :: remove_dups_from_sortedA xs
-       end
-    end.
-  Lemma remove_dups_from_sortedA_hd :
-      forall x xs,
-      exists (:t) xs´,
-        remove_dups_from_sortedA (x :: xs) =
-        ( :: xs´) /\ (eqb x = true).
-
- -
-Finally we get our main result for removing duplicates from sorted lists -
-
-  Lemma remove_dups_from_sortedA_spec :
-    forall (l : list t),
-      Sorted le l ->
-      let := remove_dups_from_sortedA l in (
-    
-      Sorted lt /\
-      NoDupA eq /\
-      (forall x, InA eq x l <-> InA eq x )).
-
- -
-Next, we combine it with sorting -
-
-  Module Import XSort := Sort XTotalLeBool.
- -
-  Definition remove_dups_by_sortingA (l : list t) : list t :=
-    remove_dups_from_sortedA (XSort.sort l).
- -
-  Lemma remove_dups_by_sortingA_spec :
-    forall (l : list t),
-      let := remove_dups_by_sortingA l in (
-    
-      Sorted lt /\
-      NoDupA eq /\
-      (forall x, InA eq x l <-> InA eq x )).
-End RemoveDupsFromSorted.
- -
-
- -
-

Operations Module

- - -
- -With removing duplicates defined, we can implement -the operations for our set implementation easily. - -
-
- -
-Module Ops (X:OrderedType) <: WOps X.
- -
-  Module RDFS := RemoveDupsFromSorted X.
-  Module Import MX := OrderedTypeFacts X.
- -
-  Definition elt := X.t.
-  Definition t := list elt.
- -
-  Definition empty : t := nil.
- -
-  Definition is_empty (l : t) := match l with nil => true | _ => false end.
-  Fixpoint mem (x : elt) (s : t) : bool :=
-    match s with
-    | nil => false
-    | y :: l =>
-           match X.compare x y with
-               Eq => true
-             | _ => mem x l
-           end
-    end.
- -
-  Definition add x (s : t) := x :: s.
-  Definition singleton (x : elt) := x :: nil.
- -
-  Fixpoint rev_filter_aux acc (f : elt -> bool) s :=
-    match s with
-       nil => acc
-     | (x :: xs) => rev_filter_aux (if (f x) then (x :: acc) else acc) f xs
-    end.
-  Definition rev_filter := rev_filter_aux nil.
- -
-  Definition filter (f : elt -> bool) (s : t) : t := rev_filter f s.
- -
-  Definition remove x s :=
-    rev_filter (fun y => match X.compare x y with Eq => false | _ => true end) s.
- -
-  Definition union (s1 s2 : t) : t :=
-    List.rev_append s2 s1.
- -
-  Definition inter (s1 s2 : t) : t :=
-    rev_filter (fun y => mem y s2) s1.
- -
-  Definition elements (x : t) : list elt := x.
- -
-  Definition elements_dist (x : t) : list elt :=
-    RDFS.remove_dups_by_sortingA x.
- -
-  Definition fold {B : Type} (f : elt -> B -> B) (s : t) (i : B) : B :=
-    fold_left (flip f) (elements s) i.
- -
-  Definition diff (s : t) : t := fold remove s.
- -
-  Definition subset (s : t) : bool :=
-    List.forallb (fun x => mem x ) s.
- -
-  Definition equal (s : t) : bool := andb (subset s ) (subset s).
- -
-  Fixpoint for_all (f : elt -> bool) (s : t) : bool :=
-    match s with
-    | nil => true
-    | x :: l => if f x then for_all f l else false
-    end.
- -
-  Fixpoint exists_ (f : elt -> bool) (s : t) : bool :=
-    match s with
-    | nil => false
-    | x :: l => if f x then true else exists_ f l
-    end.
- -
-  Fixpoint partition_aux (a1 a2 : t) (f : elt -> bool) (s : t) : t * t :=
-    match s with
-    | nil => (a1, a2)
-    | x :: l =>
-        if f x then partition_aux (x :: a1) a2 f l else
-                    partition_aux a1 (x :: a2) f l
-    end.
- -
-  Definition partition := partition_aux nil nil.
- -
-  Definition cardinal (s : t) : nat := length (elements_dist s).
- -
-  Definition choose (s : t) : option elt :=
-     match s with
-      | nil => None
-      | x::_ => Some x
-     end.
- -
-End Ops.
- -
-
- -
-

Main Module

- - -
- - Using these operations, we can define the main functor. For this, - we need to prove that the provided operations do indeed satisfy - the weak set interface. This is mostly straightforward and - unsurprising. The only interesting part is that removing - duplicates from a sorted list behaves as expected. This has - however already been proved in module RemoveDupsFromSorted. - -
-
-Module Make (E:OrderedType) <: WSetsOnWithDupsExtra E.
-  Include Ops E.
-  Import MX.
- -
-
- -
-

Proofs of set operation specifications.

- Logical predicates -
-
-  Definition In x (s : t) := SetoidList.InA E.eq x s.
- -
-  Instance In_compat : Proper (E.eq==>eq==>iff) In.
- -
-  Definition Equal s := forall a : elt, In a s <-> In a .
-  Definition Subset s := forall a : elt, In a s -> In a .
-  Definition Empty s := forall a : elt, ~ In a s.
-  Definition For_all (P : elt -> Prop) s := forall x, In x s -> P x.
-  Definition Exists (P : elt -> Prop) s := exists x, In x s /\ P x.
- -
-  Notation "s [=] t" := (Equal s t) (at level 70, no associativity).
-  Notation "s [<=] t" := (Subset s t) (at level 70, no associativity).
- -
-  Definition eq : t -> t -> Prop := Equal.
-  Lemma eq_equiv : Equivalence eq.
-
- -
-Specifications of set operators -
-
-  Notation compatb := (Proper (E.eq==>Logic.eq)) (only parsing).
-  Lemma mem_spec : forall s x, mem x s = true <-> In x s.
-   Lemma subset_spec : forall s , subset s = true <-> s[<=].
-  Lemma equal_spec : forall s , equal s = true <-> s[=].
-   Lemma eq_dec : forall x y : t, {eq x y} + {~ eq x y}.
- -
-  Lemma empty_spec : Empty empty.
- -
-  Lemma is_empty_spec : forall s, is_empty s = true <-> Empty s.
-  Lemma add_spec : forall s x y, In y (add x s) <-> E.eq y x \/ In y s.
- -
-  Lemma singleton_spec : forall x y, In y (singleton x) <-> E.eq y x.
-   Hint Resolve (@Equivalence_Reflexive _ _ E.eq_equiv).
-  Hint Immediate (@Equivalence_Symmetric _ _ E.eq_equiv).
-  Hint Resolve (@Equivalence_Transitive _ _ E.eq_equiv).
-  Lemma rev_filter_aux_spec : forall s acc x f, compatb f ->
-    (In x (rev_filter_aux acc f s) <-> (In x s /\ f x = true) \/ (In x acc)).
-   Lemma filter_spec : forall s x f, compatb f ->
-    (In x (filter f s) <-> In x s /\ f x = true).
- -
-  Lemma remove_spec : forall s x y, In y (remove x s) <-> In y s /\ ~E.eq y x.
-  Lemma union_spec : forall s x, In x (union s ) <-> In x s \/ In x .
- -
-  Lemma inter_spec : forall s x, In x (inter s ) <-> In x s /\ In x .
- -
-  Lemma fold_spec : forall s (A : Type) (i : A) (f : elt -> A -> A),
-    fold f s i = fold_left (flip f) (elements s) i.
- -
-  Lemma elements_spec1 : forall s x, InA E.eq x (elements s) <-> In x s.
- -
-  Lemma diff_spec : forall s x, In x (diff s ) <-> In x s /\ ~In x .
-  Lemma cardinal_spec : forall s, cardinal s = length (elements_dist s).
- -
-  Lemma for_all_spec : forall s f, compatb f ->
-    (for_all f s = true <-> For_all (fun x => f x = true) s).
-  Lemma exists_spec : forall s f, compatb f ->
-    (exists_ f s = true <-> Exists (fun x => f x = true) s).
-  Lemma partition_aux_spec : forall a1 a2 s f,
-    (partition_aux a1 a2 f s = (rev_filter_aux a1 f s, rev_filter_aux a2 (fun x => negb (f x)) s)).
-   Lemma partition_spec1 : forall s f, compatb f ->
-    fst (partition f s) [=] filter f s.
- -
-  Lemma partition_spec2 : forall s f, compatb f ->
-    snd (partition f s) [=] filter (fun x => negb (f x)) s.
- -
-  Lemma choose_spec1 : forall s x, choose s = Some x -> In x s.
- -
-  Lemma choose_spec2 : forall s, choose s = None -> Empty s.
- -
-  Lemma elements_dist_spec_full :
-    forall s,
-      Sorted E.lt (elements_dist s) /\
-      NoDupA E.eq (elements_dist s) /\
-      (forall x, InA E.eq x (elements_dist s) <-> InA E.eq x (elements s)).
- -
-  Lemma elements_dist_spec1 : forall x s, InA E.eq x (elements_dist s) <->
-                                          InA E.eq x (elements s).
- -
-  Lemma elements_dist_spec2w : forall s, NoDupA E.eq (elements_dist s).
- -
-End Make.
-
-
- - - -
- - - \ No newline at end of file diff --git a/coqdoc/MSetWithDups.html b/coqdoc/MSetWithDups.html deleted file mode 100644 index 16242ee..0000000 --- a/coqdoc/MSetWithDups.html +++ /dev/null @@ -1,252 +0,0 @@ - - - - - -MSetWithDups - - - - -
- - - -
- -

Library MSetWithDups

- -
- -
-
- -
-

Signature for weak sets which may contain duplicates

- - -
- - The interface WSetsOn demands that elements returns a list - without duplicates and that the fold function iterates over this - result. Another potential problem is that the function cardinal - is supposed to return the length of the elements list. - -
- - Therefore, implementations that store duplicates internally and for - which the fold function would visit elements multiple times are - ruled out. Such implementations might be desirable for performance - reasons, though. One such (sometimes useful) example are unsorted - lists with duplicates. They have a very efficient insert and union - operation. If they are used in such a way that not too many - membership tests happen and that not too many duplicates - accumulate, it might be a very efficient datastructure. - -
- - In order to allow efficient weak set implementations that use - duplicates internally, we provide new module types in this - file. There is WSetsOnWithDups, which is a proper subset of - WSetsOn. It just removes the problematic properties of elements - and cardinal. - -
- - Since one is of course interested in specifying the cardinality - and in computing a list of elements without duplicates, there is - also an extension WSetsOnWithDupsExtra of WSetsOnWithDups. This - extension introduces a new operation elements_dist, which is a - version of elements without duplicates. This allows to - specify cardinality with respect to elements_dist. - -
-
- -
-Require Import Coq.MSets.MSetInterface.
-Require Import ssreflect.
- -
-
- -
-

WSetsOnWithDups

- - -
- - The module type WSetOnWithDups is a proper subset of WSetsOn; - the problematic parameters cardinal_spec and elements_spec2w - are missing. - -
- - We use this approach to be as noninvasive as possible. If we had the - liberty to modify the existing MSet library, it might be better to - define WSetsOnWithDups as below and define WSetOn by adding the two - extra parameters. - -
-
-Module Type WSetsOnWithDups (E : DecidableType).
-  Include WOps E.
- -
-  Parameter In : elt -> t -> Prop.
-  Declare Instance In_compat : Proper (E.eq==>eq==>iff) In.
- -
-  Definition Equal s := forall a : elt, In a s <-> In a .
-  Definition Subset s := forall a : elt, In a s -> In a .
-  Definition Empty s := forall a : elt, ~ In a s.
-  Definition For_all (P : elt -> Prop) s := forall x, In x s -> P x.
-  Definition Exists (P : elt -> Prop) s := exists x, In x s /\ P x.
- -
-  Notation "s [=] t" := (Equal s t) (at level 70, no associativity).
-  Notation "s [<=] t" := (Subset s t) (at level 70, no associativity).
- -
-  Definition eq : t -> t -> Prop := Equal.
-  Include IsEq.
- -
-eq is obviously an equivalence, for subtyping only -
-
-  Include HasEqDec.
- -
-  Section Spec.
-  Variable s : t.
-  Variable x y : elt.
-  Variable f : elt -> bool.
-  Notation compatb := (Proper (E.eq==>Logic.eq)) (only parsing).
- -
-  Parameter mem_spec : mem x s = true <-> In x s.
-  Parameter equal_spec : equal s = true <-> s[=].
-  Parameter subset_spec : subset s = true <-> s[<=].
-  Parameter empty_spec : Empty empty.
-  Parameter is_empty_spec : is_empty s = true <-> Empty s.
-  Parameter add_spec : In y (add x s) <-> E.eq y x \/ In y s.
-  Parameter remove_spec : In y (remove x s) <-> In y s /\ ~E.eq y x.
-  Parameter singleton_spec : In y (singleton x) <-> E.eq y x.
-  Parameter union_spec : In x (union s ) <-> In x s \/ In x .
-  Parameter inter_spec : In x (inter s ) <-> In x s /\ In x .
-  Parameter diff_spec : In x (diff s ) <-> In x s /\ ~In x .
-  Parameter fold_spec : forall (A : Type) (i : A) (f : elt -> A -> A),
-    fold f s i = fold_left (flip f) (elements s) i.
-  Parameter filter_spec : compatb f ->
-    (In x (filter f s) <-> In x s /\ f x = true).
-  Parameter for_all_spec : compatb f ->
-    (for_all f s = true <-> For_all (fun x => f x = true) s).
-  Parameter exists_spec : compatb f ->
-    (exists_ f s = true <-> Exists (fun x => f x = true) s).
-  Parameter partition_spec1 : compatb f ->
-    fst (partition f s) [=] filter f s.
-  Parameter partition_spec2 : compatb f ->
-    snd (partition f s) [=] filter (fun x => negb (f x)) s.
-  Parameter elements_spec1 : InA E.eq x (elements s) <-> In x s.
-  Parameter choose_spec1 : choose s = Some x -> In x s.
-  Parameter choose_spec2 : choose s = None -> Empty s.
- -
-  End Spec.
- -
-End WSetsOnWithDups.
- -
-
- -
-

WSetsOnWithDupsExtra

- - -
- - WSetsOnWithDupsExtra introduces elements_dist in order to - specify cardinality and in order to get an operation similar to - the original behavior of elements. -
-
-Module Type WSetsOnWithDupsExtra (E : DecidableType).
-  Include WSetsOnWithDups E.
- -
-
- -
-An operation for getting an elements list without duplicates -
-
-  Parameter elements_dist : t -> list elt.
- -
-  Parameter elements_dist_spec1 : forall x s, InA E.eq x (elements_dist s) <->
-                                              InA E.eq x (elements s).
- -
-  Parameter elements_dist_spec2w : forall s, NoDupA E.eq (elements_dist s).
- -
-
- -
-Cardinality can then be specified with respect to elements_dist. -
-
-  Parameter cardinal_spec : forall s, cardinal s = length (elements_dist s).
-End WSetsOnWithDupsExtra.
- -
-
- -
-

WSetOn to WSetsOnWithDupsExtra

- - -
- - Since WSetsOnWithDupsExtra is morally a weaker version of WSetsOn - that allows the fold operation to visit elements multiple time, we can write then - following conversion. -
-
- -
-Module WSetsOn_TO_WSetsOnWithDupsExtra (E : DecidableType) (W : WSetsOn E) <:
-  WSetsOnWithDupsExtra E.
- -
-  Include W.
- -
-  Definition elements_dist := W.elements.
- -
-  Lemma elements_dist_spec1 : forall x s, InA E.eq x (elements_dist s) <->
-                                          InA E.eq x (elements s).
- -
-  Lemma elements_dist_spec2w : forall s, NoDupA E.eq (elements_dist s).
- -
-End WSetsOn_TO_WSetsOnWithDupsExtra.
- -
-
-
- - - -
- - - \ No newline at end of file diff --git a/coqdoc/coqdoc.sty b/coqdoc/coqdoc.sty deleted file mode 100644 index 9de9a38..0000000 --- a/coqdoc/coqdoc.sty +++ /dev/null @@ -1,169 +0,0 @@ - -% This is coqdoc.sty, by Jean-Christophe Filliâtre -% This LaTeX package is used by coqdoc (http://www.lri.fr/~filliatr/coqdoc) -% -% You can modify the following macros to customize the appearance -% of the document. - -\NeedsTeXFormat{LaTeX2e} -\ProvidesPackage{coqdoc}[2002/02/11] - -% % Headings -% \usepackage{fancyhdr} -% \newcommand{\coqdocleftpageheader}{\thepage\ -- \today} -% \newcommand{\coqdocrightpageheader}{\today\ -- \thepage} -% \pagestyle{fancyplain} - -% %BEGIN LATEX -% \headsep 8mm -% \renewcommand{\plainheadrulewidth}{0.4pt} -% \renewcommand{\plainfootrulewidth}{0pt} -% \lhead[\coqdocleftpageheader]{\leftmark} -% \rhead[\leftmark]{\coqdocrightpageheader} -% \cfoot{} -% %END LATEX - -% Hevea puts to much space with \medskip and \bigskip -%HEVEA\renewcommand{\medskip}{} -%HEVEA\renewcommand{\bigskip}{} - - -%HEVEA\newcommand{\lnot}{\coqwkw{not}} -%HEVEA\newcommand{\lor}{\coqwkw{or}} -%HEVEA\newcommand{\land}{\&} - -% own name -\newcommand{\coqdoc}{\textsf{coqdoc}} - -% pretty underscores (the package fontenc causes ugly underscores) -%BEGIN LATEX -\def\_{\kern.08em\vbox{\hrule width.35em height.6pt}\kern.08em} -%END LATEX - -% macro for typesetting keywords -\newcommand{\coqdockw}[1]{\texttt{#1}} - -% macro for typesetting variable identifiers -\newcommand{\coqdocvar}[1]{\textit{#1}} - -% macro for typesetting constant identifiers -\newcommand{\coqdoccst}[1]{\textsf{#1}} - -% macro for typesetting module identifiers -\newcommand{\coqdocmod}[1]{\textsc{\textsf{#1}}} - -% macro for typesetting module constant identifiers (e.g. Parameters in -% module types) -\newcommand{\coqdocax}[1]{\textsl{\textsf{#1}}} - -% macro for typesetting inductive type identifiers -\newcommand{\coqdocind}[1]{\textbf{\textsf{#1}}} - -% macro for typesetting constructor identifiers -\newcommand{\coqdocconstr}[1]{\textsf{#1}} - -% macro for typesetting tactic identifiers -\newcommand{\coqdoctac}[1]{\texttt{#1}} - -% These are the real macros used by coqdoc, their typesetting is -% based on the above macros by default. - -\newcommand{\coqdoclibrary}[1]{\coqdoccst{#1}} -\newcommand{\coqdocinductive}[1]{\coqdocind{#1}} -\newcommand{\coqdocdefinition}[1]{\coqdoccst{#1}} -\newcommand{\coqdocvariable}[1]{\coqdocvar{#1}} -\newcommand{\coqdocconstructor}[1]{\coqdocconstr{#1}} -\newcommand{\coqdoclemma}[1]{\coqdoccst{#1}} -\newcommand{\coqdocclass}[1]{\coqdocind{#1}} -\newcommand{\coqdocinstance}[1]{\coqdoccst{#1}} -\newcommand{\coqdocmethod}[1]{\coqdoccst{#1}} -\newcommand{\coqdocabbreviation}[1]{\coqdoccst{#1}} -\newcommand{\coqdocrecord}[1]{\coqdocind{#1}} -\newcommand{\coqdocprojection}[1]{\coqdoccst{#1}} -\newcommand{\coqdocnotation}[1]{\coqdockw{#1}} -\newcommand{\coqdocsection}[1]{\coqdoccst{#1}} -\newcommand{\coqdocaxiom}[1]{\coqdocax{#1}} -\newcommand{\coqdocmodule}[1]{\coqdocmod{#1}} - -% Environment encompassing code fragments -% !!! CAUTION: This environment may have empty contents -\newenvironment{coqdoccode}{}{} - -% Environment for comments -\newenvironment{coqdoccomment}{\tt(*}{*)} - -% newline and indentation -%BEGIN LATEX -% Base indentation length -\newlength{\coqdocbaseindent} -\setlength{\coqdocbaseindent}{0em} - -% Beginning of a line without any Coq indentation -\newcommand{\coqdocnoindent}{\noindent\kern\coqdocbaseindent} -% Beginning of a line with a given Coq indentation -\newcommand{\coqdocindent}[1]{\noindent\kern\coqdocbaseindent\noindent\kern#1} -% End-of-the-line -\newcommand{\coqdoceol}{\hspace*{\fill}\setlength\parskip{0pt}\par} -% Empty lines (in code only) -\newcommand{\coqdocemptyline}{\vskip 0.4em plus 0.1em minus 0.1em} - -\usepackage{ifpdf} -\ifpdf - \RequirePackage{hyperref} - \hypersetup{raiselinks=true,colorlinks=true,linkcolor=black} - - % To do indexing, use something like: - % \usepackage{multind} - % \newcommand{\coqdef}[3]{\hypertarget{coq:#1}{\index{coq}{#1@#2|hyperpage}#3}} - - \newcommand{\coqdef}[3]{\phantomsection\hypertarget{coq:#1}{#3}} - \newcommand{\coqref}[2]{\hyperlink{coq:#1}{#2}} - \newcommand{\coqexternalref}[3]{\href{#1.html\##2}{#3}} - - \newcommand{\identref}[2]{\hyperlink{coq:#1}{\textsf {#2}}} - \newcommand{\coqlibrary}[3]{\cleardoublepage\phantomsection - \hypertarget{coq:#1}{\chapter{#2\texorpdfstring{\coqdoccst}{}{#3}}}} -\else - \newcommand{\coqdef}[3]{#3} - \newcommand{\coqref}[2]{#2} - \newcommand{\coqexternalref}[3]{#3} - \newcommand{\texorpdfstring}[2]{#1} - \newcommand{\identref}[2]{\textsf{#2}} - \newcommand{\coqlibrary}[3]{\cleardoublepage\chapter{#2\coqdoccst{#3}}} -\fi -\usepackage{xr} - -\newif\if@coqdoccolors - \@coqdoccolorsfalse - -\DeclareOption{color}{\@coqdoccolorstrue} -\ProcessOptions - -\if@coqdoccolors -\RequirePackage{xcolor} -\definecolor{varpurple}{rgb}{0.4,0,0.4} -\definecolor{constrmaroon}{rgb}{0.6,0,0} -\definecolor{defgreen}{rgb}{0,0.4,0} -\definecolor{indblue}{rgb}{0,0,0.8} -\definecolor{kwred}{rgb}{0.8,0.1,0.1} - -\def\coqdocvarcolor{varpurple} -\def\coqdockwcolor{kwred} -\def\coqdoccstcolor{defgreen} -\def\coqdocindcolor{indblue} -\def\coqdocconstrcolor{constrmaroon} -\def\coqdocmodcolor{defgreen} -\def\coqdocaxcolor{varpurple} -\def\coqdoctaccolor{black} - -\def\coqdockw#1{{\color{\coqdockwcolor}{\texttt{#1}}}} -\def\coqdocvar#1{{\color{\coqdocvarcolor}{\textit{#1}}}} -\def\coqdoccst#1{{\color{\coqdoccstcolor}{\textrm{#1}}}} -\def\coqdocind#1{{\color{\coqdocindcolor}{\textsf{#1}}}} -\def\coqdocconstr#1{{\color{\coqdocconstrcolor}{\textsf{#1}}}} -\def\coqdocmod#1{{{\color{\coqdocmodcolor}{\textsc{\textsf{#1}}}}}} -\def\coqdocax#1{{{\color{\coqdocaxcolor}{\textsl{\textrm{#1}}}}}} -\def\coqdoctac#1{{\color{\coqdoctaccolor}{\texttt{#1}}}} -\fi - -\endinput diff --git a/coqdoc/index.html b/coqdoc/index.html deleted file mode 100644 index 301d042..0000000 --- a/coqdoc/index.html +++ /dev/null @@ -1,1982 +0,0 @@ - - - - - -Index - - - - -
- - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Global IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(451 entries)
Notation IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(5 entries)
Module IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(43 entries)
Variable IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(10 entries)
Library IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(4 entries)
Lemma IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(168 entries)
Axiom IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(31 entries)
Constructor IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(2 entries)
Projection IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(7 entries)
Inductive IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(1 entry)
Section IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(3 entries)
Instance IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(15 entries)
Abbreviation IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(3 entries)
Definition IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(156 entries)
Record IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(3 entries)
-
-

Global Index

-

A

-add_add_sub_eq [lemma, in MSetIntervals]
-

E

-ElementEncode [module, in MSetIntervals]
-ElementEncodeN [module, in MSetIntervals]
-ElementEncodeNat [module, in MSetIntervals]
-ElementEncodeNat.decode [definition, in MSetIntervals]
-ElementEncodeNat.decode_encode_ok [lemma, in MSetIntervals]
-ElementEncodeNat.E [module, in MSetIntervals]
-ElementEncodeNat.encode [definition, in MSetIntervals]
-ElementEncodeNat.encode_eq [lemma, in MSetIntervals]
-ElementEncodeN.decode [definition, in MSetIntervals]
-ElementEncodeN.decode_encode_ok [lemma, in MSetIntervals]
-ElementEncodeN.E [module, in MSetIntervals]
-ElementEncodeN.encode [definition, in MSetIntervals]
-ElementEncodeN.encode_eq [lemma, in MSetIntervals]
-ElementEncodeZ [module, in MSetIntervals]
-ElementEncodeZ.decode [definition, in MSetIntervals]
-ElementEncodeZ.decode_encode_ok [lemma, in MSetIntervals]
-ElementEncodeZ.E [module, in MSetIntervals]
-ElementEncodeZ.encode [definition, in MSetIntervals]
-ElementEncodeZ.encode_eq [lemma, in MSetIntervals]
-ElementEncode.decode [axiom, in MSetIntervals]
-ElementEncode.decode_encode_ok [axiom, in MSetIntervals]
-ElementEncode.E [module, in MSetIntervals]
-ElementEncode.encode [axiom, in MSetIntervals]
-ElementEncode.encode_eq [axiom, in MSetIntervals]
-

F

-foldWithAbortGtLtSpecPred [definition, in MSetFoldWithAbort]
-foldWithAbortGtLtType [definition, in MSetFoldWithAbort]
-foldWithAbortGtSpecPred [definition, in MSetFoldWithAbort]
-foldWithAbortGtType [definition, in MSetFoldWithAbort]
-foldWithAbortPrecomputeSpecPred [definition, in MSetFoldWithAbort]
-foldWithAbortPrecomputeType [definition, in MSetFoldWithAbort]
-foldWithAbortSpecPred [definition, in MSetFoldWithAbort]
-foldWithAbortType [definition, in MSetFoldWithAbort]
-

H

-HasFoldWithAbort [module, in MSetFoldWithAbort]
-HasFoldWithAbortOps [module, in MSetFoldWithAbort]
-HasFoldWithAbortOps.choose_with_abort_spec [lemma, in MSetFoldWithAbort]
-HasFoldWithAbortOps.choose_with_abort [definition, in MSetFoldWithAbort]
-HasFoldWithAbortOps.exists_with_abort_spec [lemma, in MSetFoldWithAbort]
-HasFoldWithAbortOps.exists_with_abort [definition, in MSetFoldWithAbort]
-HasFoldWithAbortOps.filter_with_abort_spec [lemma, in MSetFoldWithAbort]
-HasFoldWithAbortOps.filter_with_abort [definition, in MSetFoldWithAbort]
-HasFoldWithAbortOps.foldWithAbort [definition, in MSetFoldWithAbort]
-HasFoldWithAbortOps.foldWithAbortGt [definition, in MSetFoldWithAbort]
-HasFoldWithAbortOps.foldWithAbortGtLt [definition, in MSetFoldWithAbort]
-HasFoldWithAbortOps.foldWithAbortGtLtSpec [lemma, in MSetFoldWithAbort]
-HasFoldWithAbortOps.foldWithAbortGtLtSpec_Equal [lemma, in MSetFoldWithAbort]
-HasFoldWithAbortOps.foldWithAbortGtSpec [lemma, in MSetFoldWithAbort]
-HasFoldWithAbortOps.foldWithAbortGtSpec_Equal [lemma, in MSetFoldWithAbort]
-HasFoldWithAbortOps.foldWithAbortPrecomputeSpec_Equal [lemma, in MSetFoldWithAbort]
-HasFoldWithAbortOps.foldWithAbortSpec [lemma, in MSetFoldWithAbort]
-HasFoldWithAbortOps.FoldWithAbortSpecArg [record, in MSetFoldWithAbort]
-HasFoldWithAbortOps.foldWithAbortSpecArgsForPred [definition, in MSetFoldWithAbort]
-HasFoldWithAbortOps.foldWithAbortSpec_Equal [lemma, in MSetFoldWithAbort]
-HasFoldWithAbortOps.forall_with_abort_spec [lemma, in MSetFoldWithAbort]
-HasFoldWithAbortOps.forall_with_abort [definition, in MSetFoldWithAbort]
-HasFoldWithAbortOps.fwasa_P' [projection, in MSetFoldWithAbort]
-HasFoldWithAbortOps.fwasa_f_gt [projection, in MSetFoldWithAbort]
-HasFoldWithAbortOps.fwasa_f_lt [projection, in MSetFoldWithAbort]
-HasFoldWithAbortOps.fwasa_f_pre [projection, in MSetFoldWithAbort]
-HasFoldWithAbort.foldWithAbortPrecompute [axiom, in MSetFoldWithAbort]
-HasFoldWithAbort.foldWithAbortPrecomputeSpec [axiom, in MSetFoldWithAbort]
-

M

-Make [module, in MSetListWithDups]
-MakeAVLSetsWithFoldA [module, in MSetFoldWithAbort]
-MakeAVLSetsWithFoldA.foldWithAbortPrecompute [definition, in MSetFoldWithAbort]
-MakeAVLSetsWithFoldA.foldWithAbortPrecomputeSpec [lemma, in MSetFoldWithAbort]
-MakeGenTreeFoldA [module, in MSetFoldWithAbort]
-MakeGenTreeFoldA.foldWithAbort_RawSpec [lemma, in MSetFoldWithAbort]
-MakeGenTreeFoldA.foldWithAbort_Raw [definition, in MSetFoldWithAbort]
-MakeListSetsWithFoldA [module, in MSetFoldWithAbort]
-MakeListSetsWithFoldA.foldWithAbortPrecompute [definition, in MSetFoldWithAbort]
-MakeListSetsWithFoldA.foldWithAbortPrecomputeSpec [lemma, in MSetFoldWithAbort]
-MakeListSetsWithFoldA.foldWithAbortRaw [definition, in MSetFoldWithAbort]
-MakeRBTSetsWithFoldA [module, in MSetFoldWithAbort]
-MakeRBTSetsWithFoldA.foldWithAbortPrecompute [definition, in MSetFoldWithAbort]
-MakeRBTSetsWithFoldA.foldWithAbortPrecomputeSpec [lemma, in MSetFoldWithAbort]
-MakeWeakListSetsWithFoldA [module, in MSetFoldWithAbort]
-MakeWeakListSetsWithFoldA.E [module, in MSetFoldWithAbort]
-MakeWeakListSetsWithFoldA.foldWithAbortPrecompute [definition, in MSetFoldWithAbort]
-MakeWeakListSetsWithFoldA.foldWithAbortPrecomputeSpec [lemma, in MSetFoldWithAbort]
-MakeWeakListSetsWithFoldA.foldWithAbortRaw [definition, in MSetFoldWithAbort]
-MakeWeakListSetsWithFoldA.Raw [module, in MSetFoldWithAbort]
-Make.add_spec [lemma, in MSetListWithDups]
-Make.cardinal_spec [lemma, in MSetListWithDups]
-Make.choose_spec2 [lemma, in MSetListWithDups]
-Make.choose_spec1 [lemma, in MSetListWithDups]
-Make.compatb [abbreviation, in MSetListWithDups]
-Make.diff_spec [lemma, in MSetListWithDups]
-Make.elements_dist_spec2w [lemma, in MSetListWithDups]
-Make.elements_dist_spec1 [lemma, in MSetListWithDups]
-Make.elements_dist_spec_full [lemma, in MSetListWithDups]
-Make.elements_spec1 [lemma, in MSetListWithDups]
-Make.Empty [definition, in MSetListWithDups]
-Make.empty_spec [lemma, in MSetListWithDups]
-Make.eq [definition, in MSetListWithDups]
-Make.Equal [definition, in MSetListWithDups]
-Make.equal_spec [lemma, in MSetListWithDups]
-Make.eq_dec [lemma, in MSetListWithDups]
-Make.eq_equiv [lemma, in MSetListWithDups]
-Make.Exists [definition, in MSetListWithDups]
-Make.exists_spec [lemma, in MSetListWithDups]
-Make.filter_spec [lemma, in MSetListWithDups]
-Make.fold_spec [lemma, in MSetListWithDups]
-Make.for_all_spec [lemma, in MSetListWithDups]
-Make.For_all [definition, in MSetListWithDups]
-Make.In [definition, in MSetListWithDups]
-Make.inter_spec [lemma, in MSetListWithDups]
-Make.In_compat [instance, in MSetListWithDups]
-Make.is_empty_spec [lemma, in MSetListWithDups]
-Make.mem_spec [lemma, in MSetListWithDups]
-Make.partition_spec2 [lemma, in MSetListWithDups]
-Make.partition_spec1 [lemma, in MSetListWithDups]
-Make.partition_aux_spec [lemma, in MSetListWithDups]
-Make.remove_spec [lemma, in MSetListWithDups]
-Make.rev_filter_aux_spec [lemma, in MSetListWithDups]
-Make.singleton_spec [lemma, in MSetListWithDups]
-Make.Subset [definition, in MSetListWithDups]
-Make.subset_spec [lemma, in MSetListWithDups]
-Make.union_spec [lemma, in MSetListWithDups]
-_ [<=] _ [notation, in MSetListWithDups]
-_ [=] _ [notation, in MSetListWithDups]
-MSetFoldWithAbort [library]
-MSetIntervals [module, in MSetIntervals]
-MSetIntervals [library]
-MSetIntervalsN [module, in MSetIntervals]
-MSetIntervalsNat [module, in MSetIntervals]
-MSetIntervalsZ [module, in MSetIntervals]
-MSetIntervals.add [definition, in MSetIntervals]
-MSetIntervals.add_spec [lemma, in MSetIntervals]
-MSetIntervals.cardinal [definition, in MSetIntervals]
-MSetIntervals.cardinal_spec [lemma, in MSetIntervals]
-MSetIntervals.choose [definition, in MSetIntervals]
-MSetIntervals.choose_spec2 [lemma, in MSetIntervals]
-MSetIntervals.choose_spec1 [lemma, in MSetIntervals]
-MSetIntervals.compatb [abbreviation, in MSetIntervals]
-MSetIntervals.diff [definition, in MSetIntervals]
-MSetIntervals.diff_spec [lemma, in MSetIntervals]
-MSetIntervals.E [module, in MSetIntervals]
-MSetIntervals.elements [definition, in MSetIntervals]
-MSetIntervals.elements_spec2w [lemma, in MSetIntervals]
-MSetIntervals.elements_spec1 [lemma, in MSetIntervals]
-MSetIntervals.elt [definition, in MSetIntervals]
-MSetIntervals.empty [definition, in MSetIntervals]
-MSetIntervals.Empty [definition, in MSetIntervals]
-MSetIntervals.empty_spec [lemma, in MSetIntervals]
-MSetIntervals.eq [definition, in MSetIntervals]
-MSetIntervals.equal [definition, in MSetIntervals]
-MSetIntervals.Equal [definition, in MSetIntervals]
-MSetIntervals.equal_spec [lemma, in MSetIntervals]
-MSetIntervals.eq_dec [definition, in MSetIntervals]
-MSetIntervals.eq_equiv [instance, in MSetIntervals]
-MSetIntervals.Exists [definition, in MSetIntervals]
-MSetIntervals.exists_spec [lemma, in MSetIntervals]
-MSetIntervals.exists_ [definition, in MSetIntervals]
-MSetIntervals.filter [definition, in MSetIntervals]
-MSetIntervals.filter_spec [lemma, in MSetIntervals]
-MSetIntervals.fold [definition, in MSetIntervals]
-MSetIntervals.fold_spec [lemma, in MSetIntervals]
-MSetIntervals.for_all_spec [lemma, in MSetIntervals]
-MSetIntervals.for_all [definition, in MSetIntervals]
-MSetIntervals.For_all [definition, in MSetIntervals]
-MSetIntervals.In [definition, in MSetIntervals]
-MSetIntervals.inter [definition, in MSetIntervals]
-MSetIntervals.inter_spec [lemma, in MSetIntervals]
-MSetIntervals.In_compat [instance, in MSetIntervals]
-MSetIntervals.is_empty_spec [lemma, in MSetIntervals]
-MSetIntervals.is_empty [definition, in MSetIntervals]
-MSetIntervals.is_ok [projection, in MSetIntervals]
-MSetIntervals.mem [definition, in MSetIntervals]
-MSetIntervals.mem_spec [lemma, in MSetIntervals]
-MSetIntervals.Mkt [constructor, in MSetIntervals]
-MSetIntervals.partition [definition, in MSetIntervals]
-MSetIntervals.partition_spec2 [lemma, in MSetIntervals]
-MSetIntervals.partition_spec1 [lemma, in MSetIntervals]
-MSetIntervals.Raw [module, in MSetIntervals]
-MSetIntervals.remove [definition, in MSetIntervals]
-MSetIntervals.remove_spec [lemma, in MSetIntervals]
-MSetIntervals.singleton [definition, in MSetIntervals]
-MSetIntervals.singleton_spec [lemma, in MSetIntervals]
-MSetIntervals.Spec [section, in MSetIntervals]
-MSetIntervals.Spec.f [variable, in MSetIntervals]
-MSetIntervals.Spec.s [variable, in MSetIntervals]
-MSetIntervals.Spec.s' [variable, in MSetIntervals]
-MSetIntervals.Spec.x [variable, in MSetIntervals]
-MSetIntervals.Spec.y [variable, in MSetIntervals]
-MSetIntervals.subset [definition, in MSetIntervals]
-MSetIntervals.Subset [definition, in MSetIntervals]
-MSetIntervals.subset_spec [lemma, in MSetIntervals]
-MSetIntervals.t [definition, in MSetIntervals]
-MSetIntervals.this [projection, in MSetIntervals]
-MSetIntervals.t_ [record, in MSetIntervals]
-MSetIntervals.union [definition, in MSetIntervals]
-MSetIntervals.union_spec [lemma, in MSetIntervals]
-MSetListWithDups [library]
-MSetWithDups [library]
-

N

-NoDupA_map [lemma, in MSetIntervals]
-NOP [module, in MSetIntervals]
-

O

-Ops [module, in MSetIntervals]
-Ops [module, in MSetListWithDups]
-Ops.acc_pred [lemma, in MSetIntervals]
-Ops.add [definition, in MSetIntervals]
-Ops.add [definition, in MSetListWithDups]
-Ops.addZ [definition, in MSetIntervals]
-Ops.addZ_aux [definition, in MSetIntervals]
-Ops.add_list [definition, in MSetIntervals]
-Ops.cardinal [definition, in MSetIntervals]
-Ops.cardinal [definition, in MSetListWithDups]
-Ops.cardinalN [definition, in MSetIntervals]
-Ops.choose [definition, in MSetIntervals]
-Ops.choose [definition, in MSetListWithDups]
-Ops.chooseZ [definition, in MSetIntervals]
-Ops.diff [definition, in MSetIntervals]
-Ops.diff [definition, in MSetListWithDups]
-Ops.elements [definition, in MSetIntervals]
-Ops.elements [definition, in MSetListWithDups]
-Ops.elementsZ [definition, in MSetIntervals]
-Ops.elementsZ_aux [definition, in MSetIntervals]
-Ops.elementsZ_aux' [definition, in MSetIntervals]
-Ops.elementsZ_aux'' [definition, in MSetIntervals]
-Ops.elements_dist [definition, in MSetListWithDups]
-Ops.elt [definition, in MSetIntervals]
-Ops.elt [definition, in MSetListWithDups]
-Ops.empty [definition, in MSetIntervals]
-Ops.empty [definition, in MSetListWithDups]
-Ops.equal [definition, in MSetIntervals]
-Ops.equal [definition, in MSetListWithDups]
-Ops.exists_ [definition, in MSetIntervals]
-Ops.exists_ [definition, in MSetListWithDups]
-Ops.filter [definition, in MSetIntervals]
-Ops.filter [definition, in MSetListWithDups]
-Ops.fold [definition, in MSetIntervals]
-Ops.fold [definition, in MSetListWithDups]
-Ops.for_all [definition, in MSetIntervals]
-Ops.for_all [definition, in MSetListWithDups]
-Ops.from_elements [definition, in MSetIntervals]
-Ops.inter [definition, in MSetIntervals]
-Ops.inter [definition, in MSetListWithDups]
-Ops.is_empty [definition, in MSetIntervals]
-Ops.is_empty [definition, in MSetListWithDups]
-Ops.mem [definition, in MSetIntervals]
-Ops.mem [definition, in MSetListWithDups]
-Ops.memZ [definition, in MSetIntervals]
-Ops.MX [module, in MSetListWithDups]
-Ops.partition [definition, in MSetIntervals]
-Ops.partition [definition, in MSetListWithDups]
-Ops.partition_aux [definition, in MSetListWithDups]
-Ops.RDFS [module, in MSetListWithDups]
-Ops.remove [definition, in MSetIntervals]
-Ops.remove [definition, in MSetListWithDups]
-Ops.removeZ [definition, in MSetIntervals]
-Ops.removeZ_aux [definition, in MSetIntervals]
-Ops.removeZ_aux_insert_guarded [definition, in MSetIntervals]
-Ops.remove_list [definition, in MSetIntervals]
-Ops.rev_filter [definition, in MSetListWithDups]
-Ops.rev_filter_aux [definition, in MSetListWithDups]
-Ops.singleton [definition, in MSetIntervals]
-Ops.singleton [definition, in MSetListWithDups]
-Ops.singleton_alt_def [lemma, in MSetIntervals]
-Ops.subset [definition, in MSetIntervals]
-Ops.subset [definition, in MSetListWithDups]
-Ops.t [definition, in MSetIntervals]
-Ops.t [definition, in MSetListWithDups]
-Ops.union [definition, in MSetIntervals]
-Ops.union [definition, in MSetListWithDups]
-

R

-Raw [module, in MSetIntervals]
-Raw.addZ_isok [lemma, in MSetIntervals]
-Raw.addZ_spec [lemma, in MSetIntervals]
-Raw.addZ_alt_def [lemma, in MSetIntervals]
-Raw.addZ_aux_alt_def [lemma, in MSetIntervals]
-Raw.addZ_ind [lemma, in MSetIntervals]
-Raw.add_list_spec [lemma, in MSetIntervals]
-Raw.add_list_ok [lemma, in MSetIntervals]
-Raw.add_spec [lemma, in MSetIntervals]
-Raw.add_ok [instance, in MSetIntervals]
-Raw.cardinalN_spec [lemma, in MSetIntervals]
-Raw.cardinal_spec [lemma, in MSetIntervals]
-Raw.chooseZ_spec3 [lemma, in MSetIntervals]
-Raw.chooseZ_InZ [lemma, in MSetIntervals]
-Raw.chooseZ_min [lemma, in MSetIntervals]
-Raw.choose_spec2 [definition, in MSetIntervals]
-Raw.choose_spec1 [definition, in MSetIntervals]
-Raw.choose_alt_def [lemma, in MSetIntervals]
-Raw.diff_spec [lemma, in MSetIntervals]
-Raw.diff_ok [instance, in MSetIntervals]
-Raw.elementsZ_single_equiv [lemma, in MSetIntervals]
-Raw.elementsZ_cons_equiv_hd [lemma, in MSetIntervals]
-Raw.elementsZ_cons_le_end [lemma, in MSetIntervals]
-Raw.elementsZ_cons_le_start [lemma, in MSetIntervals]
-Raw.elementsZ_spec2w [lemma, in MSetIntervals]
-Raw.elementsZ_removeZ_aux_insert_guarded [lemma, in MSetIntervals]
-Raw.elementsZ_cons [lemma, in MSetIntervals]
-Raw.elementsZ_aux_alt_def [lemma, in MSetIntervals]
-Raw.elementsZ_single_intro [lemma, in MSetIntervals]
-Raw.elementsZ_aux'_succ [lemma, in MSetIntervals]
-Raw.elementsZ_aux'_zero [lemma, in MSetIntervals]
-Raw.elementsZ_aux'_pos [lemma, in MSetIntervals]
-Raw.elementsZ_aux''_irrel [lemma, in MSetIntervals]
-Raw.elementsZ_single_succ_front [lemma, in MSetIntervals]
-Raw.elementsZ_single_add [lemma, in MSetIntervals]
-Raw.elementsZ_single_succ [lemma, in MSetIntervals]
-Raw.elementsZ_single_base [lemma, in MSetIntervals]
-Raw.elementsZ_single [definition, in MSetIntervals]
-Raw.elementsZ_nil [lemma, in MSetIntervals]
-Raw.elements_spec2w [lemma, in MSetIntervals]
-Raw.elements_spec1 [lemma, in MSetIntervals]
-Raw.elements_cons [lemma, in MSetIntervals]
-Raw.elements_single [definition, in MSetIntervals]
-Raw.elements_nil [lemma, in MSetIntervals]
-Raw.Empty [definition, in MSetIntervals]
-Raw.empty_spec [lemma, in MSetIntervals]
-Raw.empty_spec' [lemma, in MSetIntervals]
-Raw.empty_ok [instance, in MSetIntervals]
-Raw.Equal [definition, in MSetIntervals]
-Raw.equal_spec [lemma, in MSetIntervals]
-Raw.equal_elementsZ [lemma, in MSetIntervals]
-Raw.equal_alt_def [lemma, in MSetIntervals]
-Raw.Exists [definition, in MSetIntervals]
-Raw.exists_spec [lemma, in MSetIntervals]
-Raw.filter_spec [lemma, in MSetIntervals]
-Raw.filter_ok [instance, in MSetIntervals]
-Raw.fold_spec [lemma, in MSetIntervals]
-Raw.ForNotations [section, in MSetIntervals]
-Raw.for_all_spec [lemma, in MSetIntervals]
-Raw.For_all [definition, in MSetIntervals]
-Raw.In [definition, in MSetIntervals]
-Raw.inf [definition, in MSetIntervals]
-Raw.inf_removeZ_aux_insert_guarded [lemma, in MSetIntervals]
-Raw.inf_impl [lemma, in MSetIntervals]
-Raw.inter_spec [lemma, in MSetIntervals]
-Raw.inter_ok [instance, in MSetIntervals]
-Raw.InZ [definition, in MSetIntervals]
-Raw.In_InZ [lemma, in MSetIntervals]
-Raw.In_alt_def [lemma, in MSetIntervals]
-Raw.In_elementsZ_single_hd [lemma, in MSetIntervals]
-Raw.In_elementsZ_single1 [lemma, in MSetIntervals]
-Raw.In_elementsZ_single [lemma, in MSetIntervals]
-Raw.IsOk [definition, in MSetIntervals]
-Raw.isok [definition, in MSetIntervals]
-Raw.isok_removeZ_aux_insert_guarded [lemma, in MSetIntervals]
-Raw.isok_inf_nin [lemma, in MSetIntervals]
-Raw.isok_cons [lemma, in MSetIntervals]
-Raw.IsOk_Ok [instance, in MSetIntervals]
-Raw.is_empty_spec [lemma, in MSetIntervals]
-Raw.is_encoded_elems_list_rev [lemma, in MSetIntervals]
-Raw.is_encoded_elems_list_app [lemma, in MSetIntervals]
-Raw.is_encoded_elems_list [definition, in MSetIntervals]
-Raw.length_elementsZ_single [lemma, in MSetIntervals]
-Raw.memZ_spec [lemma, in MSetIntervals]
-Raw.mem_spec [lemma, in MSetIntervals]
-Raw.Nin_elements_greater [lemma, in MSetIntervals]
-Raw.NoDupA_elementsZ_single [lemma, in MSetIntervals]
-Raw.ok [projection, in MSetIntervals]
-Raw.Ok [record, in MSetIntervals]
-Raw.ok [constructor, in MSetIntervals]
-Raw.Ok [inductive, in MSetIntervals]
-Raw.Ok_cons [lemma, in MSetIntervals]
-Raw.Ok_nil [lemma, in MSetIntervals]
-Raw.partition_spec2 [lemma, in MSetIntervals]
-Raw.partition_spec1 [lemma, in MSetIntervals]
-Raw.partition_ok2 [instance, in MSetIntervals]
-Raw.partition_ok1 [instance, in MSetIntervals]
-Raw.removeZ_spec [lemma, in MSetIntervals]
-Raw.removeZ_isok [lemma, in MSetIntervals]
-Raw.removeZ_counter_pos_aux [lemma, in MSetIntervals]
-Raw.removeZ_alt_def [lemma, in MSetIntervals]
-Raw.removeZ_aux_alt_def [lemma, in MSetIntervals]
-Raw.remove_list_spec [lemma, in MSetIntervals]
-Raw.remove_list_ok [lemma, in MSetIntervals]
-Raw.remove_spec [lemma, in MSetIntervals]
-Raw.remove_ok [instance, in MSetIntervals]
-Raw.singleton_spec [lemma, in MSetIntervals]
-Raw.singleton_ok [instance, in MSetIntervals]
-Raw.Subset [definition, in MSetIntervals]
-Raw.subset_spec [lemma, in MSetIntervals]
-Raw.union_spec [lemma, in MSetIntervals]
-Raw.union_ok [instance, in MSetIntervals]
-RemoveDupsFromSorted [module, in MSetListWithDups]
-RemoveDupsFromSorted.eqb_eq_alt [lemma, in MSetListWithDups]
-RemoveDupsFromSorted.MX [module, in MSetListWithDups]
-RemoveDupsFromSorted.remove_dups_by_sortingA_spec [lemma, in MSetListWithDups]
-RemoveDupsFromSorted.remove_dups_by_sortingA [definition, in MSetListWithDups]
-RemoveDupsFromSorted.remove_dups_from_sortedA_spec [lemma, in MSetListWithDups]
-RemoveDupsFromSorted.remove_dups_from_sortedA_hd [lemma, in MSetListWithDups]
-RemoveDupsFromSorted.remove_dups_from_sortedA_alt [lemma, in MSetListWithDups]
-RemoveDupsFromSorted.remove_dups_from_sortedA_aux_alt [lemma, in MSetListWithDups]
-RemoveDupsFromSorted.remove_dups_from_sortedA [definition, in MSetListWithDups]
-RemoveDupsFromSorted.remove_dups_from_sortedA_aux [definition, in MSetListWithDups]
-RemoveDupsFromSorted.XSort [module, in MSetListWithDups]
-RemoveDupsFromSorted.XTotalLeBool [module, in MSetListWithDups]
-RemoveDupsFromSorted.XTotalLeBool.le [definition, in MSetListWithDups]
-RemoveDupsFromSorted.XTotalLeBool.leb [definition, in MSetListWithDups]
-RemoveDupsFromSorted.XTotalLeBool.leb_total [lemma, in MSetListWithDups]
-RemoveDupsFromSorted.XTotalLeBool.t [definition, in MSetListWithDups]
-_ <=? _ [notation, in MSetListWithDups]
-rev_map_alt_def [lemma, in MSetIntervals]
-rev_map_aux_alt_def [lemma, in MSetIntervals]
-rev_map [definition, in MSetIntervals]
-rev_map_aux [definition, in MSetIntervals]
-

S

-SetsWithFoldA [module, in MSetFoldWithAbort]
-SetsWithFoldA.E [module, in MSetFoldWithAbort]
-

W

-WSetsOnWithDups [module, in MSetWithDups]
-WSetsOnWithDupsExtra [module, in MSetWithDups]
-WSetsOnWithDupsExtra.cardinal_spec [axiom, in MSetWithDups]
-WSetsOnWithDupsExtra.elements_dist_spec2w [axiom, in MSetWithDups]
-WSetsOnWithDupsExtra.elements_dist_spec1 [axiom, in MSetWithDups]
-WSetsOnWithDupsExtra.elements_dist [axiom, in MSetWithDups]
-WSetsOnWithDups.add_spec [axiom, in MSetWithDups]
-WSetsOnWithDups.choose_spec2 [axiom, in MSetWithDups]
-WSetsOnWithDups.choose_spec1 [axiom, in MSetWithDups]
-WSetsOnWithDups.compatb [abbreviation, in MSetWithDups]
-WSetsOnWithDups.diff_spec [axiom, in MSetWithDups]
-WSetsOnWithDups.elements_spec1 [axiom, in MSetWithDups]
-WSetsOnWithDups.Empty [definition, in MSetWithDups]
-WSetsOnWithDups.empty_spec [axiom, in MSetWithDups]
-WSetsOnWithDups.eq [definition, in MSetWithDups]
-WSetsOnWithDups.Equal [definition, in MSetWithDups]
-WSetsOnWithDups.equal_spec [axiom, in MSetWithDups]
-WSetsOnWithDups.Exists [definition, in MSetWithDups]
-WSetsOnWithDups.exists_spec [axiom, in MSetWithDups]
-WSetsOnWithDups.filter_spec [axiom, in MSetWithDups]
-WSetsOnWithDups.fold_spec [axiom, in MSetWithDups]
-WSetsOnWithDups.for_all_spec [axiom, in MSetWithDups]
-WSetsOnWithDups.For_all [definition, in MSetWithDups]
-WSetsOnWithDups.In [axiom, in MSetWithDups]
-WSetsOnWithDups.inter_spec [axiom, in MSetWithDups]
-WSetsOnWithDups.In_compat [instance, in MSetWithDups]
-WSetsOnWithDups.is_empty_spec [axiom, in MSetWithDups]
-WSetsOnWithDups.mem_spec [axiom, in MSetWithDups]
-WSetsOnWithDups.partition_spec2 [axiom, in MSetWithDups]
-WSetsOnWithDups.partition_spec1 [axiom, in MSetWithDups]
-WSetsOnWithDups.remove_spec [axiom, in MSetWithDups]
-WSetsOnWithDups.singleton_spec [axiom, in MSetWithDups]
-WSetsOnWithDups.Spec [section, in MSetWithDups]
-WSetsOnWithDups.Spec.f [variable, in MSetWithDups]
-WSetsOnWithDups.Spec.s [variable, in MSetWithDups]
-WSetsOnWithDups.Spec.s' [variable, in MSetWithDups]
-WSetsOnWithDups.Spec.x [variable, in MSetWithDups]
-WSetsOnWithDups.Spec.y [variable, in MSetWithDups]
-WSetsOnWithDups.Subset [definition, in MSetWithDups]
-WSetsOnWithDups.subset_spec [axiom, in MSetWithDups]
-WSetsOnWithDups.union_spec [axiom, in MSetWithDups]
-_ [<=] _ [notation, in MSetWithDups]
-_ [=] _ [notation, in MSetWithDups]
-WSetsOn_TO_WSetsOnWithDupsExtra.elements_dist_spec2w [lemma, in MSetWithDups]
-WSetsOn_TO_WSetsOnWithDupsExtra.elements_dist_spec1 [lemma, in MSetWithDups]
-WSetsOn_TO_WSetsOnWithDupsExtra.elements_dist [definition, in MSetWithDups]
-WSetsOn_TO_WSetsOnWithDupsExtra [module, in MSetWithDups]
-WSetsWithDupsFoldA [module, in MSetFoldWithAbort]
-WSetsWithDupsFoldA.E [module, in MSetFoldWithAbort]
-WSetsWithFoldA [module, in MSetFoldWithAbort]
-WSetsWithFoldA.E [module, in MSetFoldWithAbort]
-

Z

-Z_le_add_r [lemma, in MSetIntervals]
-

-

Notation Index

-

M

-_ [<=] _ [in MSetListWithDups]
-_ [=] _ [in MSetListWithDups]
-

R

-_ <=? _ [in MSetListWithDups]
-

W

-_ [<=] _ [in MSetWithDups]
-_ [=] _ [in MSetWithDups]
-

-

Module Index

-

E

-ElementEncode [in MSetIntervals]
-ElementEncodeN [in MSetIntervals]
-ElementEncodeNat [in MSetIntervals]
-ElementEncodeNat.E [in MSetIntervals]
-ElementEncodeN.E [in MSetIntervals]
-ElementEncodeZ [in MSetIntervals]
-ElementEncodeZ.E [in MSetIntervals]
-ElementEncode.E [in MSetIntervals]
-

H

-HasFoldWithAbort [in MSetFoldWithAbort]
-HasFoldWithAbortOps [in MSetFoldWithAbort]
-

M

-Make [in MSetListWithDups]
-MakeAVLSetsWithFoldA [in MSetFoldWithAbort]
-MakeGenTreeFoldA [in MSetFoldWithAbort]
-MakeListSetsWithFoldA [in MSetFoldWithAbort]
-MakeRBTSetsWithFoldA [in MSetFoldWithAbort]
-MakeWeakListSetsWithFoldA [in MSetFoldWithAbort]
-MakeWeakListSetsWithFoldA.E [in MSetFoldWithAbort]
-MakeWeakListSetsWithFoldA.Raw [in MSetFoldWithAbort]
-MSetIntervals [in MSetIntervals]
-MSetIntervalsN [in MSetIntervals]
-MSetIntervalsNat [in MSetIntervals]
-MSetIntervalsZ [in MSetIntervals]
-MSetIntervals.E [in MSetIntervals]
-MSetIntervals.Raw [in MSetIntervals]
-

N

-NOP [in MSetIntervals]
-

O

-Ops [in MSetIntervals]
-Ops [in MSetListWithDups]
-Ops.MX [in MSetListWithDups]
-Ops.RDFS [in MSetListWithDups]
-

R

-Raw [in MSetIntervals]
-RemoveDupsFromSorted [in MSetListWithDups]
-RemoveDupsFromSorted.MX [in MSetListWithDups]
-RemoveDupsFromSorted.XSort [in MSetListWithDups]
-RemoveDupsFromSorted.XTotalLeBool [in MSetListWithDups]
-

S

-SetsWithFoldA [in MSetFoldWithAbort]
-SetsWithFoldA.E [in MSetFoldWithAbort]
-

W

-WSetsOnWithDups [in MSetWithDups]
-WSetsOnWithDupsExtra [in MSetWithDups]
-WSetsOn_TO_WSetsOnWithDupsExtra [in MSetWithDups]
-WSetsWithDupsFoldA [in MSetFoldWithAbort]
-WSetsWithDupsFoldA.E [in MSetFoldWithAbort]
-WSetsWithFoldA [in MSetFoldWithAbort]
-WSetsWithFoldA.E [in MSetFoldWithAbort]
-

-

Variable Index

-

M

-MSetIntervals.Spec.f [in MSetIntervals]
-MSetIntervals.Spec.s [in MSetIntervals]
-MSetIntervals.Spec.s' [in MSetIntervals]
-MSetIntervals.Spec.x [in MSetIntervals]
-MSetIntervals.Spec.y [in MSetIntervals]
-

W

-WSetsOnWithDups.Spec.f [in MSetWithDups]
-WSetsOnWithDups.Spec.s [in MSetWithDups]
-WSetsOnWithDups.Spec.s' [in MSetWithDups]
-WSetsOnWithDups.Spec.x [in MSetWithDups]
-WSetsOnWithDups.Spec.y [in MSetWithDups]
-

-

Library Index

-

M

-MSetFoldWithAbort
-MSetIntervals
-MSetListWithDups
-MSetWithDups
-

-

Lemma Index

-

A

-add_add_sub_eq [in MSetIntervals]
-

E

-ElementEncodeNat.decode_encode_ok [in MSetIntervals]
-ElementEncodeNat.encode_eq [in MSetIntervals]
-ElementEncodeN.decode_encode_ok [in MSetIntervals]
-ElementEncodeN.encode_eq [in MSetIntervals]
-ElementEncodeZ.decode_encode_ok [in MSetIntervals]
-ElementEncodeZ.encode_eq [in MSetIntervals]
-

H

-HasFoldWithAbortOps.choose_with_abort_spec [in MSetFoldWithAbort]
-HasFoldWithAbortOps.exists_with_abort_spec [in MSetFoldWithAbort]
-HasFoldWithAbortOps.filter_with_abort_spec [in MSetFoldWithAbort]
-HasFoldWithAbortOps.foldWithAbortGtLtSpec [in MSetFoldWithAbort]
-HasFoldWithAbortOps.foldWithAbortGtLtSpec_Equal [in MSetFoldWithAbort]
-HasFoldWithAbortOps.foldWithAbortGtSpec [in MSetFoldWithAbort]
-HasFoldWithAbortOps.foldWithAbortGtSpec_Equal [in MSetFoldWithAbort]
-HasFoldWithAbortOps.foldWithAbortPrecomputeSpec_Equal [in MSetFoldWithAbort]
-HasFoldWithAbortOps.foldWithAbortSpec [in MSetFoldWithAbort]
-HasFoldWithAbortOps.foldWithAbortSpec_Equal [in MSetFoldWithAbort]
-HasFoldWithAbortOps.forall_with_abort_spec [in MSetFoldWithAbort]
-

M

-MakeAVLSetsWithFoldA.foldWithAbortPrecomputeSpec [in MSetFoldWithAbort]
-MakeGenTreeFoldA.foldWithAbort_RawSpec [in MSetFoldWithAbort]
-MakeListSetsWithFoldA.foldWithAbortPrecomputeSpec [in MSetFoldWithAbort]
-MakeRBTSetsWithFoldA.foldWithAbortPrecomputeSpec [in MSetFoldWithAbort]
-MakeWeakListSetsWithFoldA.foldWithAbortPrecomputeSpec [in MSetFoldWithAbort]
-Make.add_spec [in MSetListWithDups]
-Make.cardinal_spec [in MSetListWithDups]
-Make.choose_spec2 [in MSetListWithDups]
-Make.choose_spec1 [in MSetListWithDups]
-Make.diff_spec [in MSetListWithDups]
-Make.elements_dist_spec2w [in MSetListWithDups]
-Make.elements_dist_spec1 [in MSetListWithDups]
-Make.elements_dist_spec_full [in MSetListWithDups]
-Make.elements_spec1 [in MSetListWithDups]
-Make.empty_spec [in MSetListWithDups]
-Make.equal_spec [in MSetListWithDups]
-Make.eq_dec [in MSetListWithDups]
-Make.eq_equiv [in MSetListWithDups]
-Make.exists_spec [in MSetListWithDups]
-Make.filter_spec [in MSetListWithDups]
-Make.fold_spec [in MSetListWithDups]
-Make.for_all_spec [in MSetListWithDups]
-Make.inter_spec [in MSetListWithDups]
-Make.is_empty_spec [in MSetListWithDups]
-Make.mem_spec [in MSetListWithDups]
-Make.partition_spec2 [in MSetListWithDups]
-Make.partition_spec1 [in MSetListWithDups]
-Make.partition_aux_spec [in MSetListWithDups]
-Make.remove_spec [in MSetListWithDups]
-Make.rev_filter_aux_spec [in MSetListWithDups]
-Make.singleton_spec [in MSetListWithDups]
-Make.subset_spec [in MSetListWithDups]
-Make.union_spec [in MSetListWithDups]
-MSetIntervals.add_spec [in MSetIntervals]
-MSetIntervals.cardinal_spec [in MSetIntervals]
-MSetIntervals.choose_spec2 [in MSetIntervals]
-MSetIntervals.choose_spec1 [in MSetIntervals]
-MSetIntervals.diff_spec [in MSetIntervals]
-MSetIntervals.elements_spec2w [in MSetIntervals]
-MSetIntervals.elements_spec1 [in MSetIntervals]
-MSetIntervals.empty_spec [in MSetIntervals]
-MSetIntervals.equal_spec [in MSetIntervals]
-MSetIntervals.exists_spec [in MSetIntervals]
-MSetIntervals.filter_spec [in MSetIntervals]
-MSetIntervals.fold_spec [in MSetIntervals]
-MSetIntervals.for_all_spec [in MSetIntervals]
-MSetIntervals.inter_spec [in MSetIntervals]
-MSetIntervals.is_empty_spec [in MSetIntervals]
-MSetIntervals.mem_spec [in MSetIntervals]
-MSetIntervals.partition_spec2 [in MSetIntervals]
-MSetIntervals.partition_spec1 [in MSetIntervals]
-MSetIntervals.remove_spec [in MSetIntervals]
-MSetIntervals.singleton_spec [in MSetIntervals]
-MSetIntervals.subset_spec [in MSetIntervals]
-MSetIntervals.union_spec [in MSetIntervals]
-

N

-NoDupA_map [in MSetIntervals]
-

O

-Ops.acc_pred [in MSetIntervals]
-Ops.singleton_alt_def [in MSetIntervals]
-

R

-Raw.addZ_isok [in MSetIntervals]
-Raw.addZ_spec [in MSetIntervals]
-Raw.addZ_alt_def [in MSetIntervals]
-Raw.addZ_aux_alt_def [in MSetIntervals]
-Raw.addZ_ind [in MSetIntervals]
-Raw.add_list_spec [in MSetIntervals]
-Raw.add_list_ok [in MSetIntervals]
-Raw.add_spec [in MSetIntervals]
-Raw.cardinalN_spec [in MSetIntervals]
-Raw.cardinal_spec [in MSetIntervals]
-Raw.chooseZ_spec3 [in MSetIntervals]
-Raw.chooseZ_InZ [in MSetIntervals]
-Raw.chooseZ_min [in MSetIntervals]
-Raw.choose_alt_def [in MSetIntervals]
-Raw.diff_spec [in MSetIntervals]
-Raw.elementsZ_single_equiv [in MSetIntervals]
-Raw.elementsZ_cons_equiv_hd [in MSetIntervals]
-Raw.elementsZ_cons_le_end [in MSetIntervals]
-Raw.elementsZ_cons_le_start [in MSetIntervals]
-Raw.elementsZ_spec2w [in MSetIntervals]
-Raw.elementsZ_removeZ_aux_insert_guarded [in MSetIntervals]
-Raw.elementsZ_cons [in MSetIntervals]
-Raw.elementsZ_aux_alt_def [in MSetIntervals]
-Raw.elementsZ_single_intro [in MSetIntervals]
-Raw.elementsZ_aux'_succ [in MSetIntervals]
-Raw.elementsZ_aux'_zero [in MSetIntervals]
-Raw.elementsZ_aux'_pos [in MSetIntervals]
-Raw.elementsZ_aux''_irrel [in MSetIntervals]
-Raw.elementsZ_single_succ_front [in MSetIntervals]
-Raw.elementsZ_single_add [in MSetIntervals]
-Raw.elementsZ_single_succ [in MSetIntervals]
-Raw.elementsZ_single_base [in MSetIntervals]
-Raw.elementsZ_nil [in MSetIntervals]
-Raw.elements_spec2w [in MSetIntervals]
-Raw.elements_spec1 [in MSetIntervals]
-Raw.elements_cons [in MSetIntervals]
-Raw.elements_nil [in MSetIntervals]
-Raw.empty_spec [in MSetIntervals]
-Raw.empty_spec' [in MSetIntervals]
-Raw.equal_spec [in MSetIntervals]
-Raw.equal_elementsZ [in MSetIntervals]
-Raw.equal_alt_def [in MSetIntervals]
-Raw.exists_spec [in MSetIntervals]
-Raw.filter_spec [in MSetIntervals]
-Raw.fold_spec [in MSetIntervals]
-Raw.for_all_spec [in MSetIntervals]
-Raw.inf_removeZ_aux_insert_guarded [in MSetIntervals]
-Raw.inf_impl [in MSetIntervals]
-Raw.inter_spec [in MSetIntervals]
-Raw.In_InZ [in MSetIntervals]
-Raw.In_alt_def [in MSetIntervals]
-Raw.In_elementsZ_single_hd [in MSetIntervals]
-Raw.In_elementsZ_single1 [in MSetIntervals]
-Raw.In_elementsZ_single [in MSetIntervals]
-Raw.isok_removeZ_aux_insert_guarded [in MSetIntervals]
-Raw.isok_inf_nin [in MSetIntervals]
-Raw.isok_cons [in MSetIntervals]
-Raw.is_empty_spec [in MSetIntervals]
-Raw.is_encoded_elems_list_rev [in MSetIntervals]
-Raw.is_encoded_elems_list_app [in MSetIntervals]
-Raw.length_elementsZ_single [in MSetIntervals]
-Raw.memZ_spec [in MSetIntervals]
-Raw.mem_spec [in MSetIntervals]
-Raw.Nin_elements_greater [in MSetIntervals]
-Raw.NoDupA_elementsZ_single [in MSetIntervals]
-Raw.Ok_cons [in MSetIntervals]
-Raw.Ok_nil [in MSetIntervals]
-Raw.partition_spec2 [in MSetIntervals]
-Raw.partition_spec1 [in MSetIntervals]
-Raw.removeZ_spec [in MSetIntervals]
-Raw.removeZ_isok [in MSetIntervals]
-Raw.removeZ_counter_pos_aux [in MSetIntervals]
-Raw.removeZ_alt_def [in MSetIntervals]
-Raw.removeZ_aux_alt_def [in MSetIntervals]
-Raw.remove_list_spec [in MSetIntervals]
-Raw.remove_list_ok [in MSetIntervals]
-Raw.remove_spec [in MSetIntervals]
-Raw.singleton_spec [in MSetIntervals]
-Raw.subset_spec [in MSetIntervals]
-Raw.union_spec [in MSetIntervals]
-RemoveDupsFromSorted.eqb_eq_alt [in MSetListWithDups]
-RemoveDupsFromSorted.remove_dups_by_sortingA_spec [in MSetListWithDups]
-RemoveDupsFromSorted.remove_dups_from_sortedA_spec [in MSetListWithDups]
-RemoveDupsFromSorted.remove_dups_from_sortedA_hd [in MSetListWithDups]
-RemoveDupsFromSorted.remove_dups_from_sortedA_alt [in MSetListWithDups]
-RemoveDupsFromSorted.remove_dups_from_sortedA_aux_alt [in MSetListWithDups]
-RemoveDupsFromSorted.XTotalLeBool.leb_total [in MSetListWithDups]
-rev_map_alt_def [in MSetIntervals]
-rev_map_aux_alt_def [in MSetIntervals]
-

W

-WSetsOn_TO_WSetsOnWithDupsExtra.elements_dist_spec2w [in MSetWithDups]
-WSetsOn_TO_WSetsOnWithDupsExtra.elements_dist_spec1 [in MSetWithDups]
-

Z

-Z_le_add_r [in MSetIntervals]
-

-

Axiom Index

-

E

-ElementEncode.decode [in MSetIntervals]
-ElementEncode.decode_encode_ok [in MSetIntervals]
-ElementEncode.encode [in MSetIntervals]
-ElementEncode.encode_eq [in MSetIntervals]
-

H

-HasFoldWithAbort.foldWithAbortPrecompute [in MSetFoldWithAbort]
-HasFoldWithAbort.foldWithAbortPrecomputeSpec [in MSetFoldWithAbort]
-

W

-WSetsOnWithDupsExtra.cardinal_spec [in MSetWithDups]
-WSetsOnWithDupsExtra.elements_dist_spec2w [in MSetWithDups]
-WSetsOnWithDupsExtra.elements_dist_spec1 [in MSetWithDups]
-WSetsOnWithDupsExtra.elements_dist [in MSetWithDups]
-WSetsOnWithDups.add_spec [in MSetWithDups]
-WSetsOnWithDups.choose_spec2 [in MSetWithDups]
-WSetsOnWithDups.choose_spec1 [in MSetWithDups]
-WSetsOnWithDups.diff_spec [in MSetWithDups]
-WSetsOnWithDups.elements_spec1 [in MSetWithDups]
-WSetsOnWithDups.empty_spec [in MSetWithDups]
-WSetsOnWithDups.equal_spec [in MSetWithDups]
-WSetsOnWithDups.exists_spec [in MSetWithDups]
-WSetsOnWithDups.filter_spec [in MSetWithDups]
-WSetsOnWithDups.fold_spec [in MSetWithDups]
-WSetsOnWithDups.for_all_spec [in MSetWithDups]
-WSetsOnWithDups.In [in MSetWithDups]
-WSetsOnWithDups.inter_spec [in MSetWithDups]
-WSetsOnWithDups.is_empty_spec [in MSetWithDups]
-WSetsOnWithDups.mem_spec [in MSetWithDups]
-WSetsOnWithDups.partition_spec2 [in MSetWithDups]
-WSetsOnWithDups.partition_spec1 [in MSetWithDups]
-WSetsOnWithDups.remove_spec [in MSetWithDups]
-WSetsOnWithDups.singleton_spec [in MSetWithDups]
-WSetsOnWithDups.subset_spec [in MSetWithDups]
-WSetsOnWithDups.union_spec [in MSetWithDups]
-

-

Constructor Index

-

M

-MSetIntervals.Mkt [in MSetIntervals]
-

R

-Raw.ok [in MSetIntervals]
-

-

Projection Index

-

H

-HasFoldWithAbortOps.fwasa_P' [in MSetFoldWithAbort]
-HasFoldWithAbortOps.fwasa_f_gt [in MSetFoldWithAbort]
-HasFoldWithAbortOps.fwasa_f_lt [in MSetFoldWithAbort]
-HasFoldWithAbortOps.fwasa_f_pre [in MSetFoldWithAbort]
-

M

-MSetIntervals.is_ok [in MSetIntervals]
-MSetIntervals.this [in MSetIntervals]
-

R

-Raw.ok [in MSetIntervals]
-

-

Inductive Index

-

R

-Raw.Ok [in MSetIntervals]
-

-

Section Index

-

M

-MSetIntervals.Spec [in MSetIntervals]
-

R

-Raw.ForNotations [in MSetIntervals]
-

W

-WSetsOnWithDups.Spec [in MSetWithDups]
-

-

Instance Index

-

M

-Make.In_compat [in MSetListWithDups]
-MSetIntervals.eq_equiv [in MSetIntervals]
-MSetIntervals.In_compat [in MSetIntervals]
-

R

-Raw.add_ok [in MSetIntervals]
-Raw.diff_ok [in MSetIntervals]
-Raw.empty_ok [in MSetIntervals]
-Raw.filter_ok [in MSetIntervals]
-Raw.inter_ok [in MSetIntervals]
-Raw.IsOk_Ok [in MSetIntervals]
-Raw.partition_ok2 [in MSetIntervals]
-Raw.partition_ok1 [in MSetIntervals]
-Raw.remove_ok [in MSetIntervals]
-Raw.singleton_ok [in MSetIntervals]
-Raw.union_ok [in MSetIntervals]
-

W

-WSetsOnWithDups.In_compat [in MSetWithDups]
-

-

Abbreviation Index

-

M

-Make.compatb [in MSetListWithDups]
-MSetIntervals.compatb [in MSetIntervals]
-

W

-WSetsOnWithDups.compatb [in MSetWithDups]
-

-

Definition Index

-

E

-ElementEncodeNat.decode [in MSetIntervals]
-ElementEncodeNat.encode [in MSetIntervals]
-ElementEncodeN.decode [in MSetIntervals]
-ElementEncodeN.encode [in MSetIntervals]
-ElementEncodeZ.decode [in MSetIntervals]
-ElementEncodeZ.encode [in MSetIntervals]
-

F

-foldWithAbortGtLtSpecPred [in MSetFoldWithAbort]
-foldWithAbortGtLtType [in MSetFoldWithAbort]
-foldWithAbortGtSpecPred [in MSetFoldWithAbort]
-foldWithAbortGtType [in MSetFoldWithAbort]
-foldWithAbortPrecomputeSpecPred [in MSetFoldWithAbort]
-foldWithAbortPrecomputeType [in MSetFoldWithAbort]
-foldWithAbortSpecPred [in MSetFoldWithAbort]
-foldWithAbortType [in MSetFoldWithAbort]
-

H

-HasFoldWithAbortOps.choose_with_abort [in MSetFoldWithAbort]
-HasFoldWithAbortOps.exists_with_abort [in MSetFoldWithAbort]
-HasFoldWithAbortOps.filter_with_abort [in MSetFoldWithAbort]
-HasFoldWithAbortOps.foldWithAbort [in MSetFoldWithAbort]
-HasFoldWithAbortOps.foldWithAbortGt [in MSetFoldWithAbort]
-HasFoldWithAbortOps.foldWithAbortGtLt [in MSetFoldWithAbort]
-HasFoldWithAbortOps.foldWithAbortSpecArgsForPred [in MSetFoldWithAbort]
-HasFoldWithAbortOps.forall_with_abort [in MSetFoldWithAbort]
-

M

-MakeAVLSetsWithFoldA.foldWithAbortPrecompute [in MSetFoldWithAbort]
-MakeGenTreeFoldA.foldWithAbort_Raw [in MSetFoldWithAbort]
-MakeListSetsWithFoldA.foldWithAbortPrecompute [in MSetFoldWithAbort]
-MakeListSetsWithFoldA.foldWithAbortRaw [in MSetFoldWithAbort]
-MakeRBTSetsWithFoldA.foldWithAbortPrecompute [in MSetFoldWithAbort]
-MakeWeakListSetsWithFoldA.foldWithAbortPrecompute [in MSetFoldWithAbort]
-MakeWeakListSetsWithFoldA.foldWithAbortRaw [in MSetFoldWithAbort]
-Make.Empty [in MSetListWithDups]
-Make.eq [in MSetListWithDups]
-Make.Equal [in MSetListWithDups]
-Make.Exists [in MSetListWithDups]
-Make.For_all [in MSetListWithDups]
-Make.In [in MSetListWithDups]
-Make.Subset [in MSetListWithDups]
-MSetIntervals.add [in MSetIntervals]
-MSetIntervals.cardinal [in MSetIntervals]
-MSetIntervals.choose [in MSetIntervals]
-MSetIntervals.diff [in MSetIntervals]
-MSetIntervals.elements [in MSetIntervals]
-MSetIntervals.elt [in MSetIntervals]
-MSetIntervals.empty [in MSetIntervals]
-MSetIntervals.Empty [in MSetIntervals]
-MSetIntervals.eq [in MSetIntervals]
-MSetIntervals.equal [in MSetIntervals]
-MSetIntervals.Equal [in MSetIntervals]
-MSetIntervals.eq_dec [in MSetIntervals]
-MSetIntervals.Exists [in MSetIntervals]
-MSetIntervals.exists_ [in MSetIntervals]
-MSetIntervals.filter [in MSetIntervals]
-MSetIntervals.fold [in MSetIntervals]
-MSetIntervals.for_all [in MSetIntervals]
-MSetIntervals.For_all [in MSetIntervals]
-MSetIntervals.In [in MSetIntervals]
-MSetIntervals.inter [in MSetIntervals]
-MSetIntervals.is_empty [in MSetIntervals]
-MSetIntervals.mem [in MSetIntervals]
-MSetIntervals.partition [in MSetIntervals]
-MSetIntervals.remove [in MSetIntervals]
-MSetIntervals.singleton [in MSetIntervals]
-MSetIntervals.subset [in MSetIntervals]
-MSetIntervals.Subset [in MSetIntervals]
-MSetIntervals.t [in MSetIntervals]
-MSetIntervals.union [in MSetIntervals]
-

O

-Ops.add [in MSetIntervals]
-Ops.add [in MSetListWithDups]
-Ops.addZ [in MSetIntervals]
-Ops.addZ_aux [in MSetIntervals]
-Ops.add_list [in MSetIntervals]
-Ops.cardinal [in MSetIntervals]
-Ops.cardinal [in MSetListWithDups]
-Ops.cardinalN [in MSetIntervals]
-Ops.choose [in MSetIntervals]
-Ops.choose [in MSetListWithDups]
-Ops.chooseZ [in MSetIntervals]
-Ops.diff [in MSetIntervals]
-Ops.diff [in MSetListWithDups]
-Ops.elements [in MSetIntervals]
-Ops.elements [in MSetListWithDups]
-Ops.elementsZ [in MSetIntervals]
-Ops.elementsZ_aux [in MSetIntervals]
-Ops.elementsZ_aux' [in MSetIntervals]
-Ops.elementsZ_aux'' [in MSetIntervals]
-Ops.elements_dist [in MSetListWithDups]
-Ops.elt [in MSetIntervals]
-Ops.elt [in MSetListWithDups]
-Ops.empty [in MSetIntervals]
-Ops.empty [in MSetListWithDups]
-Ops.equal [in MSetIntervals]
-Ops.equal [in MSetListWithDups]
-Ops.exists_ [in MSetIntervals]
-Ops.exists_ [in MSetListWithDups]
-Ops.filter [in MSetIntervals]
-Ops.filter [in MSetListWithDups]
-Ops.fold [in MSetIntervals]
-Ops.fold [in MSetListWithDups]
-Ops.for_all [in MSetIntervals]
-Ops.for_all [in MSetListWithDups]
-Ops.from_elements [in MSetIntervals]
-Ops.inter [in MSetIntervals]
-Ops.inter [in MSetListWithDups]
-Ops.is_empty [in MSetIntervals]
-Ops.is_empty [in MSetListWithDups]
-Ops.mem [in MSetIntervals]
-Ops.mem [in MSetListWithDups]
-Ops.memZ [in MSetIntervals]
-Ops.partition [in MSetIntervals]
-Ops.partition [in MSetListWithDups]
-Ops.partition_aux [in MSetListWithDups]
-Ops.remove [in MSetIntervals]
-Ops.remove [in MSetListWithDups]
-Ops.removeZ [in MSetIntervals]
-Ops.removeZ_aux [in MSetIntervals]
-Ops.removeZ_aux_insert_guarded [in MSetIntervals]
-Ops.remove_list [in MSetIntervals]
-Ops.rev_filter [in MSetListWithDups]
-Ops.rev_filter_aux [in MSetListWithDups]
-Ops.singleton [in MSetIntervals]
-Ops.singleton [in MSetListWithDups]
-Ops.subset [in MSetIntervals]
-Ops.subset [in MSetListWithDups]
-Ops.t [in MSetIntervals]
-Ops.t [in MSetListWithDups]
-Ops.union [in MSetIntervals]
-Ops.union [in MSetListWithDups]
-

R

-Raw.choose_spec2 [in MSetIntervals]
-Raw.choose_spec1 [in MSetIntervals]
-Raw.elementsZ_single [in MSetIntervals]
-Raw.elements_single [in MSetIntervals]
-Raw.Empty [in MSetIntervals]
-Raw.Equal [in MSetIntervals]
-Raw.Exists [in MSetIntervals]
-Raw.For_all [in MSetIntervals]
-Raw.In [in MSetIntervals]
-Raw.inf [in MSetIntervals]
-Raw.InZ [in MSetIntervals]
-Raw.IsOk [in MSetIntervals]
-Raw.isok [in MSetIntervals]
-Raw.is_encoded_elems_list [in MSetIntervals]
-Raw.Subset [in MSetIntervals]
-RemoveDupsFromSorted.remove_dups_by_sortingA [in MSetListWithDups]
-RemoveDupsFromSorted.remove_dups_from_sortedA [in MSetListWithDups]
-RemoveDupsFromSorted.remove_dups_from_sortedA_aux [in MSetListWithDups]
-RemoveDupsFromSorted.XTotalLeBool.le [in MSetListWithDups]
-RemoveDupsFromSorted.XTotalLeBool.leb [in MSetListWithDups]
-RemoveDupsFromSorted.XTotalLeBool.t [in MSetListWithDups]
-rev_map [in MSetIntervals]
-rev_map_aux [in MSetIntervals]
-

W

-WSetsOnWithDups.Empty [in MSetWithDups]
-WSetsOnWithDups.eq [in MSetWithDups]
-WSetsOnWithDups.Equal [in MSetWithDups]
-WSetsOnWithDups.Exists [in MSetWithDups]
-WSetsOnWithDups.For_all [in MSetWithDups]
-WSetsOnWithDups.Subset [in MSetWithDups]
-WSetsOn_TO_WSetsOnWithDupsExtra.elements_dist [in MSetWithDups]
-

-

Record Index

-

H

-HasFoldWithAbortOps.FoldWithAbortSpecArg [in MSetFoldWithAbort]
-

M

-MSetIntervals.t_ [in MSetIntervals]
-

R

-Raw.Ok [in MSetIntervals]
-

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Global IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(451 entries)
Notation IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(5 entries)
Module IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(43 entries)
Variable IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(10 entries)
Library IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(4 entries)
Lemma IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(168 entries)
Axiom IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(31 entries)
Constructor IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(2 entries)
Projection IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(7 entries)
Inductive IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(1 entry)
Section IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(3 entries)
Instance IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(15 entries)
Abbreviation IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(3 entries)
Definition IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(156 entries)
Record IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(3 entries)
-
This page has been generated by coqdoc -
- -
- - - \ No newline at end of file diff --git a/coqdoc/mset_doc.pdf b/coqdoc/mset_doc.pdf deleted file mode 100644 index 86d6833..0000000 Binary files a/coqdoc/mset_doc.pdf and /dev/null differ diff --git a/coqdoc/toc.html b/coqdoc/toc.html deleted file mode 100644 index c09fdf6..0000000 --- a/coqdoc/toc.html +++ /dev/null @@ -1,256 +0,0 @@ - - - - - -Table of contents - - - - -
- - - -
- -
-

Library MSetWithDups

 - -

Library MSetFoldWithAbort

 - -

Library MSetIntervals

 - -

Library MSetListWithDups

 - -
-
This page has been generated by coqdoc -
- -
- - - \ No newline at end of file diff --git a/html/MSetsExtra.MSetFoldWithAbort.html b/html/MSetsExtra.MSetFoldWithAbort.html new file mode 100644 index 0000000..6e61211 --- /dev/null +++ b/html/MSetsExtra.MSetFoldWithAbort.html @@ -0,0 +1,2029 @@ + + + + + +MSetsExtra.MSetFoldWithAbort + + + + +
+ + + +
+ +

Library MSetsExtra.MSetFoldWithAbort

+ +
+ +
+
+ +
+

Fold with abort for sets

+ + +
+ + This file provided an efficient fold operation for set interfaces. + The standard fold iterates over all elements of the set. The + efficient one - called foldWithAbort - is allowed to skip + certain elements and thereby abort early. + +
+
+ +
+Require Export MSetInterface.
+Require Import mathcomp.ssreflect.ssreflect.
+Require Import MSetWithDups.
+Require Import Int.
+Require Import MSetGenTree MSetAVL MSetRBT.
+Require Import MSetList MSetWeakList.
+ +
+
+ +
+

Fold With Abort Operations

+ + +
+ + We want to provide an efficient folding operation. Efficieny is + gained by aborting the folding early, if we know that continuing + would not have an effect any more. Formalising this leads to the following + specification of foldWithAbort. +
+
+ +
+Definition foldWithAbortType
+    elt
+ +
+element type of set +
+
+    t
+ +
+type of set +
+
+    A
+ +
+return type
+
+ :=
+    (elt → A → A) →
+ +
+f +
+
+    (elt → A → bool) →
+ +
+f_abort +
+
+    t →
+ +
+input set +
+
+    A →
+ +
+base value +
+
+    A.
+ +
+Definition foldWithAbortSpecPred {elt t : Type}
+    (In : elt → t → Prop)
+    (fold : ∀ {A : Type}, (elt → A → A) → t → A → A)
+    (foldWithAbort : ∀ {A : Type}, foldWithAbortType elt t A) : Prop :=
+
+    âˆ€
+      (A : Type)
+      
+ +
+result type +
+
+
+      (i i' : A)
+      
+ +
+base values for foldWithAbort and fold +
+
+
+      (f : elt → A → A) (f' : elt → A → A)
+      
+ +
+fold functions for foldWithAbort and fold +
+
+
+      (f_abort : elt → A → bool)
+      
+ +
+abort function +
+
+
+      (s : t)
+ +
+sets to fold over +
+
+
+      (P : A → A → Prop)
+ +
+equivalence relation on results
+
+,
+
+    
+ +
+P is an equivalence relation +
+
+    Equivalence P →
+      
+    
+ +
+f is for the elements of s compatible with the equivalence relation P +
+
+    (∀ st st' e, In e s → P st st' → P (f e st) (f e st')) →
+
+    
+ +
+f and f' agree for the elements of s +
+
+    (∀ e st, In e s → (P (f e st) (f' e st))) →
+
+    
+ +
+f_abort is OK, i.e. all other elements can be skipped without + leaving the equivalence relation. +
+
+    (∀ e1 st,
+        In e1 s → f_abort e1 st = true →
+        (∀ st' e2, P st st' →
+                        In e2 s → e2 ≠ e1 →
+                        P st (f e2 st'))) →
+
+    
+ +
+The base values are in equivalence relation +
+
+    P i i' →
+
+    
+ +
+The results are in equivalence relation +
+
+    P (foldWithAbort f f_abort s i) (fold f' s i').
+ +
+
+ +
+The specification of folding for ordered sets (as represented by + interface Sets) demands that elements are visited in increasing + order. For ordered sets we can therefore abort folding based on + the weaker knowledge that greater elements have no effect on the + result. The following definition captures this. +
+
+ +
+Definition foldWithAbortGtType
+    elt
+ +
+element type of set +
+
+    t
+ +
+type of set +
+
+    A
+ +
+return type
+
+ :=
+    (elt → A → A) →
+ +
+f +
+
+    (elt → A → bool) →
+ +
+f_gt +
+
+    t →
+ +
+input set +
+
+    A →
+ +
+base value +
+
+    A.
+ +
+Definition foldWithAbortGtSpecPred {elt t : Type}
+    (lt : elt → elt → Prop)
+    (In : elt → t → Prop)
+    (fold : ∀ {A : Type}, (elt → A → A) → t → A → A)
+    (foldWithAbortGt : ∀ {A : Type}, foldWithAbortType elt t A) : Prop :=
+
+    âˆ€
+      (A : Type)
+      
+ +
+result type +
+
+
+      (i i' : A)
+      
+ +
+base values for foldWithAbort and fold +
+
+
+      (f : elt → A → A) (f' : elt → A → A)
+      
+ +
+fold functions for foldWithAbort and fold +
+
+
+      (f_gt : elt → A → bool)
+      
+ +
+abort function +
+
+
+      (s : t)
+ +
+sets to fold over +
+
+
+      (P : A → A → Prop)
+ +
+equivalence relation on results
+
+,
+
+    
+    
+ +
+P is an equivalence relation +
+
+    Equivalence P →
+
+    
+ +
+f is for the elements of s compatible with the equivalence relation P +
+
+    (∀ st st' e, In e s → P st st' → P (f e st) (f e st')) →
+
+    
+ +
+f and f' agree for the elements of s +
+
+    (∀ e st, In e s → (P (f e st) (f' e st))) →
+
+    
+ +
+f_abort is OK, i.e. all other elements can be skipped without + leaving the equivalence relation. +
+
+    (∀ e1 st,
+        In e1 s → f_gt e1 st = true →
+        (∀ st' e2, P st st' →
+                        In e2 s → lt e1 e2 →
+                        P st (f e2 st'))) →
+
+    
+ +
+The base values are in equivalence relation +
+
+    P i i' →
+
+    
+ +
+The results are in equivalence relation +
+
+    P (foldWithAbortGt f f_gt s i) (fold f' s i').
+ +
+
+ +
+For ordered sets, we can safely skip elements at the end + based on the knowledge that they are all greater than the current element. + This leads to serious performance improvements for operations like + filtering. It is tempting to try the symmetric operation and skip elements at + the beginning based on the knowledge that they are too small to be interesting. + So, we would like to start late as well as abort early. + +
+ + This is indeed a very natural and efficient operation for set implementations + based on binary search trees (i.e. the AVL and RBT sets). We can completely symmetrically + to skipping greater elements also skip smaller elements. This leads to the following + specification. +
+
+ +
+Definition foldWithAbortGtLtType
+    elt
+ +
+element type of set +
+
+    t
+ +
+type of set +
+
+    A
+ +
+return type
+
+ :=
+    (elt → A → bool) →
+ +
+f_lt +
+
+    (elt → A → A) →
+ +
+f +
+
+    (elt → A → bool) →
+ +
+f_gt +
+
+    t →
+ +
+input set +
+
+    A →
+ +
+base value +
+
+    A.
+ +
+Definition foldWithAbortGtLtSpecPred {elt t : Type}
+    (lt : elt → elt → Prop)
+    (In : elt → t → Prop)
+    (fold : ∀ {A : Type}, (elt → A → A) → t → A → A)
+    (foldWithAbortGtLt : ∀ {A : Type}, foldWithAbortGtLtType elt t A) : Prop :=
+
+    âˆ€
+      (A : Type)
+      
+ +
+result type +
+
+
+      (i i' : A)
+      
+ +
+base values for foldWithAbort and fold +
+
+
+      (f : elt → A → A) (f' : elt → A → A)
+      
+ +
+fold functions for foldWithAbort and fold +
+
+
+      (f_lt f_gt : elt → A → bool)
+      
+ +
+abort functions +
+
+
+      (s : t)
+ +
+sets to fold over +
+
+
+      (P : A → A → Prop)
+ +
+equivalence relation on results
+
+,
+
+    
+    
+ +
+P is an equivalence relation +
+
+    Equivalence P →
+
+    
+ +
+f is for the elements of s compatible with the equivalence relation P +
+
+    (∀ st st' e, In e s → P st st' → P (f e st) (f e st')) →
+
+    
+ +
+f and f' agree for the elements of s +
+
+    (∀ e st, In e s → (P (f e st) (f' e st))) →
+
+    
+ +
+f_lt is OK, i.e. smaller elements can be skipped without + leaving the equivalence relation. +
+
+    (∀ e1 st,
+        In e1 s → f_lt e1 st = true →
+        (∀ st' e2, P st st' →
+                        In e2 s → lt e2 e1 →
+                        P st (f e2 st'))) →
+
+    
+ +
+f_gt is OK, i.e. greater elements can be skipped without + leaving the equivalence relation. +
+
+    (∀ e1 st,
+        In e1 s → f_gt e1 st = true →
+        (∀ st' e2, P st st' →
+                        In e2 s → lt e1 e2 →
+                        P st (f e2 st'))) →
+
+    
+ +
+The base values are in equivalence relation +
+
+    P i i' →
+
+    
+ +
+The results are in equivalence relation +
+
+    P (foldWithAbortGtLt f_lt f f_gt s i) (fold f' s i').
+ +
+
+ +
+We are interested in folding with abort mainly for runtime + performance reasons of extracted code. The argument functions + f_lt, f_gt and f of foldWithAbortGtLt often share a large, + comparably expensive part of their computation. + +
+ + In order to further improve runtime performance, therefore another + version foldWithAbortPrecompute f_precompute f_lt f f_gt that + uses an extra function f_precompute to allows to compute the + commonly used parts of these functions only once. This leads to + the following definitions. +
+
+ +
+Definition foldWithAbortPrecomputeType
+    elt
+ +
+element type of set +
+
+    t
+ +
+type of set +
+
+    A
+ +
+return type +
+
+    B
+ +
+type of precomputed results
+
+ :=
+
+    (elt → B) →
+ +
+f_precompute +
+
+    (elt → B → A → bool) →
+ +
+f_lt +
+
+    (elt → B → A → A) →
+ +
+f +
+
+    (elt → B → A → bool) →
+ +
+f_gt +
+
+    t →
+ +
+input set +
+
+    A →
+ +
+base value +
+
+    A.
+ +
+
+ +
+The specification is similar to the one without precompute, + but uses f_precompute so avoid doing computations multiple times +
+
+Definition foldWithAbortPrecomputeSpecPred {elt t : Type}
+    (lt : elt → elt → Prop)
+    (In : elt → t → Prop)
+    (fold : ∀ {A : Type}, (elt → A → A) → t → A → A)
+    (foldWithAbortPrecompute : ∀ {A B : Type}, foldWithAbortPrecomputeType elt t A B) : Prop :=
+
+    âˆ€
+      (A B : Type)
+      
+ +
+result type +
+
+
+      (i i' : A)
+      
+ +
+base values for foldWithAbortPrecompute and fold +
+
+
+      (f_precompute : elt → B)
+      
+ +
+precompute function +
+
+
+      (f : elt → B → A → A) (f' : elt → A → A)
+      
+ +
+fold functions for foldWithAbortPrecompute and fold +
+
+
+      (f_lt f_gt : elt → B → A → bool)
+      
+ +
+abort functions +
+
+
+      (s : t)
+ +
+sets to fold over +
+
+
+      (P : A → A → Prop)
+ +
+equivalence relation on results
+
+,
+
+    
+    
+ +
+P is an equivalence relation +
+
+    Equivalence P →
+
+    
+ +
+f is for the elements of s compatible with the equivalence relation P +
+
+    (∀ st st' e, In e s → P st st' → P (f e (f_precompute e) st) (f e (f_precompute e) st')) →
+
+    
+ +
+f and f' agree for the elements of s +
+
+    (∀ e st, In e s → (P (f e (f_precompute e) st) (f' e st))) →
+
+    
+ +
+f_lt is OK, i.e. smaller elements can be skipped without + leaving the equivalence relation. +
+
+    (∀ e1 st,
+        In e1 s → f_lt e1 (f_precompute e1) st = true →
+        (∀ st' e2, P st st' →
+                        In e2 s → lt e2 e1 →
+                        P st (f e2 (f_precompute e2) st'))) →
+
+    
+ +
+f_gt is OK, i.e. greater elements can be skipped without + leaving the equivalence relation. +
+
+    (∀ e1 st,
+        In e1 s → f_gt e1 (f_precompute e1) st = true →
+        (∀ st' e2, P st st' →
+                        In e2 s → lt e1 e2 →
+                        P st (f e2 (f_precompute e2) st'))) →
+
+    
+ +
+The base values are in equivalence relation +
+
+    P i i' →
+
+    
+ +
+The results are in equivalence relation +
+
+    P (foldWithAbortPrecompute f_precompute f_lt f f_gt s i) (fold f' s i').
+ +
+
+ +
+

Module Types

+ +
+ + We now define a module type for foldWithAbort. This module + type demands only the existence of the precompute version, since + the other ones can be easily defined via this most efficient one. +
+
+ +
+Module Type HasFoldWithAbort (E : OrderedType) (Import C : WSetsOnWithDups E).
+ +
+  Parameter foldWithAbortPrecompute : ∀ {A B : Type},
+    foldWithAbortPrecomputeType elt t A B.
+ +
+  Parameter foldWithAbortPrecomputeSpec :
+     foldWithAbortPrecomputeSpecPred E.lt In (@fold) (@foldWithAbortPrecompute).
+ +
+End HasFoldWithAbort.
+ +
+
+ +
+

Derived operations

+ + +
+ + Using these efficient fold operations, many operations can + be implemented efficiently. We provide lemmata and efficient implementations + of useful algorithms via module HasFoldWithAbortOps. +
+
+ +
+Module HasFoldWithAbortOps (E : OrderedType) (C : WSetsOnWithDups E)
+                           (FT : HasFoldWithAbort E C).
+ +
+  Import FT.
+  Import C.
+ +
+
+ +
+

First lets define the other folding with abort variants

+ +
+
+ +
+  Definition foldWithAbortGtLt {A} f_lt (f : (elt → A → A)) f_gt :=
+    foldWithAbortPrecompute (fun _ ⇒ tt) (fun e _ st ⇒ f_lt e st)
+      (fun e _ st ⇒ f e st) (fun e _ st ⇒ f_gt e st).
+ +
+  Lemma foldWithAbortGtLtSpec :
+     foldWithAbortGtLtSpecPred E.lt In (@fold) (@foldWithAbortGtLt).
+  Proof.
+    rewrite /foldWithAbortGtLt /foldWithAbortGtLtSpecPred.
+    intros A i i' f f' f_lt f_gt s P.
+    move ⇒ H_f_compat H_ff' H_lt H_gt H_ii'.
+    apply foldWithAbortPrecomputeSpec ⇒ //.
+  Qed.
+ +
+  Definition foldWithAbortGt {A} (f : (elt → A → A)) f_gt :=
+    foldWithAbortPrecompute (fun _ ⇒ tt) (fun _ _ _ ⇒ false)
+      (fun e _ st ⇒ f e st) (fun e _ st ⇒ f_gt e st).
+ +
+  Lemma foldWithAbortGtSpec :
+     foldWithAbortGtSpecPred E.lt In (@fold) (@foldWithAbortGt).
+  Proof.
+    rewrite /foldWithAbortGt /foldWithAbortGtSpecPred.
+    intros A i i' f f' f_gt s P.
+    move ⇒ H_f_compat H_ff' H_gt H_ii'.
+    apply foldWithAbortPrecomputeSpec ⇒ //.
+  Qed.
+ +
+  Definition foldWithAbort {A} (f : (elt → A → A)) f_abort :=
+    foldWithAbortPrecompute (fun _ ⇒ tt) (fun e _ st ⇒ f_abort e st)
+      (fun e _ st ⇒ f e st) (fun e _ st ⇒ f_abort e st).
+ +
+  Lemma foldWithAbortSpec :
+     foldWithAbortSpecPred In (@fold) (@foldWithAbort).
+  Proof.
+    rewrite /foldWithAbort /foldWithAbortGtSpecPred.
+    intros A i i' f f' f_abort s P.
+    move ⇒ H_equiv_P H_f_compat H_ff' H_abort H_ii'.
+    have H_lt_neq: (∀ e1 e2, E.lt e1 e2 → e1 ≠ e2). {
+      move ⇒ e1 e2 H_lt H_e12_eq.
+      rewrite H_e12_eq in H_lt.
+      have : ( Irreflexive E.lt) by apply StrictOrder_Irreflexive.
+      rewrite /Irreflexive /Reflexive /complement ⇒ H.
+      eapply H, H_lt.
+    }
+    apply foldWithAbortPrecomputeSpec ⇒ //; (
+      move ⇒ e1 st H_in_e1 H_abort_e1 st' e2 H_P H_in_e2 /H_lt_neq H_lt;
+      apply (H_abort e1 st H_in_e1 H_abort_e1 st' e2 H_P H_in_e2);
+      by auto
+    ).
+  Qed.
+ +
+
+ +
+

Specialisations for equality

+ +
+ + Let's provide simplified specifications, which use equality instead + of an arbitrary equivalence relation on results. +
+
+  Lemma foldWithAbortPrecomputeSpec_Equal : ∀ (A B : Type) (i : A) (f_pre : elt → B)
+      (f : elt → B → A → A) (f' : elt → A → A) (f_lt f_gt : elt → B → A → bool) (s : t),
+
+      (∀ e st, In e s → (f e (f_pre e) st = f' e st)) →
+
+      
+      (∀ e1 st,
+          In e1 s → f_lt e1 (f_pre e1) st = true →
+          (∀ e2, In e2 s → E.lt e2 e1 →
+                      (f e2 (f_pre e2) st = st))) →
+
+      
+      (∀ e1 st,
+          In e1 s → f_gt e1 (f_pre e1) st = true →
+          (∀ e2, In e2 s → E.lt e1 e2 →
+                      (f e2 (f_pre e2) st = st))) →
+
+      (foldWithAbortPrecompute f_pre f_lt f f_gt s i) = (fold f' s i).
+  Proof.
+    intros A B i f_pre f f' f_lt f_gt s H_f' H_lt H_gt.
+ +
+     eapply (foldWithAbortPrecomputeSpec A B i i f_pre f f'); eauto. {
+       apply eq_equivalence.
+     } {
+       move ⇒ st1 st2 e H_in → //.
+     } {
+       move ⇒ e1 st H_e1_in H_do_smaller st' e2 <-.
+       move : (H_lt e1 st H_e1_in H_do_smaller e2).
+       intuition.
+     } {
+       move ⇒ e1 st H_e1_in H_do_greater st' e2 <-.
+       move : (H_gt e1 st H_e1_in H_do_greater e2).
+       intuition.
+     }
+  Qed.
+ +
+  Lemma foldWithAbortGtLtSpec_Equal : ∀ (A : Type) (i : A)
+      (f : elt → A → A) (f' : elt → A → A) (f_lt f_gt : elt → A → bool) (s : t),
+
+      (∀ e st, In e s → (f e st = f' e st)) →
+
+      
+      (∀ e1 st,
+          In e1 s → f_lt e1 st = true →
+          (∀ e2, In e2 s → E.lt e2 e1 →
+                      (f e2 st = st))) →
+
+      
+      (∀ e1 st,
+          In e1 s → f_gt e1 st = true →
+          (∀ e2, In e2 s → E.lt e1 e2 →
+                      (f e2 st = st))) →
+
+      (foldWithAbortGtLt f_lt f f_gt s i) = (fold f' s i).
+  Proof.
+    intros A i f f' f_lt f_gt s H_f' H_lt H_gt.
+ +
+     eapply (foldWithAbortGtLtSpec A i i f f'); eauto. {
+       apply eq_equivalence.
+     } {
+       move ⇒ st1 st2 e H_in → //.
+     } {
+       move ⇒ e1 st H_e1_in H_do_smaller st' e2 <-.
+       move : (H_lt e1 st H_e1_in H_do_smaller e2).
+       intuition.
+     } {
+       move ⇒ e1 st H_e1_in H_do_greater st' e2 <-.
+       move : (H_gt e1 st H_e1_in H_do_greater e2).
+       intuition.
+     }
+  Qed.
+ +
+  Lemma foldWithAbortGtSpec_Equal : ∀ (A : Type) (i : A)
+      (f : elt → A → A) (f' : elt → A → A) (f_gt : elt → A → bool) (s : t),
+
+      (∀ e st, In e s → (f e st = f' e st)) →
+
+      
+      (∀ e1 st,
+          In e1 s → f_gt e1 st = true →
+          (∀ e2, In e2 s → E.lt e1 e2 →
+                      (f e2 st = st))) →
+
+      (foldWithAbortGt f f_gt s i) = (fold f' s i).
+  Proof.
+    intros A i f f' f_gt s H_f' H_gt.
+ +
+     eapply (foldWithAbortGtSpec A i i f f'); eauto. {
+       apply eq_equivalence.
+     } {
+       move ⇒ st1 st2 e H_in → //.
+     } {
+       move ⇒ e1 st H_e1_in H_do_greater st' e2 <-.
+       move : (H_gt e1 st H_e1_in H_do_greater e2).
+       intuition.
+     }
+  Qed.
+ +
+  Lemma foldWithAbortSpec_Equal : ∀ (A : Type) (i : A)
+      (f : elt → A → A) (f' : elt → A → A) (f_abort : elt → A → bool) (s : t),
+
+      (∀ e st, In e s → (f e st = f' e st)) →
+
+      
+      (∀ e1 st,
+          In e1 s → f_abort e1 st = true →
+          (∀ e2, In e2 s → e1 ≠ e2 →
+                      (f e2 st = st))) →
+
+      (foldWithAbort f f_abort s i) = (fold f' s i).
+  Proof.
+     intros A i f f' f_abort s H_f' H_abort.
+ +
+     eapply (foldWithAbortSpec A i i f f'); eauto. {
+       apply eq_equivalence.
+     } {
+       move ⇒ st1 st2 e H_in → //.
+     } {
+       move ⇒ e1 st H_e1_in H_do_abort st' e2 <-.
+       move : (H_abort e1 st H_e1_in H_do_abort e2).
+       intuition.
+     }
+  Qed.
+ +
+
+ +
+

FoldWithAbortSpecArgs

+ +
+ + While folding, we are often interested in skipping elements that do not + satisfy a certain property P. This needs expressing in terms of + skips of smaller of larger elements in order to be done efficiently by + our folding functions. Formally, this leads to the definition + of foldWithAbortSpecForPred. + +
+ + Given a FoldWithAbortSpecArg for a predicate P and a + set s, many operations can be implemented efficiently. Below we will provide + efficient versions of filter, choose, ∃, ∀ and more. + +
+
+  Record FoldWithAbortSpecArg {B} := {
+     fwasa_f_pre : (elt → B);
+ +
+The precompute function +
+
+     fwasa_f_lt : (elt → B → bool);
+ +
+f_lt without state argument +
+
+     fwasa_f_gt : (elt → B → bool);
+ +
+f_gt without state argument +
+
+     fwasa_P' : (elt → B → bool)
+ +
+the predicate P +
+
+  }.
+ +
+
+ +
+foldWithAbortSpecForPred s P fwasa holds, if + the argument fwasa fits the predicate P for set s. +
+
+  Definition foldWithAbortSpecArgsForPred {A : Type}
+     (s : t) (P : elt → bool) (fwasa : @FoldWithAbortSpecArg A) :=
+
+     
+ +
+the predicate P' coincides for s and the given precomputation with P +
+
+     (∀ e, In e s → (fwasa_P' fwasa e (fwasa_f_pre fwasa e) = P e)) ∧
+
+     
+ +
+If fwasa_f_lt holds, all elements smaller than the current one + don't satisfy predicate P. +
+
+     (∀ e1,
+          In e1 s → fwasa_f_lt fwasa e1 (fwasa_f_pre fwasa e1) = true →
+          (∀ e2, In e2 s → E.lt e2 e1 → (P e2 = false))) ∧
+
+     
+ +
+If fwasa_f_gt holds, all elements greater than the current one + don't satisfy predicate P. +
+
+     (∀ e1,
+          In e1 s → fwasa_f_gt fwasa e1 (fwasa_f_pre fwasa e1) = true →
+          (∀ e2, In e2 s → E.lt e1 e2 → (P e2 = false))).
+ +
+ +
+
+ +
+

Filter with abort

+ +
+
+  Definition filter_with_abort {B} (fwasa : @FoldWithAbortSpecArg B) s :=
+     @foldWithAbortPrecompute t B (fwasa_f_pre fwasa) (fun e p _ ⇒ fwasa_f_lt fwasa e p)
+       (fun e e_pre s ⇒ if fwasa_P' fwasa e e_pre then add e s else s)
+       (fun e p _ ⇒ fwasa_f_gt fwasa e p) s empty.
+ +
+  Lemma filter_with_abort_spec {B} : ∀ fwasa P s,
+    @foldWithAbortSpecArgsForPred B s P fwasa →
+    Proper (E.eq ==> Logic.eq) P →
+    Equal (filter_with_abort fwasa s)
+          (filter P s).
+  Proof.
+    unfold foldWithAbortSpecArgsForPred.
+    move ⇒ [] f_pre f_lt f_gt P' P s /=.
+    move ⇒ [H_f'] [H_lt] H_gt H_proper.
+    rewrite /filter_with_abort /=.
+ +
+    have → : (foldWithAbortPrecompute f_pre (fun e p _ ⇒ f_lt e p)
+     (fun (e : elt) (e_pre : B) (s0 : t) ⇒
+      if P' e e_pre then add e s0 else s0) (fun e p _ ⇒ f_gt e p) s empty =
+     (fold (fun e s0 ⇒ if P e then add e s0 else s0) s empty)). {
+      apply foldWithAbortPrecomputeSpec_Equal. {
+        intros e st H_e_in.
+        rewrite H_f' //.
+      } {
+        intros e1 st H_e1_in H_f_lt_eq e2 H_e2_in H_lt_e2_e1.
+        rewrite (H_f' _ H_e2_in).
+        suff → : (P e2 = false) by done.
+        apply (H_lt e1); eauto.
+      } {
+        intros e1 st H_e1_in H_f_gt_eq e2 H_e2_in H_gt_e2_e1.
+        rewrite (H_f' _ H_e2_in).
+        suff → : (P e2 = false) by done.
+        apply (H_gt e1); eauto.
+      }
+    }
+
+    rewrite /Equal ⇒ e.
+    rewrite fold_spec.
+    setoid_rewrite filter_spec ⇒ //.
+ +
+    suff → : ∀ acc, In e
+      (fold_left
+         (flip (fun (e0 : elt) (s0 : t) ⇒ if P e0 then add e0 s0 else s0))
+         (elements s) acc) ↔ (InA E.eq e (elements s) ∧ P e = true) ∨ (In e acc). {
+      rewrite elements_spec1.
+      suff : (¬In e empty) by tauto.
+      apply empty_spec.
+    }
+    induction (elements s) as [| x xs IH] ⇒ acc. {
+      rewrite /= InA_nil. tauto.
+    } {
+      rewrite /= /flip IH InA_cons.
+      case_eq (P x). {
+        rewrite add_spec.
+        intuition.
+        left.
+        rewrite H0.
+        split ⇒ //.
+        left.
+        apply Equivalence_Reflexive.
+      } {
+        intuition.
+        contradict H2.
+        setoid_rewrite H1.
+        by rewrite H.
+      }
+    }
+  Qed.
+ +
+
+ +
+

Choose with abort

+ +
+
+  Definition choose_with_abort {B} (fwasa : @FoldWithAbortSpecArg B) s :=
+     foldWithAbortPrecompute (fwasa_f_pre fwasa)
+       (fun e p st ⇒ match st with None ⇒ (fwasa_f_lt fwasa e p) | _ ⇒ true end)
+       (fun e e_pre st ⇒ match st with None ⇒
+          if (fwasa_P' fwasa e e_pre) then Some e else None | _ ⇒ st end)
+
+       (fun e p st ⇒ match st with None ⇒ (fwasa_f_gt fwasa e p) | _ ⇒ true end)
+       s None.
+ +
+  Lemma choose_with_abort_spec {B} : ∀ fwasa P s,
+    @foldWithAbortSpecArgsForPred B s P fwasa →
+    Proper (E.eq ==> Logic.eq) P →
+    (match (choose_with_abort fwasa s) with
+       | None ⇒ (∀ e, In e s → P e = false)
+       | Some e ⇒ In e s ∧ (P e = true)
+     end).
+  Proof.
+    rewrite /foldWithAbortSpecArgsForPred.
+    move ⇒ [] f_pre f_lt f_gt P' P s /=.
+    move ⇒ [H_f'] [H_lt] H_gt H_proper.
+ +
+    set fwasa := {|
+       fwasa_f_pre := f_pre;
+       fwasa_f_lt := f_lt;
+       fwasa_f_gt := f_gt;
+       fwasa_P' := P' |}.
+ +
+    suff : (match (choose_with_abort fwasa s) with
+       | None ⇒ (∀ e, InA E.eq e (elements s) → P e = false)
+       | Some e ⇒ InA E.eq e (elements s) ∧ (P e = true)
+     end). {
+       case (choose_with_abort fwasa s). {
+         move ⇒ e.
+         rewrite elements_spec1 //.
+       } {
+         move ⇒ H e H_in.
+         apply H.
+         rewrite elements_spec1 //.
+       }
+    }
+
+    have → : (choose_with_abort fwasa s =
+      (fold (fun e st ⇒
+        match st with
+          | None ⇒ if P e then Some e else None
+          | _ ⇒ st end) s None)). {
+      apply foldWithAbortPrecomputeSpec_Equal. {
+        intros e st H_e_in.
+        case st ⇒ //=.
+        rewrite H_f' //.
+      } {
+        move ⇒ e1 [] //= H_e1_in H_f_lt_eq e2 H_e2_in H_lt_e2_e1.
+        rewrite (H_f' _ H_e2_in).
+        case_eq (P e2) ⇒ // H_P_e2.
+        contradict H_P_e2.
+        apply not_true_iff_false, (H_lt e1); auto.
+      } {
+        move ⇒ e1 [] //= H_e1_in H_f_gt_eq e2 H_e2_in H_gt_e2_e1.
+        rewrite (H_f' _ H_e2_in).
+        case_eq (P e2) ⇒ // H_P_e2.
+        contradict H_P_e2.
+        apply not_true_iff_false, (H_gt e1); auto.
+      }
+    }
+
+    rewrite fold_spec /flip.
+    induction (elements s) as [| x xs IH]. {
+      rewrite /=.
+      move ⇒ e /InA_nil //.
+    } {
+      case_eq (P x) ⇒ H_Px; rewrite /= H_Px. {
+        have → : ∀ xs, fold_left (fun (x0 : option elt) (y : elt) ⇒
+                    match x0 with | Some _ ⇒ x0 | None ⇒ if P y then Some y else None
+                    end) xs (Some x) = Some x. {
+          move ⇒ ys.
+          induction ys ⇒ //.
+        }
+        split; last assumption.
+        apply InA_cons_hd.
+        apply E.eq_equiv.
+      } {
+        move : IH.
+        case (fold_left
+          (fun (x0 : option elt) (y : elt) ⇒
+             match x0 with | Some _ ⇒ x0 | None ⇒ if P y then Some y else None
+             end) xs None). {
+
+             move ⇒ e [H_e_in] H_Pe.
+             split; last assumption.
+             apply InA_cons_tl ⇒ //.
+        } {
+          move ⇒ H_e_nin e H_e_in.
+          have : (InA E.eq e xs ∨ (E.eq e x)). {
+            inversion H_e_in; tauto.
+          }
+          move ⇒ []. {
+            apply H_e_nin.
+          } {
+            move ⇒ → //.
+          }
+        }
+      }
+    }
+  Qed.
+ +
+
+ +
+

Exists and Forall with abort

+ +
+
+  Definition exists_with_abort {B} (fwasa : @FoldWithAbortSpecArg B) s :=
+    match choose_with_abort fwasa s with
+      | None ⇒ false
+      | Some _ ⇒ true
+    end.
+ +
+  Lemma exists_with_abort_spec {B} : ∀ fwasa P s,
+    @foldWithAbortSpecArgsForPred B s P fwasa →
+    Proper (E.eq ==> Logic.eq) P →
+    (exists_with_abort fwasa s =
+     exists_ P s).
+  Proof.
+    intros fwasa P s H_fwasa H_proper.
+    apply Logic.eq_sym.
+    rewrite /exists_with_abort.
+    move : (choose_with_abort_spec _ _ _ H_fwasa H_proper).
+    case (choose_with_abort fwasa s). {
+      move ⇒ e [H_e_in] H_Pe.
+      rewrite exists_spec /Exists.
+      by ∃ e.
+    } {
+      move ⇒ H_not_ex.
+      apply not_true_iff_false.
+      rewrite exists_spec /Exists.
+      move ⇒ [e] [H_in] H_pe.
+      move : (H_not_ex e H_in).
+      rewrite H_pe //.
+    }
+  Qed.
+ +
+
+ +
+Negation leads to forall. +
+
+  Definition forall_with_abort {B} fwasa s :=
+     negb (@exists_with_abort B fwasa s).
+ +
+  Lemma forall_with_abort_spec {B} : ∀ fwasa s P,
+    @foldWithAbortSpecArgsForPred B s P fwasa →
+    Proper (E.eq ==> Logic.eq) P →
+    (forall_with_abort fwasa s =
+     for_all (fun e ⇒ negb (P e)) s).
+  Proof.
+    intros fwasa s P H_ok H_proper.
+    rewrite /forall_with_abort exists_with_abort_spec; auto.
+ +
+    rewrite eq_iff_eq_true negb_true_iff -not_true_iff_false.
+    rewrite exists_spec.
+    setoid_rewrite for_all_spec; last solve_proper.
+ +
+    rewrite /Exists /For_all.
+    split. {
+      move ⇒ H_pre x H_x_in.
+      rewrite negb_true_iff -not_true_iff_false ⇒ H_Px.
+      apply H_pre.
+      by ∃ x.
+    } {
+      move ⇒ H_pre [x] [H_x_in] H_P_x.
+      move : (H_pre x H_x_in).
+      rewrite H_P_x.
+      done.
+    }
+  Qed.
+ +
+End HasFoldWithAbortOps.
+ +
+
+ +
+

Modules Types For Sets with Fold with Abort

+ +
+
+Module Type WSetsWithDupsFoldA.
+  Declare Module E : OrderedType.
+  Include WSetsOnWithDups E.
+  Include HasFoldWithAbort E.
+  Include HasFoldWithAbortOps E.
+End WSetsWithDupsFoldA.
+ +
+Module Type WSetsWithFoldA <: WSets.
+  Declare Module E : OrderedType.
+  Include WSetsOn E.
+  Include HasFoldWithAbort E.
+  Include HasFoldWithAbortOps E.
+End WSetsWithFoldA.
+ +
+Module Type SetsWithFoldA <: Sets.
+  Declare Module E : OrderedType.
+  Include SetsOn E.
+  Include HasFoldWithAbort E.
+  Include HasFoldWithAbortOps E.
+End SetsWithFoldA.
+ +
+
+ +
+

Implementations

+ +
+ +

GenTree implementation

+ + Finally, provide such a fold with abort operation for generic trees. +
+
+Module MakeGenTreeFoldA (Import E : OrderedType) (Import I:InfoTyp)
+  (Import Raw: MSetGenTree.Ops E I)
+  (M : MSetGenTree.Props E I Raw).
+ +
+  Fixpoint foldWithAbort_Raw {A B: Type} (f_pre : E.t → B) f_lt (f: E.t → B → A → A) f_gt t (base: A) : A :=
+    match t with
+    | Raw.Leaf ⇒ base
+    | Raw.Node _ l x r ⇒
+        let x_pre := f_pre x in
+        let st0 := if f_lt x x_pre base then base else foldWithAbort_Raw f_pre f_lt f f_gt l base in
+        let st1 := f x x_pre st0 in
+        let st2 := if f_gt x x_pre st1 then st1 else foldWithAbort_Raw f_pre f_lt f f_gt r st1 in
+        st2
+    end.
+ +
+  Lemma foldWithAbort_RawSpec : ∀ (A B : Type) (i i' : A) (f_pre : E.t → B)
+      (f : E.t → B → A → A) (f' : E.t → A → A) (f_lt f_gt : E.t → B → A → bool) (s : Raw.tree)
+      (P : A → A → Prop),
+
+      (M.bst s) →
+      Equivalence P →
+      (∀ st st' e, M.In e s → P st st' → P (f e (f_pre e) st) (f e (f_pre e) st')) →
+      (∀ e st, M.In e s → P (f e (f_pre e) st) (f' e st)) →
+
+      
+      (∀ e1 st,
+          M.In e1 s → f_lt e1 (f_pre e1) st = true →
+          (∀ st' e2, P st st' →
+                          M.In e2 s → E.lt e2 e1 →
+                          P st (f e2 (f_pre e2) st'))) →
+
+      
+      (∀ e1 st,
+          M.In e1 s → f_gt e1 (f_pre e1) st = true →
+          (∀ st' e2, P st st' →
+                          M.In e2 s → E.lt e1 e2 →
+                          P st (f e2 (f_pre e2) st'))) →
+
+      P i i' →
+      P (foldWithAbort_Raw f_pre f_lt f f_gt s i) (fold f' s i').
+   Proof.
+     intros A B i i' f_pre f f' f_lt f_gt s P.
+     move ⇒ H_bst H_equiv_P H_P_f H_f' H_RL H_RG.
+ +
+     set base := s.
+ +
+     move : i i'.
+     have : (∀ e, M.In e base → M.In e s). {
+       rewrite /In /base //.
+     }
+     have : M.bst base. {
+       apply H_bst.
+     }
+     move : base.
+     clear H_bst.
+ +
+     induction base as [|c l IHl e r IHr] using M.tree_ind. {
+       rewrite /foldWithAbort_Raw /Raw.fold.
+       move ⇒ _ _ i i' //.
+     } {
+       move ⇒ H_bst H_sub i i' H_P_ii'.
+ +
+       have [H_bst_l [H_bst_r [H_lt_tree_l H_gt_tree_r]]]:
+         M.bst l ∧ M.bst r ∧ M.lt_tree e l ∧ M.gt_tree e r. {
+         inversion H_bst. done.
+       }
+
+       have H_sub_l : (∀ e0 : E.t, M.In e0 l → M.In e0 s ∧ E.lt e0 e). {
+         intros e0 H_in_l.
+         split; last by apply H_lt_tree_l.
+         eapply H_sub.
+         rewrite /M.In M.In_node_iff.
+         tauto.
+       }
+       move : (IHl H_bst_l) ⇒ {} IHl {H_bst_l} {H_lt_tree_l}.
+       have H_sub_r : (∀ e0 : E.t, M.In e0 r → M.In e0 s ∧ E.lt e e0). {
+         intros e0 H_in_r.
+         split; last by apply H_gt_tree_r.
+         eapply H_sub.
+         rewrite /M.In M.In_node_iff.
+         tauto.
+       }
+       move : (IHr H_bst_r) ⇒ {} IHr {H_bst_r} {H_gt_tree_r}.
+       have H_in_e : M.In e s. {
+         eapply H_sub.
+         rewrite /M.In M.In_node_iff.
+         right; left.
+         apply Equivalence_Reflexive.
+       }
+       move ⇒ {H_sub}.
+ +
+       rewrite /=.
+       set st0 := if f_lt e (f_pre e) i then i else foldWithAbort_Raw f_pre f_lt f f_gt l i.
+       set st0' := Raw.fold f' l i'.
+       set st1 := f e (f_pre e) st0.
+       set st1' := f' e st0'.
+       set st2 := if f_gt e (f_pre e) st1 then st1 else foldWithAbort_Raw f_pre f_lt f f_gt r st1.
+       set st2' := Raw.fold f' r st1'.
+ +
+       have H_P_st0 : P st0 st0'. {
+         rewrite /st0 /st0'.
+         case_eq (f_lt e (f_pre e) i). {
+           move ⇒ H_fl_eq.
+           move : H_P_ii' H_sub_l.
+           move : H_equiv_P H_f' (H_RL _ _ H_in_e H_fl_eq).
+           rewrite /M.lt_tree. clear.
+           move ⇒ H_equiv_P H_f' H_RL.
+           move : i'.
+           induction l as [|c l IHl e' r IHr] using M.tree_ind. {
+             done.
+           } {
+             intros i' H_P_ii' H_sub_l.
+             rewrite /=.
+             apply IHr; last first. {
+               move ⇒ y H_y_in.
+               apply H_sub_l.
+               rewrite /M.In M.In_node_iff. tauto.
+             }
+             have [] : (M.In e' s ∧ E.lt e' e). {
+               apply H_sub_l.
+               rewrite /M.In M.In_node_iff.
+               right; left.
+               apply Equivalence_Reflexive.
+             }
+             move ⇒ H_e'_in H_lt_in.
+             suff H_P_i : (P i (f e' (f_pre e') (fold f' l i'))). {
+               eapply Equivalence_Transitive; first apply H_P_i.
+               by apply H_f'.
+             }
+             eapply H_RL ⇒ //.
+             apply IHl; last first. {
+               move ⇒ y H_y_in.
+               apply H_sub_l.
+               rewrite /M.In M.In_node_iff. tauto.
+             }
+             assumption.
+           }
+         } {
+           move ⇒ _.
+           apply IHl ⇒ //.
+           eapply H_sub_l.
+         }
+       }
+       have H_P_st1 : P st1 st1'. {
+         rewrite /st1 /st1'.
+         rewrite -H_f' //.
+         apply H_P_f ⇒ //.
+       }
+       have H_P_st2 : P st2 st2'. {
+         rewrite /st2 /st2'.
+         clearbody st1 st1'.
+         case_eq (f_gt e (f_pre e) st1). {
+           move ⇒ H_gt_eq.
+           move : H_P_st1 H_sub_r.
+           move : H_equiv_P (H_RG _ _ H_in_e H_gt_eq) H_f'.
+           unfold M.gt_tree. clear.
+           move ⇒ H_equiv_P H_RG H_f'.
+           move : st1'.
+           induction r as [|c l IHl e' r IHr] using M.tree_ind. {
+             done.
+           } {
+             intros st1' H_P_st1 H_sub_r.
+             rewrite /=.
+             apply IHr; last first. {
+               move ⇒ y H_y_in.
+               apply H_sub_r.
+               rewrite /M.In M.In_node_iff. tauto.
+             }
+             have [] : (M.In e' s ∧ E.lt e e'). {
+               apply H_sub_r.
+               rewrite /M.In M.In_node_iff.
+               right; left.
+               apply Equivalence_Reflexive.
+             }
+             move ⇒ H_e'_in H_lt_ee'.
+             suff H_P_st1_aux : (P st1 (f e' (f_pre e') (fold f' l st1'))). {
+               eapply Equivalence_Transitive; first apply H_P_st1_aux.
+               by apply H_f'.
+             }
+             eapply H_RG ⇒ //.
+             apply IHl; last first. {
+               move ⇒ y H_y_in.
+               apply H_sub_r.
+               rewrite /M.In M.In_node_iff. tauto.
+             }
+             assumption.
+           }
+         } {
+           move ⇒ _.
+           apply IHr ⇒ //.
+           eapply H_sub_r.
+         }
+       }
+       done.
+     }
+  Qed.
+End MakeGenTreeFoldA.
+ +
+
+ +
+

AVL implementation

+ + The generic tree implementation naturally leads to an AVL one. +
+
+ +
+Module MakeAVLSetsWithFoldA (X : OrderedType) <: SetsWithFoldA with Module E := X.
+  Include MSetAVL.Make X.
+  Include MakeGenTreeFoldA X Z_as_Int Raw Raw.
+ +
+  Definition foldWithAbortPrecompute {A B: Type} f_pre f_lt (f: elt → B → A → A) f_gt t (base: A) : A :=
+    foldWithAbort_Raw f_pre f_lt f f_gt (t.(this)) base.
+ +
+  Lemma foldWithAbortPrecomputeSpec : foldWithAbortPrecomputeSpecPred X.lt In fold (@foldWithAbortPrecompute).
+  Proof.
+    intros A B i i' f_pre f f' f_lt f_gt s P.
+    move ⇒ H_P_f H_f' H_RL H_RG H_P_ii'.
+ +
+    rewrite /foldWithAbortPrecompute /fold.
+    apply foldWithAbort_RawSpec ⇒ //.
+    case s. rewrite /this /Raw.Ok //.
+  Qed.
+ +
+  Include HasFoldWithAbortOps X.
+ +
+End MakeAVLSetsWithFoldA.
+ +
+
+ +
+

RBT implementation

+ + The generic tree implementation naturally leads to an RBT one. +
+
+Module MakeRBTSetsWithFoldA (X : OrderedType) <: SetsWithFoldA with Module E := X.
+  Include MSetRBT.Make X.
+  Include MakeGenTreeFoldA X Color Raw Raw.
+ +
+  Definition foldWithAbortPrecompute {A B: Type} f_pre f_lt (f: elt → B → A → A) f_gt t (base: A) : A :=
+    foldWithAbort_Raw f_pre f_lt f f_gt (t.(this)) base.
+ +
+  Lemma foldWithAbortPrecomputeSpec : foldWithAbortPrecomputeSpecPred X.lt In fold (@foldWithAbortPrecompute).
+  Proof.
+    intros A B i i' f_pre f f' f_lt f_gt s P.
+    move ⇒ H_P_f H_f' H_RL H_RG H_P_ii'.
+ +
+    rewrite /foldWithAbortPrecompute /fold.
+    apply foldWithAbort_RawSpec ⇒ //.
+    case s. rewrite /this /Raw.Ok //.
+  Qed.
+ +
+  Include HasFoldWithAbortOps X.
+ +
+End MakeRBTSetsWithFoldA.
+ +
+
+ +
+

Sorted Lists Implementation

+ +
+
+Module MakeListSetsWithFoldA (X : OrderedType) <: SetsWithFoldA with Module E := X.
+  Include MSetList.Make X.
+ +
+  Fixpoint foldWithAbortRaw {A B: Type} (f_pre : X.t → B) (f_lt : X.t → B → A → bool)
+    (f: X.t → B → A → A) (f_gt : X.t → B → A → bool) (t : list X.t) (acc : A) : A :=
+  match t with
+    | nil ⇒ acc
+    | x :: xs ⇒ (
+        let pre_x := f_pre x in
+        let acc := f x (pre_x) acc in
+        if (f_gt x pre_x acc) then
+          acc
+        else
+          foldWithAbortRaw f_pre f_lt f f_gt xs acc
+      )
+  end.
+ +
+  Definition foldWithAbortPrecompute {A B: Type} f_pre f_lt f f_gt t acc :=
+    @foldWithAbortRaw A B f_pre f_lt f f_gt t.(this) acc.
+ +
+  Lemma foldWithAbortPrecomputeSpec : foldWithAbortPrecomputeSpecPred X.lt In fold (@foldWithAbortPrecompute).
+  Proof.
+    intros A B i i' f_pre f f' f_lt f_gt.
+    move ⇒ [] l H_is_ok_l P H_equiv_P.
+    rewrite /fold /foldWithAbortPrecompute /In /this /Raw.In /Raw.fold.
+    move ⇒ H_P_f H_f' H_RL H_RG.
+ +
+    set base := l.
+    move : i i'.
+    have : (∀ e, InA X.eq e base → InA X.eq e l). {
+      rewrite /base //.
+    }
+    have : sort X.lt base. {
+      rewrite Raw.isok_iff /base //.
+    }
+    clear H_is_ok_l.
+ +
+    induction base as [| x xs IH]. {
+      by simpl.
+    }
+    move ⇒ H_sort H_in_xxs i i' Pii' /=.
+ +
+    have [H_sort_xs H_hd_rel {H_sort}] : Sorted X.lt xs ∧ HdRel X.lt x xs. {
+      by inversion H_sort.
+    }
+
+    move : H_hd_rel.
+    rewrite (Raw.ML.Inf_alt x H_sort_xs) ⇒ H_lt_xs.
+ +
+    have H_x_in_l : InA X.eq x l. {
+      apply H_in_xxs.
+      apply InA_cons_hd.
+      apply X.eq_equiv.
+    }
+    have H_in_xs : (∀ e : X.t, InA X.eq e xs → InA X.eq e l). {
+      intros e H_in.
+      apply H_in_xxs, InA_cons_tl ⇒ //.
+    }
+   
+    have H_P_next : P (f x (f_pre x) i) (flip f' i' x). {
+      rewrite /flip -H_f' //.
+      apply H_P_f ⇒ //.
+    }
+
+    case_eq (f_gt x (f_pre x) (f x (f_pre x) i)); last first. {
+      move ⇒ _.
+      apply IH ⇒ //.
+    } {
+      move ⇒ H_gt.
+      suff H_suff : (∀ st, P (f x (f_pre x) i) st →
+         P (f x (f_pre x) i) (fold_left (flip f') xs st)). {
+         apply H_suff ⇒ //.
+      }
+      move : H_in_xs H_lt_xs.
+ +
+      clear IH H_in_xxs H_sort_xs.
+      move : (H_RG x _ H_x_in_l H_gt) ⇒ H_RG_x.
+      induction xs as [| x' xs' IH']. {
+        done.
+      } {
+        intros H_in_xs H_lt_xs st H_P_st.
+        rewrite /=.
+        have H_x'_in_l : InA X.eq x' l. {
+          apply H_in_xs.
+          apply InA_cons_hd, X.eq_equiv.
+        }
+        apply IH'. {
+          intros e H.
+          apply H_in_xs, InA_cons_tl ⇒ //.
+        } {
+          intros e H.
+          apply H_lt_xs, InA_cons_tl ⇒ //.
+        } {
+          rewrite /flip -H_f' //.
+          apply H_RG_x ⇒ //.
+          apply H_lt_xs.
+          apply InA_cons_hd, X.eq_equiv.
+        }
+      }
+    }
+  Qed.
+ +
+  Include HasFoldWithAbortOps X.
+ +
+End MakeListSetsWithFoldA.
+ +
+
+ +
+

Unsorted Lists without Dups Implementation

+ +
+
+Module MakeWeakListSetsWithFoldA (X : OrderedType) <: WSetsWithFoldA with Module E := X.
+  Module Raw := MSetWeakList.MakeRaw X.
+  Module E := X.
+  Include WRaw2SetsOn E Raw.
+ +
+  Fixpoint foldWithAbortRaw {A B: Type} (f_pre : X.t → B) (f_lt : X.t → B → A → bool)
+    (f: X.t → B → A → A) (f_gt : X.t → B → A → bool) (t : list X.t) (acc : A) : A :=
+  match t with
+    | nil ⇒ acc
+    | x :: xs ⇒ (
+        let pre_x := f_pre x in
+        let acc := f x (pre_x) acc in
+        if (f_gt x pre_x acc) && (f_lt x pre_x acc) then
+          acc
+        else
+          foldWithAbortRaw f_pre f_lt f f_gt xs acc
+      )
+  end.
+ +
+  Definition foldWithAbortPrecompute {A B: Type} f_pre f_lt f f_gt t acc :=
+    @foldWithAbortRaw A B f_pre f_lt f f_gt t.(this) acc.
+ +
+  Lemma foldWithAbortPrecomputeSpec : foldWithAbortPrecomputeSpecPred X.lt In fold (@foldWithAbortPrecompute).
+  Proof.
+    intros A B i i' f_pre f f' f_lt f_gt.
+    move ⇒ [] l H_is_ok_l P H_P_equiv.
+    rewrite /fold /foldWithAbortPrecompute /In /this /Raw.In /Raw.fold.
+    move ⇒ H_P_f H_f' H_RL H_RG.
+ +
+    set base := l.
+    move : i i'.
+    have : (∀ e, InA X.eq e base → InA X.eq e l). {
+      rewrite /base //.
+    }
+    have : NoDupA X.eq base. {
+      apply H_is_ok_l.
+    }
+    clear H_is_ok_l.
+ +
+    induction base as [| x xs IH]. {
+      by simpl.
+    }
+    move ⇒ H_nodup_xxs H_in_xxs i i' Pii' /=.
+ +
+    have [H_nin_x_xs H_nodup_xs {H_nodup_xxs}] : ¬ InA X.eq x xs ∧ NoDupA X.eq xs. {
+      by inversion H_nodup_xxs.
+    }
+
+    have H_x_in_l : InA X.eq x l. {
+      apply H_in_xxs.
+      apply InA_cons_hd.
+      apply X.eq_equiv.
+    }
+    have H_in_xs : (∀ e : X.t, InA X.eq e xs → InA X.eq e l). {
+      intros e H_in.
+      apply H_in_xxs, InA_cons_tl ⇒ //.
+    }
+   
+    have H_P_next : P (f x (f_pre x) i) (flip f' i' x). {
+      rewrite /flip -H_f' //.
+      apply H_P_f ⇒ //.
+    }
+
+    case_eq (f_gt x (f_pre x) (f x (f_pre x) i) &&
+             f_lt x (f_pre x) (f x (f_pre x) i)); last first. {
+      move ⇒ _.
+      apply IH ⇒ //.
+    } {
+      move ⇒ /andb_true_iff [H_gt H_lt].
+      suff H_suff : (∀ st, P (f x (f_pre x) i) st →
+         P (f x (f_pre x) i) (fold_left (flip f') xs st)). {
+         apply H_suff ⇒ //.
+      }
+
+      have H_neq_xs : ∀ e, List.In e xs → X.lt x e ∨ X.lt e x. {
+        intros e H_in.
+ +
+        move : (X.compare_spec x e).
+        case (X.compare x e) ⇒ H_cmp; inversion H_cmp. {
+          contradict H_nin_x_xs.
+          rewrite InA_alt.
+          by ∃ e.
+        } {
+          by left.
+        } {
+          by right.
+        }
+      }
+      move : H_in_xs H_neq_xs.
+ +
+      clear IH H_in_xxs H_nodup_xs.
+      move : (H_RG x _ H_x_in_l H_gt) ⇒ H_RG_x.
+      move : (H_RL x _ H_x_in_l H_lt) ⇒ H_RL_x.
+      induction xs as [| x' xs' IH']. {
+        done.
+      } {
+        intros H_in_xs H_neq_xs st H_P_st.
+        rewrite /=.
+        have H_x'_in_xxs' : List.In x' (x' :: xs'). {
+          simpl; by left.
+        }
+        have H_x'_in_l : InA X.eq x' l. {
+          apply H_in_xs.
+          apply InA_cons_hd, X.eq_equiv.
+        }
+        apply IH'. {
+          intros H.
+          apply H_nin_x_xs, InA_cons_tl ⇒ //.
+        } {
+          intros e H.
+          apply H_in_xs, InA_cons_tl ⇒ //.
+        } {
+          intros e H.
+          apply H_neq_xs, in_cons ⇒ //.
+        } {
+          rewrite /flip -H_f' //.
+          move : (H_neq_xs x' H_x'_in_xxs') ⇒ [] H_cmp. {
+            apply H_RG_x ⇒ //.
+          } {
+            apply H_RL_x ⇒ //.
+          }
+        }
+      }
+    }
+  Qed.
+ +
+  Include HasFoldWithAbortOps X.
+ +
+End MakeWeakListSetsWithFoldA.
+ +
+
+
+ + + +
+ + + \ No newline at end of file diff --git a/html/MSetsExtra.MSetIntervals.html b/html/MSetsExtra.MSetIntervals.html new file mode 100644 index 0000000..d66b966 --- /dev/null +++ b/html/MSetsExtra.MSetIntervals.html @@ -0,0 +1,6721 @@ + + + + + +MSetsExtra.MSetIntervals + + + + +
+ + + +
+ +

Library MSetsExtra.MSetIntervals

+ +
+ +
+ +
+
+ +
+

Weak sets implemented by interval lists

+ + +
+ + This file contains an implementation of the set interface + SetsOn which uses internally intervals of Z. This allows some + large sets, which naturally map to intervals of integers to be + represented very efficiently. + +
+ + Internally intervals of Z are used. However, via an encoding + and decoding layer, other types of elements can be handled as + well. There are instantiations for Z, N and nat currently. + More can be easily added. + +
+
+ +
+Require Import MSetInterface OrdersFacts OrdersLists.
+Require Import BinNat.
+Require Import mathcomp.ssreflect.ssreflect.
+Require Import NArith.
+Require Import ZArith.
+Require Import NOrder.
+Require Import Lia.
+Require Import DecidableTypeEx.
+Module Import NOP := NOrderProp N.
+Open Scope Z_scope.
+ +
+
+ +
+

Auxiliary stuff

+ +
+ + Simple auxiliary lemmata +
+
+Lemma Z_le_add_r : ∀ (z : Z) (n : N),
+  z ≤ z + Z.of_N n.
+Proof.
+  intros z n.
+  suff : (z + 0 ≤ z + Z.of_N n). {
+    rewrite Z.add_0_r //.
+  }
+  apply Zplus_le_compat_l.
+  apply N2Z.is_nonneg.
+Qed.
+ +
+Lemma Z_lt_add_r : ∀ (z : Z) (n : N),
+  (n ≠ 0)%N →
+  z < z + Z.of_N n.
+Proof.
+  move ⇒ z n H_neq_0.
+  suff : (z + Z.of_N 0 < z + Z.of_N n). {
+    rewrite Z.add_0_r //.
+  }
+  apply Z.add_lt_mono_l, N2Z.inj_lt.
+  by apply N.neq_0_lt_0.
+Qed.
+ +
+Lemma Z_lt_le_add_r : ∀ y1 y2 c,
+  y1 < y2 →
+  y1 ≤ y2 + Z.of_N c.
+Proof.
+  intros y1 y2 c H.
+  apply Z.le_trans with (m := y2). {
+    by apply Z.lt_le_incl.
+  } {
+    apply Z_le_add_r.
+  }
+Qed.
+ +
+Lemma Z_to_N_minus_neq_0 : ∀ (x y : Z),
+    y < x →
+    Z.to_N (x - y) ≠ 0%N.
+Proof.
+  intros x y H_y_lt.
+  apply N.neq_0_lt_0.
+  apply N2Z.inj_lt.
+  suff H : 0 < x - y. {
+    rewrite Z2N.id ⇒ //.
+    by apply Z.lt_le_incl.
+  }
+  by apply Z.lt_0_sub.
+Qed.
+ +
+Lemma add_add_sub_eq : ∀ (x y : Z), (x + (y - x) = y).
+Proof.
+  intros x y.
+  rewrite Z.add_sub_assoc ⇒ //.
+  rewrite Z.add_sub_swap Z.sub_diag Z.add_0_l //.
+Qed.
+ +
+Lemma NoDupA_map {A B} : ∀ (eqA : A → A → Prop) (eqB : B → B → Prop) (f : A → B) l,
+  NoDupA eqA l →
+  (∀ x1 x2, List.In x1 l → List.In x2 l →
+                  eqB (f x1) (f x2) → eqA x1 x2) →
+  NoDupA eqB (map f l).
+Proof.
+  intros eqA eqB f.
+  induction l as [| x xs IH]. {
+    move ⇒ _ _; rewrite /=.
+    apply NoDupA_nil.
+  } {
+    move ⇒ H_pre H_eqA_impl.
+    have [H_nin_x H_no_dup_xs] : ¬ InA eqA x xs ∧ NoDupA eqA xs. {
+      by inversion_clear H_pre.
+    }
+    simpl.
+    apply NoDupA_cons; last first. {
+      apply IH ⇒ //.
+      intros x1 x2 H_in_x1 H_in_x2 H_eqB.
+      apply H_eqA_impl ⇒ //=; by right.
+    }
+    move ⇒ H_in_map; apply H_nin_x.
+    move : H_in_map.
+    rewrite !InA_alt ⇒ [[y] [H_eqB_y]].
+    rewrite in_map_iff ⇒ [[y'] [H_y_eq] H_y'_in].
+    subst.
+    âˆƒ y'.
+    split ⇒ //.
+    apply H_eqA_impl ⇒ //. {
+      by simpl; left.
+    } {
+      by simpl; right.
+    }
+  }
+Qed.
+ +
+
+ +
+

rev_map

+ + +
+ + rev_map is used for efficiency. +
+
+Fixpoint rev_map_aux {A B} (f : A → B) (acc : list B) (l : list A) :=
+  match l with
+   | nil ⇒ acc
+   | x :: xs ⇒ rev_map_aux f ((f x)::acc) xs
+  end.
+ +
+Definition rev_map {A B} (f : A → B) (l : list A) : list B := rev_map_aux f nil l.
+ +
+
+ +
+Lemmata about rev_map +
+
+Lemma rev_map_aux_alt_def {A B} : ∀ (f : A → B) l acc,
+  rev_map_aux f acc l = List.rev_append (List.map f l) acc.
+Proof.
+  intro f.
+  induction l as [| x xs IH]. {
+    intros acc.
+    by simpl.
+  } {
+    intros acc.
+    rewrite /= IH //.
+  }
+Qed.
+ +
+Lemma rev_map_alt_def {A B} : ∀ (f : A → B) l,
+  rev_map f l = List.rev (List.map f l).
+Proof.
+  intros f l.
+  rewrite /rev_map rev_map_aux_alt_def -rev_alt //.
+Qed.
+ +
+
+ +
+

Encoding Elements

+ +
+ + We want to encode not only elements of type Z, but other types + as well. In order to do so, an encoding / decoding layer is used. + This layer is represented by module type ElementEncode. It + provides encode and decode function. +
+
+ +
+Module Type ElementEncode.
+  Declare Module E : OrderedType.
+ +
+  Parameter encode : E.t → Z.
+  Parameter decode : Z → E.t.
+ +
+
+ +
+Decoding is the inverse of encoding. Notice that + the reverse is not demanded. This means that + we do need to provide for all integers z an + element e with encode v = z. +
+
+  Axiom decode_encode_ok: ∀ (e : E.t),
+    decode (encode e) = e.
+ +
+
+ +
+Encoding is compatible with the equality of elements. +
+
+  Axiom encode_eq : ∀ (e1 e2 : E.t),
+    (Z.eq (encode e1) (encode e2)) ↔ E.eq e1 e2.
+ +
+
+ +
+Encoding is compatible with the order of elements. +
+
+  Axiom encode_lt : ∀ (e1 e2 : E.t),
+    (Z.lt (encode e1) (encode e2)) ↔ E.lt e1 e2.
+ +
+End ElementEncode.
+ +
+
+ +
+

Set Operations

+ + +
+ + We represent sets of Z via lists of intervals. The intervals are all + in increasing order and non-overlapping. Moreover, we require the most compact + representation, i.e. no two intervals can be merged. For example + +
+ + 0-2, 4-4, 6-8 is a valid interval list for the set {0;1;2;4;6;7;8} + +
+ + In contrast + +
+ + 4-4, 0-2, 6-8 is a invalid because the intervals are not ordered andb + 0-2, 4-5, 6-8 is a invalid because it is not compact (0-2, 4--8 is valid). + +
+ + Intervals we represent by tuples (Z, N). The tuple (z, c) represents the + interval z-(z+c). + +
+ + We apply the encode function before adding an element to such interval sets and + the decode function when checking it. This allows for sets with other element types + than Z. + +
+
+Module Ops (Enc : ElementEncode) <: Ops Enc.E.
+  Definition elt := Enc.E.t.
+  Definition t := list (Z × N).
+ +
+
+ +
+The empty list is trivial to define and check for. +
+
+  Definition empty : t := nil.
+  Definition is_empty (l : t) := match l with nil ⇒ true | _ ⇒ false end.
+ +
+ +
+
+ +
+Defining the list of elements, is much more tricky, especially, + if it needs to be executable. +
+
+  Lemma acc_pred : ∀ n p, n = Npos p → Acc N.lt n → Acc N.lt (N.pred n).
+  Proof.
+    intros n p H0 H1.
+    apply H1.
+    rewrite H0.
+    apply N.lt_pred_l.
+    discriminate.
+  Defined.
+ +
+  Fixpoint fold_elementsZ_aux {A} (f : A → Z → option A) (acc : A) (x : Z) (c : N) (H : Acc N.lt c) { struct H } : (bool × A) :=
+    match c as c0 return c = c0 → (bool × A) with
+    | N0 ⇒ fun _ ⇒ (false, acc)
+    | c ⇒ fun Heq ⇒ match (f acc x) with
+        | None ⇒ (true, acc)
+        | Some acc' ⇒
+          fold_elementsZ_aux f acc' (Z.succ x) (N.pred c) (acc_pred _ _ Heq H) end
+    end (refl_equal _).
+ +
+  Definition fold_elementsZ_single {A} f (acc : A) x c := fold_elementsZ_aux f acc x c (lt_wf_0 _).
+ +
+  Fixpoint fold_elementsZ {A} f (acc : A) (s : t) : (bool × A) :=
+    match s with
+    | nil ⇒ (false, acc)
+    | (x, c) :: s' ⇒
+      match fold_elementsZ_single f acc x c with
+          (false, acc') ⇒ fold_elementsZ f acc' s'
+        | (true, acc') ⇒ (true, acc')
+      end
+    end.
+ +
+  Definition elementsZ (s : t) : list Z :=
+    snd (fold_elementsZ (fun l x ⇒ Some (x :: l)) nil s).
+ +
+  Definition elements (s : t) : list elt :=
+    rev_map Enc.decode (elementsZ s).
+ +
+
+ +
+membership is easily defined +
+
+  Fixpoint memZ (x : Z) (s : t) :=
+    match s with
+    | nil ⇒ false
+    | (y, c) :: l ⇒
+        if (Z.ltb x y) then false else
+        if (Z.ltb x (y+Z.of_N c)) then true else
+        memZ x l
+    end.
+ +
+  Definition mem (x : elt) (s : t) := memZ (Enc.encode x) s.
+ +
+
+ +
+Comparing intervals +
+
+  Inductive interval_compare_result :=
+      ICR_before
+    | ICR_before_touch
+    | ICR_overlap_before
+    | ICR_overlap_after
+    | ICR_equal
+    | ICR_subsume_1
+    | ICR_subsume_2
+    | ICR_after
+    | ICR_after_touch.
+ +
+  Definition interval_compare (i1 i2 : (Z × N)) : interval_compare_result :=
+    match (i1, i2) with ((y1, c1), (y2, c2)) ⇒
+      let yc2 := (y2+Z.of_N c2) in
+      match (Z.compare yc2 y1) with
+        | Lt ⇒ ICR_after
+        | Eq ⇒ ICR_after_touch
+        | Gt ⇒ let yc1 := (y1+Z.of_N c1) in
+                match (Z.compare yc1 y2) with
+                | Lt ⇒ ICR_before
+                | Eq ⇒ ICR_before_touch
+                | Gt ⇒
+                        match (Z.compare y1 y2, Z.compare yc1 yc2) with
+                        | (Lt, Lt) ⇒ ICR_overlap_before
+                        | (Lt, _) ⇒ ICR_subsume_2
+                        | (Eq, Lt) ⇒ ICR_subsume_1
+                        | (Eq, Gt) ⇒ ICR_subsume_2
+                        | (Eq, Eq) ⇒ ICR_equal
+                        | (Gt, Gt) ⇒ ICR_overlap_after
+                        | (Gt, _) ⇒ ICR_subsume_1
+                        end
+                end
+      end
+    end.
+ +
+  Definition interval_1_compare (y1 : Z) (i : (Z × N)) : interval_compare_result :=
+    match i with (y2, c2) ⇒
+      let yc2 := (y2+Z.of_N c2) in
+      match (Z.compare yc2 y1) with
+        | Lt ⇒ ICR_after
+        | Eq ⇒ ICR_after_touch
+        | Gt ⇒ match (Z.compare (Z.succ y1) y2) with
+                | Lt ⇒ ICR_before
+                | Eq ⇒ ICR_before_touch
+                | Gt ⇒ ICR_subsume_1
+                end
+      end
+    end.
+ +
+  Fixpoint compare (s1 s2 : t) :=
+    match (s1, s2) with
+      | (nil, nil) ⇒ Eq
+      | (nil, _ :: _) ⇒ Lt
+      | (_ :: _, nil) ⇒ Gt
+      | ((y1, c1)::s1', (y2, c2)::s2') ⇒
+        match (Z.compare y1 y2) with
+          | Lt ⇒ Lt
+          | Gt ⇒ Gt
+          | Eq ⇒ match N.compare c1 c2 with
+                    | Lt ⇒ Lt
+                    | Gt ⇒ Gt
+                    | Eq ⇒ compare s1' s2'
+                  end
+        end
+    end.
+ +
+
+ +
+Auxiliary functions for inserting at front and merging intervals +
+
+  Definition merge_interval_size (x1 : Z) (c1 : N) (x2 : Z) (c2 : N) : N :=
+    (N.max c1 (Z.to_N (x2 + Z.of_N c2 - x1))).
+ +
+  Fixpoint insert_interval_begin (x : Z) (c : N) (l : t) :=
+    match l with
+    | nil ⇒ (x,c)::nil
+    | (y, c')::l' ⇒
+         match (Z.compare (x + Z.of_N c) y) with
+         | Lt ⇒ (x, c) :: l
+         | Eq ⇒ (x, (c+c')%N) :: l'
+         | Gt ⇒ insert_interval_begin x (merge_interval_size x c y c') l'
+         end
+    end.
+ +
+
+ +
+adding an element needs to be defined carefully again in order to + generate efficient code +
+
+  Fixpoint addZ_aux (acc : list (Z × N)) (x : Z) (s : t) :=
+    match s with
+    | nil ⇒ List.rev' ((x, (1%N))::acc)
+    | (y, c) :: l ⇒
+        match (interval_1_compare x (y,c)) with
+          | ICR_before ⇒ List.rev_append ((x, (1%N))::acc) s
+          | ICR_before_touch ⇒ List.rev_append ((x, N.succ c)::acc) l
+          | ICR_after ⇒ addZ_aux ((y,c) :: acc) x l
+          | ICR_after_touch ⇒ List.rev_append acc (insert_interval_begin y (N.succ c) l)
+          | _ ⇒ List.rev_append ((y, c)::acc) l
+        end
+    end.
+ +
+  Definition addZ x s := addZ_aux nil x s.
+  Definition add x s := addZ (Enc.encode x) s.
+ +
+
+ +
+add_list is a simple extension to add many elements. + This is used to define the function from_elements. +
+
+  Definition add_list (l : list elt) (s : t) : t :=
+     List.fold_left (fun s x ⇒ add x s) l s.
+ +
+  Definition from_elements (l : list elt) : t := add_list l empty.
+ +
+
+ +
+singleton is trivial to define +
+
+  Definition singleton (x : elt) : t := (Enc.encode x, 1%N) :: nil.
+ +
+  Lemma singleton_alt_def : ∀ x, singleton x = add x empty.
+  Proof. by []. Qed.
+ +
+
+ +
+removing needs to be done with code extraction in mind again. +
+
+  Definition insert_intervalZ_guarded (x : Z) (c : N) s :=
+     if (N.eqb c 0) then s else (x, c) :: s.
+ +
+  Fixpoint removeZ_aux (acc : list (Z × N)) (x : Z) (s : t) : t :=
+    match s with
+    | nil ⇒ List.rev' acc
+    | (y, c) :: l ⇒
+        if (Z.ltb x y) then List.rev_append acc s else
+        if (Z.ltb x (y+Z.of_N c)) then (
+           List.rev_append (insert_intervalZ_guarded (Z.succ x)
+              (Z.to_N ((y+Z.of_N c)- (Z.succ x)))
+             (insert_intervalZ_guarded y (Z.to_N (x-y)) acc)) l
+        ) else removeZ_aux ((y,c)::acc) x l
+    end.
+ +
+  Definition removeZ (x : Z) (s : t) : t := removeZ_aux nil x s.
+  Definition remove (x : elt) (s : t) : t := removeZ (Enc.encode x) s.
+ +
+  Definition remove_list (l : list elt) (s : t) : t :=
+     List.fold_left (fun s x ⇒ remove x s) l s.
+ +
+
+ +
+union +
+
+  Fixpoint union_aux (s1 : t) :=
+    fix aux (s2 : t) (acc : list (Z × N)) :=
+    match (s1, s2) with
+    | (nil, _) ⇒ List.rev_append acc s2
+    | (_, nil) ⇒ List.rev_append acc s1
+    | ((y1, c1) :: l1, (y2, c2) :: l2) ⇒
+        match (interval_compare (y1, c1) (y2,c2)) with
+          | ICR_before ⇒ union_aux l1 s2 ((y1, c1)::acc)
+          | ICR_before_touch ⇒
+              union_aux l1 (
+               insert_interval_begin y1 ((c1+c2)%N) l2) acc
+          | ICR_after ⇒ aux l2 ((y2, c2)::acc)
+          | ICR_after_touch ⇒ union_aux l1 (
+              insert_interval_begin y2 ((c1+c2)%N) l2) acc
+          | ICR_overlap_before ⇒
+              union_aux l1 (insert_interval_begin y1 (merge_interval_size y1 c1 y2 c2) l2) acc
+          | ICR_overlap_after ⇒
+              union_aux l1 (insert_interval_begin y2 (merge_interval_size y2 c2 y1 c1) l2) acc
+          | ICR_equal ⇒ union_aux l1 s2 acc
+          | ICR_subsume_1 ⇒ union_aux l1 s2 acc
+          | ICR_subsume_2 ⇒ aux l2 acc
+        end
+    end.
+ +
+  Definition union s1 s2 := union_aux s1 s2 nil.
+ +
+
+ +
+diff +
+
+ +
+  Fixpoint diff_aux (y2 : Z) (c2 : N) (acc : list (Z × N)) (s : t) : (list (Z × N) × t) :=
+    match s with
+    | nil ⇒ (acc, nil)
+    | ((y1, c1) :: l1) ⇒
+        match (interval_compare (y1, c1) (y2,c2)) with
+          | ICR_before ⇒ diff_aux y2 c2 ((y1, c1)::acc) l1
+          | ICR_before_touch ⇒ diff_aux y2 c2 ((y1, c1)::acc) l1
+          | ICR_after ⇒ (acc, s)
+          | ICR_after_touch ⇒ (acc, s)
+          | ICR_overlap_before ⇒ diff_aux y2 c2 ((y1, Z.to_N (y2 - y1))::acc) l1
+          | ICR_overlap_after ⇒ (acc, (y2+Z.of_N c2, Z.to_N ((y1 + Z.of_N c1) - (y2 + Z.of_N c2))) :: l1)
+          | ICR_equal ⇒ (acc, l1)
+          | ICR_subsume_1 ⇒ diff_aux y2 c2 acc l1
+          | ICR_subsume_2 ⇒ ((insert_intervalZ_guarded y1
+                (Z.to_N (y2 - y1)) acc),
+              insert_intervalZ_guarded (y2+Z.of_N c2) (Z.to_N ((y1 + Z.of_N c1) - (y2 + Z.of_N c2))) l1)
+        end
+    end.
+ +
+  Fixpoint diff_aux2 (acc : list (Z × N)) (s1 s2 : t) : (list (Z × N)) :=
+    match (s1, s2) with
+    | (nil, _) ⇒ rev_append acc s1
+    | (_, nil) ⇒ rev_append acc s1
+    | (_, (y2, c2) :: l2) ⇒
+      match diff_aux y2 c2 acc s1 with
+        (acc', s1') ⇒ diff_aux2 acc' s1' l2
+      end
+    end.
+ +
+  Definition diff s1 s2 := diff_aux2 nil s1 s2.
+ +
+
+ +
+subset +
+
+  Fixpoint subset (s1 : t) :=
+    fix aux (s2 : t) :=
+    match (s1, s2) with
+    | (nil, _) ⇒ true
+    | (_ :: _, nil) ⇒ false
+    | ((y1, c1) :: l1, (y2, c2) :: l2) ⇒
+        match (interval_compare (y1, c1) (y2,c2)) with
+          | ICR_before ⇒ false
+          | ICR_before_touch ⇒ false
+          | ICR_after ⇒ aux l2
+          | ICR_after_touch ⇒ false
+          | ICR_overlap_before ⇒ false
+          | ICR_overlap_after ⇒ false
+          | ICR_equal ⇒ subset l1 l2
+          | ICR_subsume_1 ⇒ subset l1 s2
+          | ICR_subsume_2 ⇒ false
+        end
+    end.
+ +
+
+ +
+equal +
+
+  Fixpoint equal (s s' : t) : bool := match s, s' with
+    | nil, nil ⇒ true
+    | ((x,cx)::xs), ((y,cy)::ys) ⇒ andb (Z.eqb x y) (andb (N.eqb cx cy) (equal xs ys))
+    | _, _ ⇒ false
+  end.
+ +
+
+ +
+inter +
+
+  Fixpoint inter_aux (y2 : Z) (c2 : N) (acc : list (Z × N)) (s : t) : (list (Z × N) × t) :=
+    match s with
+    | nil ⇒ (acc, nil)
+    | ((y1, c1) :: l1) ⇒
+        match (interval_compare (y1, c1) (y2,c2)) with
+          | ICR_before ⇒ inter_aux y2 c2 acc l1
+          | ICR_before_touch ⇒ inter_aux y2 c2 acc l1
+          | ICR_after ⇒ (acc, s)
+          | ICR_after_touch ⇒ (acc, s)
+          | ICR_overlap_before ⇒ inter_aux y2 c2 ((y2, Z.to_N (y1 + Z.of_N c1 - y2))::acc) l1
+          | ICR_overlap_after ⇒ ((y1, Z.to_N (y2 + Z.of_N c2 - y1))::acc, s)
+          | ICR_equal ⇒ ((y1,c1)::acc, l1)
+          | ICR_subsume_1 ⇒ inter_aux y2 c2 ((y1, c1)::acc) l1
+          | ICR_subsume_2 ⇒ ((y2, c2)::acc, s)
+        end
+    end.
+ +
+  Fixpoint inter_aux2 (acc : list (Z × N)) (s1 s2 : t) : (list (Z × N)) :=
+    match (s1, s2) with
+    | (nil, _) ⇒ List.rev' acc
+    | (_, nil) ⇒ List.rev' acc
+    | (_, (y2, c2) :: l2) ⇒
+      match inter_aux y2 c2 acc s1 with
+        (acc', s1') ⇒ inter_aux2 acc' s1' l2
+      end
+    end.
+ +
+  Definition inter s1 s2 := inter_aux2 nil s1 s2.
+ +
+
+ +
+Partition and filter +
+
+ +
+  Definition partitionZ_fold_insert
+             (cur : option (Z × N)) (x : Z) :=
+    match cur with
+       None ⇒ (x, 1%N)
+     | Some (y, c) ⇒ (y, N.succ c)
+    end.
+ +
+  Definition partitionZ_fold_skip (acc : list (Z × N))
+             (cur : option (Z × N)) : (list (Z × N)) :=
+    match cur with
+       None ⇒ acc
+     | Some yc ⇒ yc::acc
+    end.
+ +
+  Definition partitionZ_fold_fun f st (x : Z) :=
+    match st with ((acc_t, c_t), (acc_f, c_f)) ⇒
+      if (f x) then
+        ((acc_t, Some (partitionZ_fold_insert c_t x)),
+         (partitionZ_fold_skip acc_f c_f, None))
+      else
+        ((partitionZ_fold_skip acc_t c_t, None),
+         (acc_f, Some (partitionZ_fold_insert c_f x)))
+    end.
+ +
+  Definition partitionZ_single_aux f st (x : Z) (c : N) :=
+    snd (fold_elementsZ_single (fun st x ⇒ Some (partitionZ_fold_fun f st x)) st x c).
+ +
+  Definition partitionZ_single f acc_t acc_f x c :=
+    match partitionZ_single_aux f ((acc_t, None), (acc_f, None)) x c with
+    | ((acc_t, c_t), (acc_f, c_f)) ⇒
+        (partitionZ_fold_skip acc_t c_t,
+         partitionZ_fold_skip acc_f c_f)
+    end.
+ +
+  Fixpoint partitionZ_aux acc_t acc_f f s :=
+    match s with
+    | nil ⇒ (List.rev acc_t, List.rev acc_f)
+    | (y, c) :: s' ⇒
+      match partitionZ_single f acc_t acc_f y c with
+      | (acc_t', acc_f') ⇒ partitionZ_aux acc_t' acc_f' f s'
+      end
+    end.
+ +
+  Definition partitionZ := partitionZ_aux nil nil.
+ +
+  Definition partition (f : elt → bool) : t → (t × t) :=
+    partitionZ (fun z ⇒ f (Enc.decode z)).
+ +
+  Definition filterZ_fold_fun f st (x : Z) :=
+    match st with (acc_t, c_t) ⇒
+      if (f x) then
+        (acc_t, Some (partitionZ_fold_insert c_t x))
+      else
+        (partitionZ_fold_skip acc_t c_t, None)
+    end.
+ +
+  Definition filterZ_single_aux f st (x : Z) (c : N) :=
+    snd (fold_elementsZ_single (fun st x ⇒ Some (filterZ_fold_fun f st x)) st x c).
+ +
+  Definition filterZ_single f acc x c :=
+    match filterZ_single_aux f (acc, None) x c with
+    | (acc, c) ⇒
+        (partitionZ_fold_skip acc c)
+    end.
+ +
+  Fixpoint filterZ_aux acc f s :=
+    match s with
+    | nil ⇒ (List.rev acc)
+    | (y, c) :: s' ⇒
+      filterZ_aux (filterZ_single f acc y c) f s'
+    end.
+ +
+  Definition filterZ := filterZ_aux nil.
+ +
+  Definition filter (f : elt → bool) : t → t :=
+    filterZ (fun z ⇒ f (Enc.decode z)).
+ +
+ +
+
+ +
+Simple wrappers +
+
+ +
+  Definition fold {B : Type} (f : elt → B → B) (s : t) (i : B) : B :=
+    snd (fold_elementsZ (fun b z ⇒ Some (f (Enc.decode z) b)) i s).
+ +
+  Definition for_all (f : elt → bool) (s : t) : bool :=
+    snd (fold_elementsZ (fun b z ⇒
+      if b then
+        Some (f (Enc.decode z))
+      else None) true s).
+ +
+  Definition exists_ (f : elt → bool) (s : t) : bool :=
+    snd (fold_elementsZ (fun b z ⇒
+      if b then
+        None
+      else Some (f (Enc.decode z))) false s).
+ +
+  Fixpoint cardinalN c (s : t) : N := match s with
+    | nil ⇒ c
+    | (_,cx)::xs ⇒ cardinalN (c + cx)%N xs
+  end.
+ +
+  Definition cardinal (s : t) : nat := N.to_nat (cardinalN (0%N) s).
+ +
+  Definition min_eltZ (s : t) : option Z :=
+    match s with
+    | nil ⇒ None
+    | (x, _) :: _ ⇒ Some x
+    end.
+ +
+  Definition min_elt (s : t) : option elt :=
+    match (min_eltZ s) with
+    | None ⇒ None
+    | Some x ⇒ Some (Enc.decode x)
+    end.
+ +
+  Definition choose := min_elt.
+ +
+  Fixpoint max_eltZ (s : t) : option Z :=
+    match s with
+    | nil ⇒ None
+    | (x, c) :: nil ⇒ Some (Z.pred (x + Z.of_N c))
+    | (x, _) :: s' ⇒ max_eltZ s'
+    end.
+ +
+  Definition max_elt (s : t) : option elt :=
+    match (max_eltZ s) with
+    | None ⇒ None
+    | Some x ⇒ Some (Enc.decode x)
+    end.
+ +
+End Ops.
+ +
+
+ +
+

Raw Module

+ + +
+ + Following the idea of MSetInterface.RawSets, we first + define a module Raw proves all the required properties with + respect to an explicitly provided invariant. In a next step, this + invariant is then moved into the set type. This allows to instantiate + the WSetsOn interface. +
+
+Module Raw (Enc : ElementEncode).
+  Include (Ops Enc).
+ +
+
+ +
+

Defining invariant IsOk

+ +
+
+  Definition is_encoded_elems_list (l : list Z) : Prop :=
+    (∀ x, List.In x l → ∃ e, Enc.encode e = x).
+ +
+  Definition interval_list_elements_greater (x : Z) (l : t) : bool :=
+    match l with
+      | nil ⇒ true
+      | (y, _)::_ ⇒ Z.ltb x y
+    end.
+ +
+  Fixpoint interval_list_invariant (l : t) :=
+   match l with
+   | nil ⇒ true
+   | (x, c) :: l' ⇒
+       interval_list_elements_greater (x + (Z.of_N c)) l' && negb (N.eqb c 0) && interval_list_invariant l'
+   end.
+ +
+  Definition IsOk s := (interval_list_invariant s = true ∧ is_encoded_elems_list (elementsZ s)).
+ +
+
+ +
+

Defining notations

+ +
+
+  Section ForNotations.
+ +
+    Class Ok (s:t) : Prop := ok : IsOk s.
+    Instance IsOk_Ok s `(Hs : IsOk s) : Ok s := { ok := Hs }.
+ +
+    Definition In x s := (SetoidList.InA Enc.E.eq x (elements s)).
+    Definition InZ x s := (List.In x (elementsZ s)).
+    Definition Equal s s' := ∀ a : elt, In a s ↔ In a s'.
+    Definition Subset s s' := ∀ a : elt, In a s → In a s'.
+    Definition Empty s := ∀ a : elt, ¬ In a s.
+    Definition For_all (P : elt → Prop) s := ∀ x, In x s → P x.
+    Definition Exists (P : elt → Prop) (s : t) := ∃ x, In x s ∧ P x.
+ +
+  End ForNotations.
+ +
+
+ +
+

elements list properties

+ + +
+ + The functions elementsZ, elementsZ_single, + elements and elements_single are crucial and used + everywhere. Therefore, we first establish a few properties of + these important functions. +
+
+ +
+  Lemma elementsZ_nil : (elementsZ (nil : t) = nil).
+  Proof. done. Qed.
+ +
+  Lemma elements_nil : (elements (nil : t) = nil).
+  Proof. done. Qed.
+ +
+  Definition elementsZ_single (x:Z) (c:N) :=
+      List.rev' (N.peano_rec (fun _ ⇒ list Z)
+                  nil (fun n ls ⇒ (x+Z.of_N n)%Z :: ls) c).
+ +
+  Definition elements_single x c :=
+    List.map Enc.decode (elementsZ_single x c).
+ +
+  Lemma elementsZ_single_base : ∀ x,
+    elementsZ_single x (0%N) = nil.
+  Proof. done. Qed.
+ +
+  Lemma elementsZ_single_succ : ∀ x c,
+    elementsZ_single x (N.succ c) =
+    elementsZ_single x c ++ (x+Z.of_N c)::nil.
+  Proof.
+    intros x c.
+    rewrite /elementsZ_single N.peano_rec_succ /rev' -!rev_alt //.
+  Qed.
+ +
+  Lemma elementsZ_single_add : ∀ x c2 c1,
+    elementsZ_single x (c1 + c2)%N =
+    elementsZ_single x c1 ++ elementsZ_single (x+Z.of_N c1) c2.
+  Proof.
+    intros x.
+    induction c2 as [| c2' IH] using N.peano_ind. {
+      move ⇒ c1.
+      rewrite elementsZ_single_base /= app_nil_r N.add_0_r //.
+    } {
+      move ⇒ c1.
+      rewrite N.add_succ_r !elementsZ_single_succ IH app_assoc N2Z.inj_add Z.add_assoc //.
+    }
+  Qed.
+ +
+  Lemma elementsZ_single_succ_front : ∀ x c,
+    elementsZ_single x (N.succ c) =
+    x :: elementsZ_single (Z.succ x) c.
+  Proof.
+    intros x c.
+    rewrite -N.add_1_l elementsZ_single_add.
+    rewrite N.one_succ elementsZ_single_succ elementsZ_single_base /= Z.add_0_r.
+    by rewrite Z.add_1_r.
+  Qed.
+ +
+  Lemma In_elementsZ_single : ∀ c y x,
+    List.In y (elementsZ_single x c) ↔
+    (x ≤ y) ∧ (y < (x+Z.of_N c)).
+  Proof.
+    induction c as [| c' IH] using N.peano_ind. {
+      intros y x.
+      rewrite elementsZ_single_base Z.add_0_r /=.
+      lia.
+    } {
+      intros y x.
+      rewrite elementsZ_single_succ in_app_iff IH /= N2Z.inj_succ Z.add_succ_r Z.lt_succ_r.
+      split. {
+        move ⇒ [ | []] //. {
+          move ⇒ [H_x_le H_y_le].
+          lia.
+        } {
+          move ⇒ <-.
+          split.
+            - by apply Z_le_add_r.
+            - by apply Z.le_refl.
+        }
+      } {
+        move ⇒ [H_x_le] H_y_lt.
+        lia.
+      }
+    }
+  Qed.
+ +
+  Lemma In_elementsZ_single1 : ∀ y x,
+    List.In y (elementsZ_single x (1%N)) ↔
+    (x = y).
+  Proof.
+    intros y x.
+    rewrite In_elementsZ_single /= Z.add_1_r Z.lt_succ_r.
+    lia.
+  Qed.
+ +
+  Lemma length_elementsZ_single : ∀ cx x,
+    length (elementsZ_single x cx) = N.to_nat cx.
+  Proof.
+    induction cx as [| cx' IH] using N.peano_ind. {
+      by simpl.
+    } {
+      intros x.
+      rewrite elementsZ_single_succ_front /=.
+      rewrite IH N2Nat.inj_succ //.
+    }
+  Qed.
+ +
+  Lemma fold_elementsZ_aux_irrel {A} :
+    âˆ€ f c (acc : A) x H1 H2,
+      fold_elementsZ_aux f acc x c H1 =
+      fold_elementsZ_aux f acc x c H2.
+  Proof.
+    intros f c.
+    induction c as [c IH] using (well_founded_ind lt_wf_0).
+    case_eq c. {
+      intros H_c acc x; case; intro H_H1; case; intro H_H2.
+      reflexivity.
+    } {
+      intros p H_c acc x; case; intro H_H1; case; intro H_H2.
+      unfold fold_elementsZ_aux; fold (@fold_elementsZ_aux A).
+      case (f acc x) ⇒ // acc'.
+      apply IH.
+      rewrite H_c.
+      apply N.lt_pred_l.
+      discriminate.
+    }
+  Qed.
+ +
+  Lemma fold_elementsZ_single_pos {A} : ∀ f (acc : A) x p,
+    fold_elementsZ_single f acc x (N.pos p) =
+    match f acc x with
+    | Some acc' ⇒
+        fold_elementsZ_single f acc' (Z.succ x)
+         (N.pred (N.pos p))
+    | None ⇒ (true, acc)
+    end.
+  Proof.
+    intros f acc x p.
+    unfold fold_elementsZ_single.
+    unfold fold_elementsZ_aux.
+    case: (lt_wf_0 _).
+    fold (@fold_elementsZ_aux A).
+    intro.
+    case (f acc x) ⇒ // acc'.
+    apply fold_elementsZ_aux_irrel.
+  Qed.
+ +
+  Lemma fold_elementsZ_single_zero {A} : ∀ f (acc : A) x,
+      fold_elementsZ_single f acc x (0%N) = (false, acc).
+  Proof.
+    intros f acc x.
+    unfold fold_elementsZ_single.
+    case (lt_wf_0 (0%N)); intro.
+    unfold fold_elementsZ_aux.
+    reflexivity.
+  Qed.
+ +
+  Lemma fold_elementsZ_single_succ {A} : ∀ f (acc : A) x c,
+    fold_elementsZ_single f acc x (N.succ c) =
+    match f acc x with
+      | Some acc' ⇒
+          fold_elementsZ_single f acc' (Z.succ x) c
+      | None ⇒ (true, acc)
+    end.
+  Proof.
+    intros f acc x c.
+    case c. {
+      by rewrite fold_elementsZ_single_pos.
+    } {
+      intro p; simpl.
+      rewrite fold_elementsZ_single_pos.
+      case (f acc x) ⇒ // acc' /=.
+      by rewrite Pos.pred_N_succ.
+    }
+  Qed.
+ +
+  Fixpoint fold_opt {A B} f (acc : A) (bs : list B) : (bool × A) :=
+    match bs with
+      | nil ⇒ (false, acc)
+      | (b :: bs') ⇒
+        match f acc b with
+        | Some acc' ⇒ fold_opt f acc' bs'
+        | None ⇒ (true, acc)
+        end
+    end.
+ +
+  Lemma fold_opt_list_cons : ∀ {A} (bs : list A) (acc : list A),
+    fold_opt (fun l x ⇒ Some (x :: l)) acc bs =
+    (false, List.rev bs ++ acc).
+  Proof.
+    induction bs as [| b bs' IH] ⇒ acc. {
+      by simpl.
+    } {
+      rewrite /= IH -app_assoc //.
+    }
+  Qed.
+ +
+  Lemma fold_opt_app {A B} : ∀ f (acc : A) (l1 l2 : list B),
+    fold_opt f acc (l1 ++ l2) =
+    (let (ab, acc') := fold_opt f acc l1 in
+     if ab then (true, acc') else fold_opt f acc' l2).
+  Proof.
+    intros f acc l1 l2.
+    move : acc.
+    induction l1 as [| b l1' IH] ⇒ acc. {
+      rewrite app_nil_l //.
+    } {
+      rewrite /=.
+      case (f acc b); last done.
+      intro acc'.
+      rewrite IH //.
+    }
+  Qed.
+ +
+ +
+  Lemma fold_elementsZ_single_alt_def {A} : ∀ f c (acc : A) x,
+     fold_elementsZ_single f acc x c =
+     fold_opt f acc (elementsZ_single x c).
+  Proof.
+    intro f.
+    induction c as [| c' IH] using N.peano_ind. {
+      intros acc x.
+      rewrite fold_elementsZ_single_zero
+              elementsZ_single_base /fold_opt //.
+    } {
+      intros acc x.
+      rewrite fold_elementsZ_single_succ
+              elementsZ_single_succ_front /=.
+      case (f acc x); last reflexivity.
+      intro acc'.
+      apply IH.
+    }
+  Qed.
+ +
+  Lemma fold_elementsZ_nil {A} : ∀ f (acc : A),
+     fold_elementsZ f acc nil = (false, acc).
+  Proof. done. Qed.
+ +
+  Lemma fold_elementsZ_cons {A} : ∀ f (acc : A) y c s,
+    fold_elementsZ f acc ((y, c)::s) =
+    (let (ab, acc') := fold_elementsZ_single f acc y c in
+     if ab then (true, acc') else fold_elementsZ f acc' s).
+  Proof.
+    intros f acc y c s.
+    done.
+  Qed.
+ +
+  Lemma fold_elementsZ_alt_def_aux : ∀ (s : t) base,
+    (snd (fold_elementsZ
+      (fun (l : list Z) (x : Z) ⇒ Some (x :: l)) base s)) =
+    elementsZ s ++ base.
+  Proof.
+    induction s as [| [y1 c1] s' IH] ⇒ base. {
+      rewrite elementsZ_nil /fold_elementsZ /fold_opt /snd
+        app_nil_l //.
+    } {
+      rewrite /elementsZ !fold_elementsZ_cons.
+      rewrite !fold_elementsZ_single_alt_def !fold_opt_list_cons.
+      rewrite !IH app_nil_r app_assoc //.
+    }
+  Qed.
+ +
+ +
+  Lemma fold_elementsZ_alt_def {A} : ∀ f s (acc : A),
+     fold_elementsZ f acc s =
+     fold_opt f acc (rev (elementsZ s)).
+  Proof.
+    intro f.
+    induction s as [| [y1 c1] s' IH] ⇒ acc. {
+      by simpl.
+    } {
+      rewrite /elementsZ !fold_elementsZ_cons.
+      rewrite !fold_elementsZ_single_alt_def
+              fold_opt_list_cons app_nil_r
+              fold_elementsZ_alt_def_aux rev_app_distr
+              rev_involutive fold_opt_app.
+      case (fold_opt f acc (elementsZ_single y1 c1)).
+      move ⇒ [] //.
+    }
+  Qed.
+ +
+  Lemma elementsZ_cons : ∀ x c s, elementsZ (((x, c) :: s) : t) =
+     ((elementsZ s) ++ (List.rev (elementsZ_single x c))).
+  Proof.
+    intros x c s.
+    rewrite /elementsZ fold_elementsZ_cons
+            !fold_elementsZ_alt_def
+            fold_elementsZ_single_alt_def.
+    rewrite !fold_opt_list_cons.
+    rewrite !app_nil_r !rev_involutive /=.
+    rewrite fold_elementsZ_alt_def_aux //.
+  Qed.
+ +
+  Lemma elements_cons : ∀ x c s, elements (((x, c) :: s) : t) =
+     ((elements_single x c) ++ elements s).
+  Proof.
+    intros x c s.
+    rewrite /elements /elements_single elementsZ_cons.
+    rewrite !rev_map_alt_def map_app rev_app_distr map_rev rev_involutive //.
+  Qed.
+ +
+  Lemma elementsZ_app : ∀ (s1 s2 : t), elementsZ (s1 ++ s2) =
+     ((elementsZ s2) ++ (elementsZ s1)).
+  Proof.
+    induction s1 as [| [x1 c1] s1 IH1]. {
+      move ⇒ s2.
+      rewrite elementsZ_nil app_nil_r //.
+    }
+    move ⇒ s2.
+    rewrite -app_comm_cons !elementsZ_cons IH1 -app_assoc //.
+  Qed.
+ +
+  Lemma InZ_nil : ∀ y, InZ y nil ↔ False.
+  Proof.
+    intro y.
+    done.
+  Qed.
+ +
+  Lemma InZ_cons : ∀ y x c s, InZ y (((x, c) :: s) : t) ↔
+     List.In y (elementsZ_single x c) ∨ InZ y s.
+  Proof.
+    intros y x c s.
+    rewrite /InZ elementsZ_cons in_app_iff -in_rev.
+    firstorder.
+  Qed.
+ +
+  Lemma InZ_app : ∀ s1 s2 y,
+     InZ y (s1 ++ s2) ↔ InZ y s1 ∨ InZ y s2.
+  Proof.
+    intros s1 s2 y.
+    rewrite /InZ elementsZ_app in_app_iff.
+    tauto.
+  Qed.
+ +
+  Lemma InZ_rev : ∀ s y,
+     InZ y (List.rev s) ↔ InZ y s.
+  Proof.
+    intros s x.
+    rewrite /InZ.
+    induction s as [| [y c] s' IH]; first done.
+    simpl.
+    rewrite elementsZ_app in_app_iff IH.
+    rewrite !elementsZ_cons !in_app_iff elementsZ_nil
+            -!in_rev /=.
+    tauto.
+  Qed.
+ +
+  Lemma In_elementsZ_single_dec : ∀ y x c,
+    {List.In y (elementsZ_single x c)} +
+    {¬ List.In y (elementsZ_single x c)}.
+  Proof.
+    intros y x c.
+    case (Z_le_dec x y); last first. {
+      right; rewrite In_elementsZ_single; tauto.
+    }
+    case (Z_lt_dec y (x + Z.of_N c)); last first. {
+      right; rewrite In_elementsZ_single; tauto.
+    }
+    left; rewrite In_elementsZ_single; tauto.
+  Qed.
+ +
+  Lemma InZ_dec : ∀ y s,
+     {InZ y s} + {¬InZ y s}.
+  Proof.
+    intros y.
+    induction s as [| [x c] s IH]. {
+      by right.
+    }
+    move : IH ⇒ [] IH. {
+      by left; rewrite InZ_cons; right.
+    }
+    case (In_elementsZ_single_dec y x c). {
+      by left; rewrite InZ_cons; left.
+    } {
+      by right; rewrite InZ_cons; tauto.
+    }
+  Qed.
+ +
+  Lemma In_elementsZ_single_hd : ∀ (c : N) x, (c ≠ 0)%N → List.In x (elementsZ_single x c).
+  Proof.
+    intros c x H_c_neq.
+    rewrite In_elementsZ_single.
+    split. {
+      apply Z.le_refl.
+    } {
+      apply Z.lt_add_pos_r.
+      have → : 0 = Z.of_N (0%N) by [].
+      apply N2Z.inj_lt.
+      by apply N.neq_0_lt_0.
+    }
+  Qed.
+ +
+ +
+
+ +
+

comparing intervals

+ +
+
+ +
+  Ltac Z_named_compare_cases H := match goal with
+    | [ |- context [Z.compare ?z1 ?z2] ] ⇒
+      case_eq (Z.compare z1 z2); [move ⇒ /Z.compare_eq_iff | move ⇒ /Z.compare_lt_iff | move ⇒ /Z.compare_gt_iff]; move ⇒ H //
+  end.
+ +
+  Ltac Z_compare_cases := let H := fresh "H" in Z_named_compare_cases H.
+ +
+  Lemma interval_compare_elim : ∀ (y1 : Z) (c1 : N) (y2 : Z) (c2 : N),
+    match (interval_compare (y1, c1) (y2, c2)) with
+      | ICR_before ⇒ (y1 + Z.of_N c1) < y2
+      | ICR_before_touch ⇒ (y1 + Z.of_N c1) = y2
+      | ICR_after ⇒ (y2 + Z.of_N c2) < y1
+      | ICR_after_touch ⇒ (y2 + Z.of_N c2) = y1
+      | ICR_equal ⇒ (y1 = y2) ∧ (c1 = c2)
+      | ICR_overlap_before ⇒ (y1 < y2) ∧ (y2 < y1 + Z.of_N c1) ∧ (y1 + Z.of_N c1 < y2 + Z.of_N c2)
+      | ICR_overlap_after ⇒ (y2 < y1) ∧ (y1 < y2 + Z.of_N c2) ∧ (y2 + Z.of_N c2 < y1 + Z.of_N c1)
+      | ICR_subsume_1 ⇒ (y2 ≤ y1) ∧ (y1 + Z.of_N c1 ≤ y2 + Z.of_N c2) ∧ (y2 < y1 ∨ y1 + Z.of_N c1 < y2 + Z.of_N c2)
+      | ICR_subsume_2 ⇒ (y1 ≤ y2) ∧ (y2 + Z.of_N c2 ≤ y1 + Z.of_N c1) ∧ (y1 < y2 ∨ y2 + Z.of_N c2 < y1 + Z.of_N c1)
+    end.
+  Proof.
+    intros y1 c1 y2 c2.
+    rewrite /interval_compare.
+    (repeat Z_compare_cases); subst; repeat split;
+       try (by apply Z.eq_le_incl);
+       try (by apply Z.lt_le_incl);
+       try (by left); try (by right).
+ +
+    apply Z.add_reg_l in H2.
+    by apply N2Z.inj.
+  Qed.
+ +
+  Lemma interval_compare_swap : ∀ (y1 : Z) (c1 : N) (y2 : Z) (c2 : N),
+    (c1 ≠ 0%N) ∨ (c2 ≠ 0%N) →
+    interval_compare (y2, c2) (y1, c1) =
+    match (interval_compare (y1, c1) (y2, c2)) with
+      | ICR_before ⇒ ICR_after
+      | ICR_before_touch ⇒ ICR_after_touch
+      | ICR_after ⇒ ICR_before
+      | ICR_after_touch ⇒ ICR_before_touch
+      | ICR_equal ⇒ ICR_equal
+      | ICR_overlap_before ⇒ ICR_overlap_after
+      | ICR_overlap_after ⇒ ICR_overlap_before
+      | ICR_subsume_1 ⇒ ICR_subsume_2
+      | ICR_subsume_2 ⇒ ICR_subsume_1
+    end.
+  Proof.
+    intros y1 c1 y2 c2 H_c12_neq_0.
+    rewrite /interval_compare.
+    move : (Z.compare_antisym y1 y2) ⇒ →.
+    move : (Z.compare_antisym (y1 + Z.of_N c1) (y2 + Z.of_N c2)) ⇒ →.
+    have H_suff : y1 + Z.of_N c1 ≤ y2 → y2 + Z.of_N c2 ≤ y1 → False. {
+      move ⇒ H1 H2.
+      case H_c12_neq_0 ⇒ H_c_neq_0. {
+        suff : (y1 + Z.of_N c1 ≤ y1). {
+          apply Z.nle_gt.
+          by apply Z_lt_add_r.
+        }
+        eapply Z.le_trans; eauto.
+        eapply Z.le_trans; eauto.
+        apply Z_le_add_r.
+      } {
+        suff : (y2 + Z.of_N c2 ≤ y2). {
+          apply Z.nle_gt.
+          by apply Z_lt_add_r.
+        }
+        eapply Z.le_trans; eauto.
+        eapply Z.le_trans; eauto.
+        apply Z_le_add_r.
+      }
+    }
+    repeat Z_compare_cases. {
+      exfalso; apply H_suff.
+        - by rewrite H; apply Z.le_refl.
+        - by rewrite H0; apply Z.le_refl.
+    } {
+      exfalso; apply H_suff.
+        - by rewrite H; apply Z.le_refl.
+        - by apply Z.lt_le_incl.
+    } {
+      exfalso; apply H_suff.
+        - by apply Z.lt_le_incl.
+        - by rewrite H0; apply Z.le_refl.
+    } {
+      exfalso; apply H_suff.
+        - by apply Z.lt_le_incl.
+        - by apply Z.lt_le_incl.
+    }
+  Qed.
+ +
+  Lemma interval_1_compare_alt_def : ∀ (y : Z) (i : (Z × N)),
+    interval_1_compare y i = match (interval_compare (y, (1%N)) i) with
+      | ICR_equal ⇒ ICR_subsume_1
+      | ICR_subsume_1 ⇒ ICR_subsume_1
+      | ICR_subsume_2 ⇒ ICR_subsume_1
+      | r ⇒ r
+    end.
+  Proof.
+    move ⇒ y1 [y2 c2].
+    rewrite /interval_1_compare /interval_compare.
+    replace (y1 + Z.of_N 1) with (Z.succ y1); last done.
+    repeat Z_compare_cases. {
+      contradict H1.
+      by apply Zle_not_lt, Zlt_succ_le.
+    } {
+      contradict H.
+      by apply Zle_not_lt, Zlt_succ_le.
+    }
+  Qed.
+ +
+  Lemma interval_1_compare_elim : ∀ (y1 : Z) (y2 : Z) (c2 : N),
+    match (interval_1_compare y1 (y2, c2)) with
+      | ICR_before ⇒ Z.succ y1 < y2
+      | ICR_before_touch ⇒ y2 = Z.succ y1
+      | ICR_after ⇒ (y2 + Z.of_N c2) < y1
+      | ICR_after_touch ⇒ (y2 + Z.of_N c2) = y1
+      | ICR_equal ⇒ False
+      | ICR_overlap_before ⇒ False
+      | ICR_overlap_after ⇒ False
+      | ICR_subsume_1 ⇒ (c2 = 0%N) ∨ ((y2 ≤ y1) ∧ (y1 < y2 + Z.of_N c2))
+      | ICR_subsume_2 ⇒ False
+    end.
+  Proof.
+    intros y1 y2 c2.
+    move : (interval_compare_elim y1 (1%N) y2 c2).
+    rewrite interval_1_compare_alt_def.
+    have H_succ: ∀ z, z + Z.of_N 1 = Z.succ z by done.
+ +
+    case_eq (interval_compare (y1, 1%N) (y2, c2)) ⇒ H_comp;
+      rewrite ?H_succ ?Z.lt_succ_r ?Z.le_succ_l //. {
+      move ⇒ [H_lt] [H_le] _.
+      contradict H_lt.
+      by apply Zle_not_lt.
+    } {
+      move ⇒ [_] [H_lt] H_le.
+      contradict H_lt.
+      by apply Zle_not_lt.
+    } {
+      move ⇒ [->] <-.
+      rewrite ?Z.lt_succ_r.
+      right.
+      split; apply Z.le_refl.
+    } {
+      tauto.
+    } {
+      case (N.zero_or_succ c2). {
+        move ⇒ → _; by left.
+      } {
+        move ⇒ [c2'] →.
+        rewrite !N2Z.inj_succ Z.add_succ_r -Z.succ_le_mono Z.le_succ_l.
+        move ⇒ [H_y1_le] [H_le_y1].
+        suff → : y1 = y2. {
+          move ⇒ [] H_pre; contradict H_pre. {
+            apply Z.lt_irrefl.
+          } {
+            apply Zle_not_lt, Z_le_add_r.
+          }
+        }
+        apply Z.le_antisymm ⇒ //.
+        eapply Z.le_trans; last apply H_le_y1.
+        apply Z_le_add_r.
+      }
+    }
+  Qed.
+ +
+
+ +
+

Alternative definition of addZ

+ +
+
+  Lemma addZ_aux_alt_def : ∀ x s acc,
+    addZ_aux acc x s = (List.rev acc) ++ addZ x s.
+  Proof.
+    intros y1 s.
+    unfold addZ.
+    induction s as [| [y2 c2] s' IH] ⇒ acc. {
+      rewrite /addZ_aux /addZ /= /rev' !rev_append_rev /= app_nil_r //.
+    } {
+      unfold addZ_aux.
+      case (interval_1_compare y1 (y2, c2)); fold addZ_aux;
+        rewrite ?rev_append_rev /= ?app_assoc_reverse //.
+      rewrite (IH ((y2,c2)::acc)) (IH ((y2,c2)::nil)).
+      rewrite /= app_assoc_reverse //.
+    }
+  Qed.
+ +
+  Lemma addZ_alt_def : ∀ x s,
+    addZ x s =
+    match s with
+    | nil ⇒ (x, (1%N))::nil
+    | (y, c) :: l ⇒
+        match (interval_1_compare x (y,c)) with
+          | ICR_before ⇒ (x, (1%N))::s
+          | ICR_before_touch ⇒ (x, N.succ c)::l
+          | ICR_after ⇒ (y,c)::(addZ x l)
+          | ICR_after_touch ⇒ insert_interval_begin y (N.succ c) l
+          | _ ⇒ (y, c)::l
+        end
+    end.
+  Proof.
+    intros x s.
+    rewrite /addZ.
+    case s ⇒ //.
+    move ⇒ [y c] s'.
+    unfold addZ_aux.
+    case (interval_1_compare x (y, c)); fold addZ_aux;
+      rewrite ?rev_append_rev /= ?app_assoc_reverse //.
+    rewrite addZ_aux_alt_def //.
+  Qed.
+ +
+ +
+
+ +
+

Auxiliary Lemmata about Invariant

+ +
+
+ +
+  Lemma interval_list_elements_greater_cons : ∀ z x c s,
+    interval_list_elements_greater z ((x, c) :: s) = true ↔
+    (z < x).
+  Proof.
+    intros z x c s.
+    rewrite /=.
+    apply Z.ltb_lt.
+  Qed.
+ +
+  Lemma interval_list_elements_greater_impl : ∀ x y s,
+    (y ≤ x) →
+    interval_list_elements_greater x s = true →
+    interval_list_elements_greater y s = true.
+  Proof.
+    intros x y s.
+    case s ⇒ //.
+    move ⇒ [z c] s'.
+    rewrite /interval_list_elements_greater.
+    move ⇒ H_y_leq /Z.ltb_lt H_x_lt.
+    apply Z.ltb_lt.
+    eapply Z.le_lt_trans; eauto.
+  Qed.
+ +
+  Lemma interval_list_invariant_nil : interval_list_invariant nil = true.
+  Proof.
+    by [].
+  Qed.
+ +
+  Lemma Ok_nil : Ok nil ↔ True.
+  Proof.
+    rewrite /Ok /IsOk /interval_list_invariant /is_encoded_elems_list //.
+  Qed.
+ +
+  Lemma is_encoded_elems_list_app : ∀ l1 l2,
+    is_encoded_elems_list (l1 ++ l2) ↔
+    (is_encoded_elems_list l1 ∧ is_encoded_elems_list l2).
+  Proof.
+    intros l1 l2.
+    rewrite /is_encoded_elems_list.
+    setoid_rewrite in_app_iff.
+    split; firstorder.
+  Qed.
+ +
+  Lemma is_encoded_elems_list_rev : ∀ l,
+    is_encoded_elems_list (List.rev l) ↔
+    is_encoded_elems_list l.
+  Proof.
+    intros l.
+    rewrite /is_encoded_elems_list.
+    split; (
+      move ⇒ H x H_in;
+      apply H;
+      move : H_in;
+      rewrite -in_rev ⇒ //
+    ).
+  Qed.
+ +
+  Lemma interval_list_invariant_cons : ∀ y c s',
+    interval_list_invariant ((y, c) :: s') = true ↔
+    (interval_list_elements_greater (y+Z.of_N c) s' = true ∧
+      ((c ≠ 0)%N) ∧ interval_list_invariant s' = true).
+  Proof.
+    rewrite /interval_list_invariant -/interval_list_invariant.
+    intros y c s'.
+    rewrite !Bool.andb_true_iff negb_true_iff.
+    split. {
+      move ⇒ [] [H_inf] /N.eqb_neq H_c H_s'. tauto.
+    } {
+      move ⇒ [H_inf] [/N.eqb_neq H_c] H_s'. tauto.
+    }
+  Qed.
+ +
+  Lemma interval_list_invariant_sing : ∀ x c,
+    interval_list_invariant ((x, c)::nil) = true ↔ (c ≠ 0)%N.
+  Proof.
+    intros x c.
+    rewrite interval_list_invariant_cons.
+    split; tauto.
+  Qed.
+ +
+  Lemma Ok_cons : ∀ y c s', Ok ((y, c) :: s') ↔
+    (interval_list_elements_greater (y+Z.of_N c) s' = true ∧ ((c ≠ 0)%N) ∧
+     is_encoded_elems_list (elementsZ_single y c) ∧ Ok s').
+  Proof.
+    intros y c s'.
+    rewrite /Ok /IsOk interval_list_invariant_cons elementsZ_cons is_encoded_elems_list_app
+       is_encoded_elems_list_rev.
+    tauto.
+  Qed.
+ +
+  Lemma Nin_elements_greater : ∀ s y,
+     interval_list_elements_greater y s = true →
+     interval_list_invariant s = true →
+     âˆ€ x, x ≤ y → ~(InZ x s).
+  Proof.
+    induction s as [| [z c] s' IH]. {
+      intros y _ _ x _.
+      by simpl.
+    } {
+      move ⇒ y /interval_list_elements_greater_cons H_y_lt
+        /interval_list_invariant_cons [H_gr] [H_c] H_s'
+        x H_x_le.
+      rewrite InZ_cons In_elementsZ_single.
+      have H_x_lt : x < z by eapply Z.le_lt_trans; eauto.
+ +
+      move ⇒ []. {
+        move ⇒ [H_z_leq] _; contradict H_z_leq.
+        by apply Z.nle_gt.
+      } {
+        eapply IH; eauto.
+        by apply Z_lt_le_add_r.
+      }
+    }
+  Qed.
+ +
+  Lemma Nin_elements_greater_equal :
+     âˆ€ x s,
+       interval_list_elements_greater x s = true →
+       interval_list_invariant s = true →
+       Â¬ (InZ x s).
+  Proof.
+    move ⇒ x s H_inv H_gr.
+    apply (Nin_elements_greater s x) ⇒ //.
+    apply Z.le_refl.
+  Qed.
+ +
+  Lemma interval_list_elements_greater_alt_def : ∀ s y,
+     interval_list_invariant s = true →
+
+     (interval_list_elements_greater y s = true ↔
+      (∀ x, x ≤ y → ~(InZ x s))).
+  Proof.
+    intros s y H_inv.
+    split. {
+      move ⇒ H_gr.
+      apply Nin_elements_greater ⇒ //.
+    } {
+      move : H_inv.
+      case s as [| [x2 c] s'] ⇒ //.
+      rewrite interval_list_invariant_cons interval_list_elements_greater_cons.
+      move ⇒ [_] [H_c_neq] _ H.
+      apply Z.nle_gt ⇒ H_ge.
+      apply (H x2) ⇒ //.
+      rewrite InZ_cons; left.
+      apply In_elementsZ_single_hd ⇒ //.
+    }
+  Qed.
+ +
+  Lemma interval_list_elements_greater_alt2_def : ∀ s y,
+     interval_list_invariant s = true →
+
+     (interval_list_elements_greater y s = true ↔
+      (∀ x, InZ x s → y < x)).
+  Proof.
+    intros s y H.
+ +
+    rewrite interval_list_elements_greater_alt_def //.
+    split. {
+      move ⇒ H_notInZ x H_inZ.
+      apply Z.nle_gt.
+      move ⇒ H_lt.
+      move : (H_notInZ x H_lt H_inZ) ⇒ //.
+    } {
+      move ⇒ H_lt x H_le H_inZ.
+      move : (H_lt x H_inZ).
+      lia.
+    }
+  Qed.
+ +
+  Lemma interval_list_elements_greater_intro : ∀ s y,
+     interval_list_invariant s = true →
+     (∀ x, InZ x s → y < x) →
+     interval_list_elements_greater y s = true.
+  Proof.
+    intros s y H1 H2.
+    rewrite interval_list_elements_greater_alt2_def //.
+  Qed.
+ +
+  Lemma interval_list_elements_greater_app_elim_1 : ∀ s1 s2 y,
+    interval_list_elements_greater y (s1 ++ s2) = true →
+    interval_list_elements_greater y s1 = true.
+  Proof.
+    intros s1 s2 y.
+    case s1 ⇒ //.
+  Qed.
+ +
+  Lemma interval_list_invariant_app_intro : ∀ s1 s2,
+      interval_list_invariant s1 = true →
+      interval_list_invariant s2 = true →
+      (∀ (x1 x2 : Z), InZ x1 s1 → InZ x2 s2 → Z.succ x1 < x2) →
+      interval_list_invariant (s1 ++ s2) = true.
+  Proof.
+    induction s1 as [| [y1 c1] s1' IH]. {
+      move ⇒ s2 _ //.
+    } {
+      move ⇒ s2.
+      rewrite -app_comm_cons !interval_list_invariant_cons.
+      move ⇒ [H_gr] [H_c1_neq] H_inv_s1' H_inv_s2 H_inz_s2.
+      split; last split. {
+        move : H_gr H_inz_s2.
+        case s1' as [| [y1' c1'] s1'']; last done.
+        move ⇒ _ H_inz_s2.
+        rewrite app_nil_l.
+        apply interval_list_elements_greater_intro ⇒ //.
+        move ⇒ x H_x_in_s2.
+        suff H_inz : InZ (Z.pred (y1 + Z.of_N c1)) ((y1, c1) :: nil). {
+          move : (H_inz_s2 _ _ H_inz H_x_in_s2).
+          by rewrite Z.succ_pred.
+        }
+        rewrite InZ_cons In_elementsZ_single -Z.lt_le_pred; left.
+        split. {
+          by apply Z_lt_add_r.
+        } {
+          apply Z.lt_pred_l.
+        }
+      } {
+        assumption.
+      } {
+        apply IH ⇒ //.
+        intros x1 x2 H_in_x1 H_in_x2.
+        apply H_inz_s2 ⇒ //.
+        rewrite InZ_cons; by right.
+      }
+    }
+  Qed.
+ +
+  Lemma interval_list_invariant_app_elim : ∀ s1 s2,
+      interval_list_invariant (s1 ++ s2) = true →
+      interval_list_invariant s1 = true ∧
+      interval_list_invariant s2 = true ∧
+      (∀ (x1 x2 : Z), InZ x1 s1 → InZ x2 s2 → Z.succ x1 < x2).
+  Proof.
+    move ⇒ s1 s2.
+    induction s1 as [| [y1 c1] s1' IH]; first done.
+    rewrite -app_comm_cons !interval_list_invariant_cons.
+ +
+    move ⇒ [H_gr] [H_c1_neq_0] /IH [H_inv_s1'] [H_inv_s2] H_in_s1'_s2.
+    repeat split; try assumption. {
+      move : H_gr.
+      case s1'; first done.
+      move ⇒ [y2 c2] s1''.
+      rewrite interval_list_elements_greater_cons //.
+    } {
+      move ⇒ x1 x2.
+      rewrite InZ_cons In_elementsZ_single.
+      move ⇒ []; last by apply H_in_s1'_s2.
+      move ⇒ [] H_y1_le H_x1_lt H_x2_in.
+      move : H_gr.
+      rewrite interval_list_elements_greater_alt2_def; last first. {
+          by apply interval_list_invariant_app_intro.
+      }
+      move ⇒ H_in_s12'.
+      have : (y1 + Z.of_N c1 < x2). {
+        apply H_in_s12'.
+        rewrite InZ_app.
+        by right.
+      }
+      move ⇒ H_lt_x2.
+      apply Z.le_lt_trans with (m := y1 + Z.of_N c1) ⇒ //.
+      by apply Zlt_le_succ.
+    }
+  Qed.
+ +
+  Lemma interval_list_invariant_app_iff : ∀ s1 s2,
+      interval_list_invariant (s1 ++ s2) = true ↔
+      (interval_list_invariant s1 = true ∧
+      interval_list_invariant s2 = true ∧
+      (∀ (x1 x2 : Z), InZ x1 s1 → InZ x2 s2 → Z.succ x1 < x2)).
+  Proof.
+    intros s1 s2.
+    split. {
+      by apply interval_list_invariant_app_elim.
+    } {
+      move ⇒ [] H_inv_s1 [].
+      by apply interval_list_invariant_app_intro.
+    }
+  Qed.
+ +
+  Lemma interval_list_invariant_snoc_intro : ∀ s1 y2 c2,
+      interval_list_invariant s1 = true →
+      (c2 ≠ 0)%N →
+      (∀ x, InZ x s1 → Z.succ x < y2) →
+      interval_list_invariant (s1 ++ ((y2, c2)::nil)) = true.
+  Proof.
+    intros s1 y2 c2 H_inv_s1 H_c2_neq H_in_s1.
+    apply interval_list_invariant_app_intro ⇒ //. {
+      rewrite interval_list_invariant_cons; done.
+    } {
+      intros x1 x2 H_in_x1.
+      rewrite InZ_cons.
+      move ⇒ [] //.
+      rewrite In_elementsZ_single.
+      move ⇒ [H_y2_le] _.
+      eapply Z.lt_le_trans; eauto.
+    }
+  Qed.
+ +
+ +
+
+ +
+

Properties of In and InZ

+ +
+
+ +
+  Lemma encode_decode_eq : ∀ x s, Ok s → InZ x s →
+    (Enc.encode (Enc.decode x) = x).
+  Proof.
+    intros x s.
+    rewrite /Ok /IsOk /InZ.
+    move ⇒ [_] H_enc H_in_x.
+    move : (H_enc _ H_in_x) ⇒ [x'] <-.
+    rewrite Enc.decode_encode_ok //.
+  Qed.
+ +
+  Lemma In_alt_def : ∀ x s, Ok s →
+    (In x s ↔ List.In x (elements s)).
+  Proof.
+    intros x s H_ok.
+    rewrite /In InA_alt /elements rev_map_alt_def.
+    split. {
+      move ⇒ [y] [H_y_eq].
+      rewrite -!in_rev !in_map_iff.
+      move ⇒ [x'] [H_y_eq'] H_x'_in.
+      suff H_x'_eq : (Enc.encode x = x'). {
+        âˆƒ x'.
+        split ⇒ //.
+        rewrite -H_x'_eq Enc.decode_encode_ok //.
+      }
+      have H_enc_list : is_encoded_elems_list (elementsZ s). {
+        move : H_ok.
+        rewrite /Ok /IsOk ⇒ [] [] //.
+      }
+      move : (H_enc_list _ H_x'_in) ⇒ [x''] H_x'_eq.
+      move : H_y_eq'.
+      rewrite -!H_x'_eq Enc.decode_encode_ok ⇒ H_y_eq'.
+      subst.
+      suff → : Z.eq (Enc.encode x) (Enc.encode y) by done.
+      by rewrite Enc.encode_eq.
+    } {
+      move ⇒ H_enc_in.
+      âˆƒ x.
+      split ⇒ //.
+      apply Enc.E.eq_equiv.
+    }
+  Qed.
+ +
+  Lemma In_InZ : ∀ x s, Ok s →
+    (In x s ↔ InZ (Enc.encode x) s).
+  Proof.
+    intros x s H_ok.
+    rewrite /InZ In_alt_def /elements rev_map_alt_def -in_rev in_map_iff.
+    split; last first. {
+      âˆƒ (Enc.encode x).
+      by rewrite Enc.decode_encode_ok.
+    }
+    move ⇒ [y] [<-] H_y_in.
+    suff : ∃ z, (Enc.encode z = y). {
+      move ⇒ [z] H_y_eq.
+      move : H_y_in.
+      by rewrite -!H_y_eq Enc.decode_encode_ok.
+    }
+    suff H_enc_list : is_encoded_elems_list (elementsZ s). {
+      by apply H_enc_list.
+    }
+    apply H_ok.
+  Qed.
+ +
+  Lemma InZ_In : ∀ x s, Ok s →
+    (InZ x s → In (Enc.decode x) s).
+  Proof.
+    intros x s H_ok.
+    rewrite In_InZ /InZ.
+    move : H_ok.
+    rewrite /Ok /IsOk /is_encoded_elems_list.
+    move ⇒ [_] H_enc.
+    move ⇒ H_in.
+    move : (H_enc _ H_in) ⇒ [e] H_x.
+    subst.
+    by rewrite Enc.decode_encode_ok.
+  Qed.
+ +
+ +
+
+ +
+

Membership specification

+ +
+
+ +
+  Lemma memZ_spec :
+    âˆ€ (s : t) (x : Z) (Hs : Ok s), memZ x s = true ↔ InZ x s.
+  Proof.
+    induction s as [| [y c] s' IH]. {
+      intros x _.
+      rewrite /InZ elementsZ_nil //.
+    } {
+      move ⇒ x /Ok_cons [H_inf] [H_c] [H_is_enc] H_s'.
+      rewrite /InZ /memZ elementsZ_cons -/memZ.
+      rewrite in_app_iff -!in_rev In_elementsZ_single.
+ +
+      case_eq (x <? y). {
+        move ⇒ /Z.ltb_lt H_x_lt.
+        split; first done.
+        move ⇒ []. {
+          move ⇒ H_x_in; contradict H_x_in.
+          apply Nin_elements_greater with (y := (y + Z.of_N c)) ⇒ //. {
+            apply H_s'.
+          } {
+            apply Z_lt_le_add_r ⇒ //.
+          }
+        } {
+          move ⇒ [H_y_le]; contradict H_y_le.
+          by apply Z.nle_gt.
+        }
+      } {
+        move ⇒ /Z.ltb_ge H_y_le.
+        case_eq (x <? y + Z.of_N c). {
+          move ⇒ /Z.ltb_lt H_x_lt.
+          split; last done.
+          move ⇒ _.
+          by right.
+        } {
+          move ⇒ /Z.ltb_ge H_yc_le.
+          rewrite IH.
+          split; first tauto.
+          move ⇒ [] //.
+          move ⇒ [_] H_x_lt; contradict H_x_lt.
+          by apply Z.nlt_ge.
+        }
+      }
+    }
+  Qed.
+ +
+  Lemma mem_spec :
+   âˆ€ (s : t) (x : elt) (Hs : Ok s), mem x s = true ↔ In x s.
+  Proof.
+    intros s x Hs.
+    rewrite /mem memZ_spec In_InZ //.
+  Qed.
+ +
+  Lemma merge_interval_size_neq_0 : ∀ x1 c1 x2 c2,
+     (c1 ≠ 0%N) →
+     (merge_interval_size x1 c1 x2 c2 ≠ 0)%N.
+  Proof.
+    intros x1 c1 x2 c2.
+    rewrite /merge_interval_size !N.neq_0_lt_0 N.max_lt_iff.
+    by left.
+  Qed.
+ +
+
+ +
+

insert if length not 0

+ +
+
+ +
+  Lemma interval_list_invariant_insert_intervalZ_guarded : ∀ x c s,
+    interval_list_invariant s = true →
+    interval_list_elements_greater (x + Z.of_N c) s = true →
+    interval_list_invariant (insert_intervalZ_guarded x c s) = true.
+  Proof.
+    intros x c s.
+    rewrite /insert_intervalZ_guarded.
+    case_eq (c =? 0)%N ⇒ //.
+    move ⇒ /N.eqb_neq.
+    rewrite interval_list_invariant_cons.
+    tauto.
+  Qed.
+ +
+  Lemma interval_list_elements_greater_insert_intervalZ_guarded : ∀ x c y s,
+    interval_list_elements_greater y (insert_intervalZ_guarded x c s) = true ↔
+    (if (c =? 0)%N then (interval_list_elements_greater y s = true) else (y < x)).
+  Proof.
+    intros x c y s.
+    rewrite /insert_intervalZ_guarded.
+    case (c =? 0)%N ⇒ //.
+    rewrite /interval_list_elements_greater Z.ltb_lt //.
+  Qed.
+ +
+  Lemma insert_intervalZ_guarded_app : ∀ x c s1 s2,
+    (insert_intervalZ_guarded x c s1) ++ s2 =
+    insert_intervalZ_guarded x c (s1 ++ s2).
+  Proof.
+    intros x c s1 s2.
+    rewrite /insert_intervalZ_guarded.
+    case (N.eqb c 0) ⇒ //.
+  Qed.
+ +
+  Lemma insert_intervalZ_guarded_rev_nil_app : ∀ x c s,
+    rev (insert_intervalZ_guarded x c nil) ++ s =
+    insert_intervalZ_guarded x c s.
+  Proof.
+    intros x c s.
+    rewrite /insert_intervalZ_guarded.
+    case (N.eqb c 0) ⇒ //.
+  Qed.
+ +
+Lemma elementsZ_insert_intervalZ_guarded : ∀ x c s,
+    elementsZ (insert_intervalZ_guarded x c s) = elementsZ ((x, c) :: s).
+  Proof.
+    intros x c s.
+    rewrite /insert_intervalZ_guarded.
+    case_eq (c =? 0)%N ⇒ //.
+    move ⇒ /N.eqb_eq →.
+    rewrite elementsZ_cons elementsZ_single_base /= app_nil_r //.
+  Qed.
+ +
+  Lemma InZ_insert_intervalZ_guarded : ∀ y x c s,
+    InZ y (insert_intervalZ_guarded x c s) = InZ y ((x, c) :: s).
+  Proof.
+    intros y x c s.
+    rewrite /InZ elementsZ_insert_intervalZ_guarded //.
+  Qed.
+ +
+
+ +
+

Merging intervals

+ +
+
+ +
+  Lemma merge_interval_size_add : ∀ x c1 c2,
+     (merge_interval_size x c1 (x + Z.of_N c1) c2 = (c1 + c2))%N.
+  Proof.
+    intros x c1 c2.
+    rewrite /merge_interval_size.
+    replace (x + Z.of_N c1 + Z.of_N c2 - x) with
+            (Z.of_N c1 + Z.of_N c2) by lia.
+    rewrite -N2Z.inj_add N2Z.id.
+    apply N.max_r, N.le_add_r.
+  Qed.
+ +
+  Lemma merge_interval_size_eq_max : ∀ y1 c1 y2 c2,
+     y1 ≤ y2 + Z.of_N c2 →
+     y1 + Z.of_N (merge_interval_size y1 c1 y2 c2) =
+     Z.max (y1 + Z.of_N c1) (y2 + Z.of_N c2).
+  Proof.
+    intros y1 c1 y2 c2 H_y1_le.
+    rewrite /merge_interval_size N2Z.inj_max Z2N.id; last first. {
+      by apply Zle_minus_le_0.
+    }
+    rewrite -Z.add_max_distr_l.
+    replace (y1 + (y2 + Z.of_N c2 - y1)) with (y2 + Z.of_N c2) by lia.
+    done.
+  Qed.
+ +
+  Lemma merge_interval_size_invariant : ∀ y1 c1 y2 c2 z s,
+    interval_list_invariant s = true →
+    y1 + Z.of_N c1 ≤ y2 + Z.of_N c2 →
+    y2 + Z.of_N c2 ≤ z →
+    interval_list_elements_greater z s = true →
+    (c1 ≠ 0)%N →
+    interval_list_invariant ((y1, merge_interval_size y1 c1 y2 c2) :: s) =
+   true.
+  Proof.
+    intros y1 c1 y2 c2 z s H_inv H_le H_le_z H_gr H_c1_neq_0.
+    rewrite interval_list_invariant_cons.
+    split; last split. {
+      rewrite merge_interval_size_eq_max; last first. {
+        eapply Z.le_trans; last apply H_le.
+        apply Z_le_add_r.
+      } {
+        rewrite Z.max_r ⇒ //.
+        eapply interval_list_elements_greater_impl; first apply H_le_z.
+        done.
+      }
+    } {
+      apply merge_interval_size_neq_0.
+      assumption.
+    } {
+      assumption.
+    }
+  Qed.
+ +
+  Lemma In_merge_interval : ∀ x1 c1 x2 c2 y,
+    x1 ≤ x2 →
+    x2 ≤ x1 + Z.of_N c1 → (
+    List.In y (elementsZ_single x1 (merge_interval_size x1 c1 x2 c2)) ↔
+    List.In y (elementsZ_single x1 c1) ∨ List.In y (elementsZ_single x2 c2)).
+  Proof.
+    intros x1 c1 x2 c2 y H_x1_le H_x2_le.
+    rewrite !In_elementsZ_single merge_interval_size_eq_max;
+      last first. {
+      eapply Z.le_trans; eauto.
+      by apply Z_le_add_r.
+    }
+    rewrite Z.max_lt_iff.
+    split. {
+      move ⇒ [H_x_le] [] H_y_lt. {
+        by left.
+      } {
+        case_eq (Z.leb x2 y). {
+          move ⇒ /Z.leb_le H_y'_le.
+          by right.
+        } {
+          move ⇒ /Z.leb_gt H_y_lt_x2.
+          left.
+          split ⇒ //.
+          eapply Z.lt_le_trans; eauto.
+        }
+      }
+    } {
+      move ⇒ []. {
+        tauto.
+      } {
+        move ⇒ [H_x2_le'] H_y_lt.
+        split. {
+          eapply Z.le_trans; eauto.
+        } {
+          by right.
+        }
+      }
+    }
+  Qed.
+ +
+  Lemma insert_interval_begin_spec : ∀ y s x c,
+     interval_list_invariant s = true →
+     interval_list_elements_greater x s = true →
+     (c ≠ 0)%N →
+      (
+     interval_list_invariant (insert_interval_begin x c s) = true ∧
+     (InZ y (insert_interval_begin x c s) ↔
+     (List.In y (elementsZ_single x c) ∨ InZ y s))).
+  Proof.
+    intros y.
+    induction s as [| [y' c'] s' IH]. {
+      intros x c _ H_c_neq H_z_lt.
+      rewrite /insert_interval_begin InZ_cons interval_list_invariant_cons //.
+    } {
+      intros x c.
+      rewrite interval_list_invariant_cons
+       interval_list_elements_greater_cons.
+      move ⇒ [H_gr] [H_c'_neq_0] H_inv_s' H_x_lt H_c_neq_0.
+      unfold insert_interval_begin.
+      Z_named_compare_cases H_y'; fold insert_interval_begin. {
+        subst.
+        rewrite !InZ_cons elementsZ_single_add in_app_iff.
+        split; last tauto.
+        rewrite interval_list_invariant_cons N2Z.inj_add
+          Z.add_assoc N.eq_add_0.
+        tauto.
+      } {
+        rewrite !InZ_cons !interval_list_invariant_cons
+          interval_list_elements_greater_cons.
+        repeat split ⇒ //.
+      } {
+        set c'' := merge_interval_size x c y' c'.
+        have H_x_lt' : x < y' + Z.of_N c'. {
+          eapply Z.lt_le_trans with (m := y') ⇒ //.
+          by apply Z_le_add_r.
+        }
+
+        have H_pre : interval_list_elements_greater x s' = true. {
+          eapply interval_list_elements_greater_impl; eauto.
+          by apply Z.lt_le_incl.
+        }
+        have H_pre2 : c'' ≠ 0%N. {
+          by apply merge_interval_size_neq_0.
+        }
+        move : (IH x c'' H_inv_s' H_pre H_pre2) ⇒ {IH} {H_pre} {H_pre2} [->] →.
+ +
+        split; first reflexivity.
+        unfold c''; clear c''.
+        rewrite In_merge_interval. {
+          rewrite InZ_cons.
+          tauto.
+        } {
+          by apply Z.lt_le_incl.
+        } {
+          by apply Z.lt_le_incl.
+        }
+      }
+    }
+  Qed.
+ +
+
+ +
+

add specification

+ +
+
+  Lemma addZ_InZ :
+   âˆ€ (s : t) (x y : Z),
+    interval_list_invariant s = true →
+    (InZ y (addZ x s) ↔ x = y ∨ InZ y s).
+  Proof.
+    move ⇒ s x y.
+    induction s as [| [z c] s' IH]. {
+      move ⇒ _.
+      rewrite /InZ addZ_alt_def
+              elementsZ_cons elementsZ_nil app_nil_l -in_rev
+              In_elementsZ_single1 /=.
+      firstorder.
+    } {
+      move ⇒ /interval_list_invariant_cons [H_greater] [H_c_neq_0] H_inv_c'.
+      move : (IH H_inv_c') ⇒ {} IH.
+      rewrite addZ_alt_def.
+      have H_succ : ∀ z, z + Z.of_N 1 = Z.succ z by done.
+      move : (interval_1_compare_elim x z c).
+      case (interval_1_compare x (z, c));
+        rewrite ?InZ_cons ?In_elementsZ_single1 ?H_succ ?Z.lt_succ_r //. {
+        move ⇒ →.
+        rewrite elementsZ_single_succ_front /=.
+        tauto.
+      } {
+        move ⇒ [] // H_x_in.
+        split; first tauto.
+        move ⇒ [] // <-.
+        left.
+        by rewrite In_elementsZ_single.
+      } {
+        rewrite IH.
+        tauto.
+      } {
+        move ⇒ H_x_eq.
+        have → : (InZ y (insert_interval_begin z (N.succ c) s') ↔
+                   List.In y (elementsZ_single z (N.succ c)) ∨ InZ y s'). {
+          eapply insert_interval_begin_spec. {
+            by apply H_inv_c'.
+          } {
+            eapply interval_list_elements_greater_impl; eauto.
+            apply Z_le_add_r.
+          } {
+            by apply N.neq_succ_0.
+          }
+        }
+        rewrite -H_x_eq elementsZ_single_succ in_app_iff /=.
+        tauto.
+      }
+    }
+  Qed.
+ +
+  Lemma addZ_invariant : ∀ s x,
+    interval_list_invariant s = true →
+    interval_list_invariant (addZ x s) = true.
+  Proof.
+    move ⇒ s x.
+    induction s as [| [z c] s' IH]. {
+      move ⇒ _.
+      by simpl.
+    } {
+      move ⇒ /interval_list_invariant_cons [H_greater] [H_c_neq_0]
+              H_inv_c'.
+      move : (IH H_inv_c') ⇒ {} IH.
+      rewrite addZ_alt_def.
+      have H_succ : ∀ z, z + Z.of_N 1 = Z.succ z by done.
+      move : (interval_1_compare_elim x z c).
+      case_eq (interval_1_compare x (z, c)) ⇒ H_comp;
+        rewrite ?InZ_cons ?In_elementsZ_single1 ?H_succ ?Z.lt_succ_r //. {
+        move ⇒ H_z_gt.
+        rewrite interval_list_invariant_cons /= !andb_true_iff !H_succ.
+        repeat split ⇒ //. {
+          by apply Z.ltb_lt.
+        } {
+          apply negb_true_iff, N.eqb_neq ⇒ //.
+        }
+      } {
+        move ⇒ ?; subst.
+        rewrite /= !andb_true_iff.
+        repeat split ⇒ //. {
+          move : H_greater.
+          rewrite Z.add_succ_l -Z.add_succ_r N2Z.inj_succ //.
+        } {
+          apply negb_true_iff, N.eqb_neq ⇒ //.
+          apply N.neq_succ_0.
+        }
+      } {
+        move ⇒ [] // _.
+        rewrite interval_list_invariant_cons /=.
+        tauto.
+      } {
+        rewrite interval_list_invariant_cons.
+        move ⇒ H_lt_x.
+        repeat split ⇒ //.
+        apply interval_list_elements_greater_intro ⇒ //.
+        move ⇒ xx.
+        rewrite addZ_InZ ⇒ //.
+        move ⇒ [<- //|].
+        apply interval_list_elements_greater_alt2_def ⇒ //.
+      } {
+        move ⇒ H_x_eq.
+        apply insert_interval_begin_spec ⇒ //. {
+          eapply interval_list_elements_greater_impl; eauto.
+          apply Z_le_add_r.
+        } {
+          by apply N.neq_succ_0.
+        }
+      }
+    }
+  Qed.
+ +
+  Global Instance add_ok s x : ∀ `(Ok s), Ok (add x s).
+  Proof.
+    move ⇒ H_ok_s.
+    move : (H_ok_s).
+    rewrite /Ok /IsOk /is_encoded_elems_list /add.
+    move ⇒ [H_isok_s] H_pre.
+    split. {
+      apply addZ_invariant ⇒ //.
+    } {
+      intros y.
+      move : (addZ_InZ s (Enc.encode x) y H_isok_s).
+      rewrite /InZ ⇒ →.
+      move ⇒ []. {
+        move ⇒ <-.
+        by ∃ x.
+      } {
+        move ⇒ /H_pre //.
+      }
+    }
+  Qed.
+ +
+  Lemma add_spec :
+   âˆ€ (s : t) (x y : elt) (Hs : Ok s),
+     In y (add x s) ↔ Enc.E.eq y x ∨ In y s.
+  Proof.
+    intros s x y Hs.
+    have Hs' := (add_ok s x Hs).
+    rewrite !In_InZ.
+    rewrite /add addZ_InZ. {
+      rewrite -Enc.encode_eq /Z.eq.
+      firstorder.
+    } {
+      apply Hs.
+    }
+  Qed.
+ +
+
+ +
+

empty specification

+ +
+
+ +
+  Global Instance empty_ok : Ok empty.
+  Proof.
+    rewrite /empty Ok_nil //.
+  Qed.
+ +
+  Lemma empty_spec' : ∀ x, (In x empty ↔ False).
+    rewrite /Empty /empty /In elements_nil.
+    intros a.
+    rewrite InA_nil //.
+  Qed.
+ +
+  Lemma empty_spec : Empty empty.
+  Proof.
+    rewrite /Empty ⇒ a.
+    rewrite empty_spec' //.
+  Qed.
+ +
+
+ +
+

is_empty specification

+ +
+
+ +
+  Lemma is_empty_spec : ∀ (s : t) (Hs : Ok s), is_empty s = true ↔ Empty s.
+  Proof.
+    intros [ | [x c] s]. {
+      split ⇒ // _.
+      apply empty_spec.
+    } {
+      rewrite /= /Empty Ok_cons.
+      move ⇒ [_] [H_c_neq] [H_enc] _.
+      split ⇒ //.
+      move ⇒ H.
+      contradiction (H (Enc.decode x)) ⇒ {H}.
+      rewrite /In InA_alt elements_cons.
+      âˆƒ (Enc.decode x).
+      split; first by apply Enc.E.eq_equiv.
+      rewrite in_app_iff; left.
+      rewrite /elements_single in_map_iff.
+      âˆƒ x.
+      split ⇒ //.
+      apply In_elementsZ_single_hd ⇒ //.
+    }
+  Qed.
+ +
+
+ +
+

singleton specification

+ +
+
+ +
+  Global Instance singleton_ok x : Ok (singleton x).
+  Proof.
+    rewrite singleton_alt_def.
+    apply add_ok.
+    apply empty_ok.
+  Qed.
+ +
+  Lemma singleton_spec : ∀ x y : elt, In y (singleton x) ↔ Enc.E.eq y x.
+  Proof.
+    intros x y.
+    rewrite singleton_alt_def.
+    rewrite (add_spec empty x y) /empty /In elements_nil InA_nil.
+    split. {
+      move ⇒ [] //.
+    } {
+      by left.
+    }
+  Qed.
+ +
+
+ +
+

add_list specification

+ +
+
+ +
+  Lemma add_list_ok : ∀ l s, Ok s → Ok (add_list l s).
+  Proof.
+    induction l as [| x l' IH]. {
+      done.
+    } {
+      move ⇒ s H_s_ok /=.
+      apply IH.
+      by apply add_ok.
+    }
+  Qed.
+ +
+  Lemma add_list_spec : ∀ x l s, Ok s →
+     (In x (add_list l s) ↔ (SetoidList.InA Enc.E.eq x l) ∨ In x s).
+  Proof.
+    move ⇒ x.
+    induction l as [| y l' IH]. {
+      intros s H.
+      rewrite /= InA_nil.
+      tauto.
+    } {
+      move ⇒ s H_ok /=.
+      rewrite IH add_spec InA_cons.
+      tauto.
+    }
+  Qed.
+ +
+
+ +
+

union specification

+ +
+
+ +
+  Lemma union_aux_flatten_alt_def : ∀ (s1 s2 : t) acc,
+    union_aux s1 s2 acc =
+    match (s1, s2) with
+    | (nil, _) ⇒ List.rev_append acc s2
+    | (_, nil) ⇒ List.rev_append acc s1
+    | ((y1, c1) :: l1, (y2, c2) :: l2) ⇒
+        match (interval_compare (y1, c1) (y2,c2)) with
+          | ICR_before ⇒ union_aux l1 s2 ((y1, c1)::acc)
+          | ICR_before_touch ⇒
+              union_aux l1 (
+                insert_interval_begin y1 ((c1+c2)%N) l2) acc
+          | ICR_after ⇒ union_aux s1 l2 ((y2, c2)::acc)
+          | ICR_after_touch ⇒ union_aux l1 (
+              insert_interval_begin y2 ((c1+c2)%N) l2) acc
+          | ICR_overlap_before ⇒
+              union_aux l1 (
+                insert_interval_begin y1
+                  (merge_interval_size y1 c1 y2 c2) l2) acc
+          | ICR_overlap_after ⇒
+              union_aux l1 (
+                insert_interval_begin y2
+                  (merge_interval_size y2 c2 y1 c1) l2) acc
+          | ICR_equal ⇒ union_aux l1 s2 acc
+          | ICR_subsume_1 ⇒ union_aux l1 s2 acc
+          | ICR_subsume_2 ⇒ union_aux s1 l2 acc
+        end
+    end.
+  Proof.
+    intros s1 s2 acc.
+    case s1, s2 ⇒ //.
+  Qed.
+ +
+  Lemma union_aux_alt_def : ∀ (s1 s2 : t) acc,
+    union_aux s1 s2 acc =
+    List.rev_append acc (union s1 s2).
+  Proof.
+    rewrite /union.
+    intros s1 s2 acc.
+    move : acc s2.
+    induction s1 as [| [y1 c1] l1 IH1]. {
+      intros acc s2.
+      rewrite !union_aux_flatten_alt_def.
+      rewrite !rev_append_rev //.
+    }
+    intros acc s2; move : acc.
+    induction s2 as [| [y2 c2] l2 IH2]; first by simpl.
+    move ⇒ acc.
+    rewrite !(union_aux_flatten_alt_def ((y1, c1)::l1) ((y2, c2)::l2)).
+    case (interval_compare (y1, c1) (y2, c2));
+      rewrite ?(IH1 ((y1, c1) :: acc)) ?(IH1 ((y1, c1) :: nil))
+              ?(IH2 ((y2, c2) :: acc)) ?(IH2 ((y2, c2) :: nil))
+              ?(IH1 acc) //.
+  Qed.
+ +
+  Lemma union_alt_def : ∀ (s1 s2 : t),
+    union s1 s2 =
+    match (s1, s2) with
+    | (nil, _) ⇒ s2
+    | (_, nil) ⇒ s1
+    | ((y1, c1) :: l1, (y2, c2) :: l2) ⇒
+        match (interval_compare (y1, c1) (y2,c2)) with
+          | ICR_before ⇒ (y1, c1) :: (union l1 s2)
+          | ICR_before_touch ⇒
+              union l1 (insert_interval_begin y1 ((c1+c2)%N) l2)
+          | ICR_after ⇒ (y2, c2) :: union s1 l2
+          | ICR_after_touch ⇒ union l1
+              (insert_interval_begin y2 ((c1+c2)%N) l2)
+          | ICR_overlap_before ⇒
+              union l1 (insert_interval_begin y1 (merge_interval_size y1 c1 y2 c2) l2)
+          | ICR_overlap_after ⇒
+              union l1 (insert_interval_begin y2 (merge_interval_size y2 c2 y1 c1) l2)
+          | ICR_equal ⇒ union l1 s2
+          | ICR_subsume_1 ⇒ union l1 s2
+          | ICR_subsume_2 ⇒ union s1 l2
+        end
+     end.
+  Proof.
+    intros s1 s2.
+    rewrite /union union_aux_flatten_alt_def.
+    case s1 as [| [y1 c1] l1] ⇒ //.
+    case s2 as [| [y2 c2] l2] ⇒ //.
+    case (interval_compare (y1, c1) (y2, c2));
+      rewrite union_aux_alt_def //.
+  Qed.
+ +
+  Lemma union_InZ :
+   âˆ€ (s1 s2 : t),
+    interval_list_invariant s1 = true →
+    interval_list_invariant s2 = true →
+    âˆ€ y, (InZ y (union s1 s2) ↔ InZ y s1 ∨ InZ y s2).
+  Proof.
+    intro s1.
+    induction s1 as [| [y1 c1] l1 IH1]. {
+      intros s2 _ _ y.
+      rewrite union_alt_def /InZ /=.
+      tauto.
+    } {
+      induction s2 as [| [y2 c2] l2 IH2]. {
+        intros _ _ y.
+        rewrite union_alt_def /InZ /=.
+        tauto.
+      } {
+        move ⇒ H_inv_s1 H_inv_s2.
+        move : (H_inv_s1) (H_inv_s2).
+        rewrite !interval_list_invariant_cons.
+        move ⇒ [H_gr_l1] [H_c1_neq_0] H_inv_l1.
+        move ⇒ [H_gr_l2] [H_c2_neq_0] H_inv_l2.
+        move : (IH2 H_inv_s1 H_inv_l2) ⇒ {} IH2.
+        have : ∀ s2 : t,
+          interval_list_invariant s2 = true →
+          âˆ€ y : Z, InZ y (union l1 s2) ↔ InZ y l1 ∨ InZ y s2. {
+          intros. by apply IH1.
+        }
+        move ⇒ {} IH1 y.
+        rewrite union_alt_def.
+        move : (interval_compare_elim y1 c1 y2 c2).
+        case (interval_compare (y1, c1) (y2, c2)). {
+          rewrite !InZ_cons IH1 // InZ_cons.
+          tauto.
+        } {
+          move ⇒ H_y2_eq.
+          replace (c1 + c2)%N with (merge_interval_size y1 c1 y2 c2);
+            last first. {
+            rewrite -H_y2_eq merge_interval_size_add //.
+          }
+          set c'' := merge_interval_size y1 c1 y2 c2.
+          have [H_inv_insert H_InZ_insert] :
+               interval_list_invariant (insert_interval_begin y1 c'' l2) = true ∧
+                (InZ y (insert_interval_begin y1 c'' l2) ↔
+                List.In y (elementsZ_single y1 c'') ∨ InZ y l2). {
+            apply insert_interval_begin_spec ⇒ //. {
+              eapply interval_list_elements_greater_impl; eauto.
+              rewrite -H_y2_eq -Z.add_assoc -N2Z.inj_add.
+              apply Z_le_add_r.
+            } {
+              by apply merge_interval_size_neq_0.
+            }
+          }
+  
+          rewrite IH1 ⇒ //.
+          rewrite H_InZ_insert !InZ_cons /c''.
+          rewrite -H_y2_eq In_merge_interval. {
+            tauto.
+          } {
+            apply Z_le_add_r.
+          } {
+            by apply Z.le_refl.
+          }
+        } {
+          move ⇒ [H_y1_lt] [H_y2_lt] H_y1_c1_lt.
+          set c'' := merge_interval_size y1 c1 y2 c2.
+          have [H_inv_insert H_InZ_insert] :
+               interval_list_invariant (insert_interval_begin y1 c'' l2) = true ∧
+                (InZ y (insert_interval_begin y1 c'' l2) ↔
+                List.In y (elementsZ_single y1 c'') ∨ InZ y l2). {
+            apply insert_interval_begin_spec ⇒ //. {
+              eapply interval_list_elements_greater_impl; eauto.
+              apply Z_lt_le_add_r ⇒ //.
+            } {
+              by apply merge_interval_size_neq_0.
+            }
+          }
+          rewrite IH1 ⇒ //.
+          rewrite H_InZ_insert !InZ_cons /c''.
+          rewrite In_merge_interval. {
+            tauto.
+          } {
+            by apply Z.lt_le_incl.
+          } {
+            by apply Z.lt_le_incl.
+          }
+        } {
+          move ⇒ [H_y2_lt] [H_y1_lt] H_y2_c_lt.
+          set c'' := merge_interval_size y2 c2 y1 c1.
+          have [H_inv_insert H_InZ_insert] :
+               interval_list_invariant (insert_interval_begin y2 c'' l2) = true ∧
+                (InZ y (insert_interval_begin y2 c'' l2) ↔
+                List.In y (elementsZ_single y2 c'') ∨ InZ y l2). {
+            apply insert_interval_begin_spec ⇒ //. {
+              eapply interval_list_elements_greater_impl; eauto.
+              apply Z_le_add_r.
+            } {
+              by apply merge_interval_size_neq_0.
+            }
+          }
+  
+          rewrite IH1 ⇒ //.
+          rewrite H_InZ_insert !InZ_cons /c''.
+          rewrite In_merge_interval. {
+            tauto.
+          } {
+            by apply Z.lt_le_incl.
+          } {
+            by apply Z.lt_le_incl.
+          }
+        } {
+          move ⇒ [? ?]; subst.
+          rewrite IH1 ⇒ //.
+          rewrite !InZ_cons.
+          tauto.
+        } {
+          move ⇒ [H_y2_le] [H_y1_c1_le] _.
+          rewrite IH1 ⇒ //.
+          rewrite !InZ_cons.
+          suff : (List.In y (elementsZ_single y1 c1) →
+                  List.In y (elementsZ_single y2 c2)). {
+            tauto.
+          }
+          rewrite !In_elementsZ_single.
+          move ⇒ [H_y1_le H_y_lt].
+          split; lia.
+        } {
+          move ⇒ [H_y1_le] [H_y2_c2_le] _.
+          rewrite IH2.
+          rewrite !InZ_cons.
+          suff : (List.In y (elementsZ_single y2 c2) →
+                  List.In y (elementsZ_single y1 c1)). {
+            tauto.
+          }
+          rewrite !In_elementsZ_single.
+          move ⇒ [H_y2_le H_y_lt].
+          split; lia.
+        } {
+          rewrite !InZ_cons IH2 !InZ_cons.
+          tauto.
+        } {
+          move ⇒ H_y1_eq.
+          replace (c1 + c2)%N with (merge_interval_size y2 c2 y1 c1);
+            last first. {
+            rewrite -H_y1_eq merge_interval_size_add N.add_comm //.
+          }
+          set c'' := merge_interval_size y2 c2 y1 c1.
+          have [H_inv_insert H_InZ_insert] :
+               interval_list_invariant (insert_interval_begin y2 c'' l2) = true ∧
+                (InZ y (insert_interval_begin y2 c'' l2) ↔
+                List.In y (elementsZ_single y2 c'') ∨ InZ y l2). {
+            apply insert_interval_begin_spec ⇒ //. {
+              eapply interval_list_elements_greater_impl; eauto.
+              apply Z_le_add_r.
+            } {
+              by apply merge_interval_size_neq_0.
+            }
+          }
+  
+          rewrite IH1 ⇒ //.
+          rewrite H_InZ_insert !InZ_cons /c''.
+          rewrite -H_y1_eq In_merge_interval. {
+            tauto.
+          } {
+            apply Z_le_add_r.
+          } {
+            by apply Z.le_refl.
+          }
+        }
+      }
+    }
+  Qed.
+ +
+  Lemma union_invariant :
+   âˆ€ (s1 s2 : t),
+    interval_list_invariant s1 = true →
+    interval_list_invariant s2 = true →
+    interval_list_invariant (union s1 s2) = true.
+  Proof.
+    intro s1.
+    induction s1 as [| [y1 c1] l1 IH1]. {
+      intros s2 _ H_inv_s2.
+      rewrite union_alt_def /InZ //.
+    } {
+      induction s2 as [| [y2 c2] l2 IH2]. {
+        intros H_inv_s1 _.
+        rewrite union_alt_def /InZ //.
+      } {
+        move ⇒ H_inv_s1 H_inv_s2.
+        move : (H_inv_s1) (H_inv_s2).
+        rewrite !interval_list_invariant_cons.
+        move ⇒ [H_gr_l1] [H_c1_neq_0] H_inv_l1.
+        move ⇒ [H_gr_l2] [H_c2_neq_0] H_inv_l2.
+        move : (IH2 H_inv_s1 H_inv_l2) ⇒ {} IH2.
+        have : ∀ s2 : t,
+          interval_list_invariant s2 = true →
+          interval_list_invariant (union l1 s2) = true. {
+          intros. by apply IH1.
+        }
+        move ⇒ {} IH1.
+ +
+        rewrite union_alt_def.
+        move : (interval_compare_elim y1 c1 y2 c2).
+        case (interval_compare (y1, c1) (y2, c2)). {
+          move ⇒ H_lt_y2.
+          have H_inv' : interval_list_invariant (union l1 ((y2, c2) :: l2)) = true. {
+            by apply IH1.
+          }
+
+          rewrite interval_list_invariant_cons.
+          repeat split ⇒ //.
+          apply interval_list_elements_greater_intro ⇒ // x.
+          rewrite union_InZ ⇒ //.
+          move ⇒ []. {
+            apply interval_list_elements_greater_alt2_def ⇒ //.
+          } {
+            apply interval_list_elements_greater_alt2_def ⇒ //.
+            rewrite interval_list_elements_greater_cons //.
+          }
+        } {
+          move ⇒ H_y2_eq.
+          apply IH1.
+          apply insert_interval_begin_spec ⇒ //. {
+            eapply interval_list_elements_greater_impl; last apply H_gr_l2.
+            rewrite -H_y2_eq -Z.add_assoc -N2Z.inj_add.
+            apply Z_le_add_r.
+          } {
+            rewrite N.eq_add_0.
+            tauto.
+          }
+        } {
+          move ⇒ [H_y1_lt] _.
+          apply IH1.
+          apply insert_interval_begin_spec ⇒ //. {
+            eapply interval_list_elements_greater_impl; last apply H_gr_l2.
+            apply Z_lt_le_add_r ⇒ //.
+          } {
+            apply merge_interval_size_neq_0 ⇒ //.
+          }
+        } {
+          move ⇒ [H_y2_lt] _.
+          apply IH1.
+          apply insert_interval_begin_spec ⇒ //. {
+            eapply interval_list_elements_greater_impl; last apply H_gr_l2.
+            apply Z_le_add_r ⇒ //.
+          } {
+            apply merge_interval_size_neq_0 ⇒ //.
+          }
+        } {
+          move ⇒ [? ?]; subst.
+          apply IH1 ⇒ //.
+        } {
+          move ⇒ _.
+          apply IH1 ⇒ //.
+        } {
+          move ⇒ _.
+          apply IH2 ⇒ //.
+        } {
+          move ⇒ H_lt_y1.
+          rewrite interval_list_invariant_cons ⇒ //.
+          repeat split ⇒ //.
+          apply interval_list_elements_greater_intro ⇒ // x.
+          rewrite union_InZ ⇒ //.
+          move ⇒ []. {
+            apply interval_list_elements_greater_alt2_def ⇒ //.
+            rewrite interval_list_elements_greater_cons //.
+          } {
+            apply interval_list_elements_greater_alt2_def ⇒ //.
+          }
+        } {
+          move ⇒ H_y1_eq.
+          apply IH1 ⇒ //.
+          apply insert_interval_begin_spec ⇒ //. {
+            eapply interval_list_elements_greater_impl; last apply H_gr_l2.
+            apply Z_le_add_r.
+          } {
+            rewrite N.eq_add_0.
+            tauto.
+          }
+        }
+      }
+    }
+  Qed.
+ +
+ +
+  Global Instance union_ok s1 s2 : ∀ `(Ok s1, Ok s2), Ok (union s1 s2).
+  Proof.
+    move ⇒ H_ok_s1 H_ok_s2.
+    move : (H_ok_s1) (H_ok_s2).
+    rewrite /Ok /IsOk /is_encoded_elems_list /add.
+    move ⇒ [H_inv_s1] H_pre1.
+    move ⇒ [H_inv_s2] H_pre2.
+    split. {
+      apply union_invariant ⇒ //.
+    } {
+      intros y.
+      move : (union_InZ s1 s2 H_inv_s1 H_inv_s2).
+      rewrite /InZ ⇒ →.
+      move ⇒ []. {
+        apply H_pre1.
+      } {
+        apply H_pre2.
+      }
+    }
+  Qed.
+ +
+  Lemma union_spec :
+   âˆ€ (s s' : t) (x : elt) (Hs : Ok s) (Hs' : Ok s'),
+   In x (union s s') ↔ In x s ∨ In x s'.
+  Proof.
+    intros s s' x H_ok H_ok'.
+    rewrite !In_InZ.
+    rewrite union_InZ ⇒ //. {
+      apply H_ok.
+    } {
+      apply H_ok'.
+    }
+  Qed.
+ +
+
+ +
+

inter specification

+ +
+
+ +
+  Lemma inter_aux_alt_def :
+    âˆ€ (y2 : Z) (c2 : N) (s : t) acc,
+      inter_aux y2 c2 acc s = match inter_aux y2 c2 nil s with
+                               (acc', s') ⇒ (acc' ++ acc, s')
+                             end.
+  Proof.
+    intros y2 c2.
+    induction s as [| [y1 c1] s' IH] ⇒ acc. {
+      rewrite /inter_aux app_nil_l //.
+    } {
+      simpl.
+      case_eq (inter_aux y2 c2 nil s') ⇒ acc'' s'' H_eq.
+      case (interval_compare (y1, c1) (y2, c2));
+        rewrite ?(IH acc)
+                ?(IH ((y2, Z.to_N (y1 + Z.of_N c1 - y2)) :: acc))
+                ?(IH ((y2, Z.to_N (y1 + Z.of_N c1 - y2)) :: nil))
+                ?(IH ((y1, Z.to_N (y2 + Z.of_N c2 - y1)) :: acc))
+                ?(IH ((y1, Z.to_N (y2 + Z.of_N c2 - y1)) :: nil))
+                ?(IH ((y1, c1) :: acc))
+                ?(IH ((y1, c1) :: nil))
+                
+                ?H_eq -?app_assoc -?app_comm_cons //.
+    }
+  Qed.
+ +
+  Lemma inter_aux_props :
+    âˆ€ (y2 : Z) (c2 : N) (s : t) acc,
+      interval_list_invariant (rev acc) = true →
+      interval_list_invariant s = true →
+      (∀ x1 x2, InZ x1 acc → InZ x2 s →
+                     List.In x2 (elementsZ_single y2 c2) →
+                     Z.succ x1 < x2) →
+      (c2 ≠ 0%N) →
+      match (inter_aux y2 c2 acc s) with (acc', s') ⇒
+        (∀ y, (InZ y acc' ↔
+                   (InZ y acc ∨ (InZ y s ∧ (List.In y (elementsZ_single y2 c2)))))) ∧
+        (∀ y, InZ y s' → InZ y s) ∧
+        (∀ y, InZ y s → y2 + Z.of_N c2 < y → InZ y s') ∧
+        interval_list_invariant (rev acc') = true ∧
+        interval_list_invariant s' = true
+      end.
+  Proof.
+    intros y2 c2.
+    induction s as [| [y1 c1] s1' IH] ⇒ acc. {
+      rewrite /inter_aux.
+      move ⇒ H_inv_acc _ _ _.
+      split; last split; try done.
+      move ⇒ y. rewrite InZ_nil.
+      tauto.
+    } {
+      rewrite interval_list_invariant_cons.
+      move ⇒ H_inv_acc [H_gr_s1'] [H_c1_neq_0] H_inv_s1'.
+      move ⇒ H_in_acc_lt H_c2_neq_0.
+ +
+      rewrite inter_aux_alt_def.
+      case_eq (inter_aux y2 c2 nil ((y1, c1) :: s1')).
+      move ⇒ acc' s' H_inter_aux_eq.
+ +
+      set P1 := ∀ y : Z,
+        (InZ y acc' ↔
+        ((InZ y ((y1, c1) :: s1') ∧ List.In y (elementsZ_single y2 c2)))).
+      set P2 := (∀ y,
+                  (InZ y s' → InZ y ((y1, c1) :: s1')) ∧
+                  (InZ y ((y1, c1) :: s1') →
+                     y2 + Z.of_N c2 < y → InZ y s')).
+      set P3 := interval_list_invariant (rev acc') = true.
+      set P4 := interval_list_invariant s' = true.
+ +
+      suff : (P1 ∧ P2 ∧ P3 ∧ P4). {
+        move ⇒ [H_P1] [H_P2] [H_P3] H_P4.
+        split; last split; last split; last split. {
+          move ⇒ y.
+          move : (H_P1 y).
+          rewrite !InZ_app InZ_cons !In_elementsZ_single.
+          move ⇒ <-.
+          tauto.
+        } {
+          move ⇒ y H_y_in.
+          by apply H_P2.
+        } {
+          move ⇒ y H_y_in.
+          by apply H_P2.
+        } {
+          rewrite rev_app_distr.
+          apply interval_list_invariant_app_intro ⇒ //.
+          move ⇒ x1 x2.
+          rewrite !InZ_rev.
+          move ⇒ H_x1_in /H_P1 [H_x2_in1] H_x2_in2.
+          apply H_in_acc_lt ⇒ //.
+        } {
+          apply H_P4.
+        }
+      }
+
+      move : (H_gr_s1').
+      rewrite interval_list_elements_greater_alt2_def ⇒ // ⇒ H_gr_s1'_alt.
+ +
+      have : ∀ (acc : list (Z × N)),
+        interval_list_invariant (rev acc) = true →
+        (∀ y, InZ y acc ↔ (
+           y1 ≤ y < y1 + Z.of_N c1 ∧
+           y2 ≤ y < y2 + Z.of_N c2)) →
+        (y1 + Z.of_N c1 ≤ y2 + Z.of_N c2) →
+        (inter_aux y2 c2 acc s1' = (acc', s')) →
+        P1 ∧ P2 ∧ P3 ∧ P4. {
+        
+        intros acc0 H_inv_acc0 H_in_acc0 H_y2c_lt H_inter_aux_eq0.
+        have H_in_acc0_lt : (∀ x1 x2 : Z,
+          InZ x1 acc0 →
+          InZ x2 s1' →
+          List.In x2 (elementsZ_single y2 c2) →
+          Z.succ x1 < x2). {
+
+          intros x1 x2 H_x1_in_acc0 H_x2_in_s1' H_x2_in_yc2.
+ +
+          suff H_yc1_lt_x2 : Z.succ x1 ≤ y1 + Z.of_N c1. {
+            apply Z.le_lt_trans with (m := y1 + Z.of_N c1) ⇒ //.
+            by apply H_gr_s1'_alt.
+          }
+          move : (H_x1_in_acc0).
+          rewrite H_in_acc0 Z.le_succ_l.
+          tauto.
+        }
+        
+        move : (IH acc0 H_inv_acc0 H_inv_s1' H_in_acc0_lt H_c2_neq_0).
+        rewrite H_inter_aux_eq0.
+        move ⇒ [H1] [H2] [H3] [H4] H5.
+        split; last split ⇒ //. {
+          move ⇒ y.
+          rewrite (H1 y).
+          rewrite InZ_cons !In_elementsZ_single
+                  H_in_acc0.
+          tauto.
+        } {
+          move ⇒ y.
+          split. {
+            move ⇒ /H2.
+            rewrite InZ_cons.
+            by right.
+          } {
+            rewrite InZ_cons In_elementsZ_single.
+            move ⇒ []. {
+              move ⇒ [_] H_y_lt H_lt_y.
+              exfalso.
+              suff : (y < y) by apply Z.lt_irrefl.
+              apply Z.lt_le_trans with (m := y1 + Z.of_N c1) ⇒ //.
+              apply Z.le_trans with (m := y2 + Z.of_N c2) ⇒ //.
+ +
+              by apply Z.lt_le_incl.
+            } {
+              apply H3.
+            }
+          }
+        }
+      }
+      move ⇒ {} IH.
+ +
+      clear H_inv_acc H_in_acc_lt acc.
+      move : (interval_compare_elim y1 c1 y2 c2) H_inter_aux_eq.
+      unfold inter_aux.
+      case_eq (interval_compare (y1, c1) (y2, c2)) ⇒ H_comp;
+         fold inter_aux. {
+        move ⇒ H_lt_y2.
+        apply IH. {
+          done.
+        } {
+          move ⇒ x.
+          rewrite InZ_nil.
+          split ⇒ //.
+          lia.
+        } {
+          apply Z.le_trans with (m := y2). {
+            by apply Z.lt_le_incl.
+          } {
+            apply Z_le_add_r.
+          }
+        }
+      } {
+        move ⇒ H_eq_y2.
+        apply IH. {
+          done.
+        } {
+          move ⇒ x.
+          rewrite InZ_nil.
+          split ⇒ //.
+          lia.
+        } {
+          rewrite H_eq_y2.
+          apply Z_le_add_r.
+        }
+      } {
+        move ⇒ [H_y1_lt_y2] [H_y2_lt_yc1] H_yc1_lt_yc2.
+        apply IH. {
+          rewrite interval_list_invariant_sing.
+          by apply Z_to_N_minus_neq_0.
+        } {
+          move ⇒ x.
+          rewrite InZ_cons InZ_nil In_elementsZ_single Z2N.id; last lia.
+          replace (y1 + (y2 - y1)) with y2 by lia.
+          split; lia.
+        } {
+          by apply Z.lt_le_incl.
+        }
+      } {
+        rewrite /P1 /P2 /P3 /P4.
+        move ⇒ [H_y2_lt] [H_y1_lt] H_yc1_lt.
+        move ⇒ [] H_acc' H_s'.
+        clear IH P1 P2 P3 P4 H_comp.
+        subst s' acc'.
+        split; last split; last split. {
+          move ⇒ y.
+          have H_yc2_intro : y1 + Z.of_N (Z.to_N (y2 + Z.of_N c2 - y1)) =
+                             y2 + Z.of_N c2. {
+            rewrite Z2N.id; lia.
+          }
+          
+          rewrite !InZ_cons !In_elementsZ_single InZ_nil H_yc2_intro.
+          split. {
+            move ⇒ [] //.
+            move ⇒ [H_y1_le] H_y_lt.
+            split; last by lia.
+            left. lia.
+          } {
+            move ⇒ [H_in_s] [H_y2_le] H_y_lt.
+            left.
+            split; last assumption.
+            move : H_in_s ⇒ []. {
+              tauto.
+            } {
+              move ⇒ /H_gr_s1'_alt H_lt_y.
+              apply Z.le_trans with (m := y1 + Z.of_N c1). {
+                by apply Z_le_add_r.
+              } {
+                by apply Z.lt_le_incl.
+              }
+            }
+          }
+        } {
+          move ⇒ y.
+          split; done.
+        } {
+          rewrite interval_list_invariant_sing.
+          by apply Z_to_N_minus_neq_0.
+        } {
+          by rewrite interval_list_invariant_cons.
+        }
+      } {
+        rewrite /P1 /P2 /P3 /P4.
+        move ⇒ [H_y12_eq] H_c12_eq [] H_acc' H_s'.
+        clear IH P1 P2 P3 P4 H_comp.
+        subst.
+        split; last split; last split. {
+          move ⇒ y.
+          rewrite !InZ_cons InZ_nil In_elementsZ_single.
+          split; last by tauto. {
+            move ⇒ [] //.
+            tauto.
+          }
+        } {
+          move ⇒ y.
+          rewrite InZ_cons In_elementsZ_single.
+          split; first by right.
+          move ⇒ [] //.
+          move ⇒ [_] H_y_lt H_lt_y.
+          exfalso.
+          suff : (y2 + Z.of_N c2 < y2 + Z.of_N c2) by
+              apply Z.lt_irrefl.
+          apply Z.lt_trans with (m := y) ⇒ //.
+        } {
+          rewrite interval_list_invariant_sing //.
+        } {
+          assumption.
+        }
+      } {
+        move ⇒ [H_y2_le_y1] [H_yc1_le_yc2] _.
+        apply IH. {
+          by rewrite interval_list_invariant_sing.
+        } {
+          move ⇒ y.
+          rewrite InZ_cons InZ_nil In_elementsZ_single.
+          split. {
+            move ⇒ [] //.
+            move ⇒ [H_y1_le] H_y_lt.
+            split; first done.
+            split; lia.
+          } {
+            move ⇒ [?] _.
+            by left.
+          }
+        } {
+          assumption.
+        }
+      } {
+        rewrite /P1 /P2 /P3 /P4.
+        move ⇒ [H_y1_le] [H_yc2_le] _.
+        move ⇒ [] H_acc' H_s'.
+        clear IH P1 P2 P3 P4 H_comp.
+        subst.
+        split; last split; last split. {
+          move ⇒ y.
+          rewrite !InZ_cons !In_elementsZ_single InZ_nil.
+          split. {
+            move ⇒ [] //.
+            move ⇒ [H_y2_le] H_y_lt.
+            split; last by lia.
+            left. lia.
+          } {
+            move ⇒ [H_in_s] [H_y2_le] H_y_lt.
+            by left.
+          }
+        } {
+          tauto.
+        } {
+          by rewrite interval_list_invariant_sing.
+        } {
+          by rewrite interval_list_invariant_cons.
+        }
+      } {
+        rewrite /P1 /P2 /P3 /P4.
+        move ⇒ H_yc2_lt [] H_acc' H_s'.
+        clear IH P1 P2 P3 P4 H_comp.
+        subst.
+        split; last split; last split. {
+          move ⇒ y.
+          rewrite InZ_cons !In_elementsZ_single InZ_nil.
+          split; first done.
+          move ⇒ [] []. {
+            move ⇒ [H_y1_le_y] H_y_lt_yc1.
+            move ⇒ [H_y2_le_y] H_y_lt_yc2.
+            lia.
+          } {
+            move ⇒ /H_gr_s1'_alt H_lt_y [_] H_y_lt.
+            suff : (y1 + Z.of_N c1 < y1). {
+              apply Z.nlt_ge.
+              apply Z_le_add_r.
+            }
+            lia.
+          }
+        } {
+          tauto.
+        } {
+          done.
+        } {
+          by rewrite interval_list_invariant_cons.
+        }
+      } {
+        rewrite /P1 /P2 /P3 /P4.
+        move ⇒ H_y1_eq [] H_acc' H_s'.
+        clear IH P1 P2 P3 P4 H_comp.
+        subst acc' s'.
+        split; last split; last split. {
+          move ⇒ y.
+          rewrite InZ_cons !In_elementsZ_single InZ_nil.
+          split; first done.
+          move ⇒ [] []. {
+            move ⇒ [H_y1_le_y] H_y_lt_yc1.
+            move ⇒ [H_y2_le_y] H_y_lt_yc2.
+            lia.
+          } {
+            move ⇒ /H_gr_s1'_alt H_lt_y [_] H_y_lt.
+            suff : (y1 + Z.of_N c1 < y1). {
+              apply Z.nlt_ge.
+              apply Z_le_add_r.
+            }
+            lia.
+          }
+        } {
+          tauto.
+        } {
+          done.
+        } {
+          by rewrite interval_list_invariant_cons.
+        }
+      }
+    }
+  Qed.
+ +
+  Lemma inter_aux2_props :
+   âˆ€ (s2 s1 acc : t),
+    interval_list_invariant (rev acc) = true →
+    interval_list_invariant s1 = true →
+    interval_list_invariant s2 = true →
+    (∀ x1 x2, InZ x1 acc → InZ x2 s1 → InZ x2 s2 → Z.succ x1 < x2) →
+    ((∀ y, (InZ y (inter_aux2 acc s1 s2) ↔
+               (InZ y acc) ∨ ((InZ y s1) ∧ InZ y s2))) ∧
+    (interval_list_invariant (inter_aux2 acc s1 s2) = true)).
+  Proof.
+    induction s2 as [| [y2 c2] s2' IH]. {
+      move ⇒ s1 acc.
+      move ⇒ H_inv_acc _ _ _.
+      unfold inter_aux2.
+      replace (match s1 with
+        | nil ⇒ rev' acc
+        | _ :: _ ⇒ rev' acc
+               end) with (rev' acc); last by case s1.
+      rewrite /rev' rev_append_rev app_nil_r.
+      split; last done.
+      move ⇒ y.
+      rewrite InZ_nil InZ_rev.
+      tauto.
+    } {
+      intros s1 acc H_inv_acc H_inv_s1.
+      rewrite interval_list_invariant_cons.
+      move ⇒ [H_gr_s2'] [H_c2_neq_0] H_inv_s2'.
+      move ⇒ H_acc_s12.
+ +
+      move : H_gr_s2'.
+      rewrite interval_list_elements_greater_alt2_def //.
+      move ⇒ H_gr_s2'.
+ +
+      rewrite /inter_aux2; fold inter_aux2.
+      case_eq s1. {
+        move ⇒ H_s1_eq.
+        split. {
+          move ⇒ y.
+          rewrite /rev' rev_append_rev app_nil_r InZ_nil
+                  InZ_rev.
+          tauto.
+        } {
+          rewrite /rev' rev_append_rev app_nil_r //.
+        }
+      } {
+        move ⇒ [_ _] _ <-.
+        case_eq (inter_aux y2 c2 acc s1).
+        move ⇒ acc' s1' H_inter_aux_eq.
+ +
+        have H_acc_s1_yc2 : ∀ x1 x2 : Z,
+          InZ x1 acc →
+          InZ x2 s1 →
+          List.In x2 (elementsZ_single y2 c2) →
+          Z.succ x1 < x2. {
+          intros x1 x2 H_x1_in H_x2_in1 H_x2_in2.
+          apply H_acc_s12 ⇒ //.
+          rewrite InZ_cons; by left.
+        }
+
+        move : (inter_aux_props y2 c2 s1 acc H_inv_acc H_inv_s1 H_acc_s1_yc2 H_c2_neq_0).
+        rewrite H_inter_aux_eq.
+        move ⇒ [H_in_acc'] [H_in_s1'_elim] [H_in_s1'_intro]
+                [H_inv_acc'] H_inv_s1'.
+ +
+        have H_in_acc'_s2' : ∀ x1 x2 : Z,
+            InZ x1 acc' → InZ x2 s1' → InZ x2 s2' → Z.succ x1 < x2. {
+          move ⇒ x1 x2 /H_in_acc'.
+          move ⇒ []. {
+            move ⇒ H_in_acc H_in_s1' H_in_s2'.
+            apply H_acc_s12 ⇒ //. {
+              by apply H_in_s1'_elim.
+            } {
+              rewrite InZ_cons; by right.
+            }
+          } {
+            rewrite In_elementsZ_single.
+            move ⇒ [H_in_s1] [_] H_x1_lt _.
+            move ⇒ /H_gr_s2' H_lt_x2.
+            apply Z.le_lt_trans with (m := y2 + Z.of_N c2) ⇒ //.
+            by apply Z.le_succ_l.
+          }
+        }
+       
+        move : (IH s1' acc' H_inv_acc' H_inv_s1' H_inv_s2' H_in_acc'_s2').
+        move ⇒ [H_inZ_res] H_inv_res.
+        split; last assumption.
+        move ⇒ y.
+        rewrite H_inZ_res H_in_acc' InZ_cons
+                In_elementsZ_single.
+        split. {
+          move ⇒ []; first by tauto.
+          move ⇒ [H_y_in_s1' H_y_in_s2'].
+          right.
+          split; last by right.
+          by apply H_in_s1'_elim.
+        } {
+          move ⇒ []. {
+            move ⇒ H_y_in_acc.
+            by left; left.
+          } {
+            move ⇒ [H_y_in_s1].
+            move ⇒ []. {
+              move ⇒ H_in_yc2.
+              by left; right.
+            } {
+              right.
+              split; last assumption.
+              apply H_in_s1'_intro ⇒ //.
+              by apply H_gr_s2'.
+            }
+          }
+        }
+      }
+    }
+  Qed.
+ +
+  Lemma inter_InZ :
+   âˆ€ (s1 s2 : t),
+    interval_list_invariant s1 = true →
+    interval_list_invariant s2 = true →
+    âˆ€ y, (InZ y (inter s1 s2) ↔ InZ y s1 ∧ InZ y s2).
+  Proof.
+    intros s1 s2 H_inv_s1 H_inv_s2 y.
+    rewrite /inter.
+ +
+    move : (inter_aux2_props s2 s1 nil).
+    move ⇒ [] //.
+    move ⇒ H_in_inter _.
+    rewrite H_in_inter InZ_nil.
+    tauto.
+  Qed.
+ +
+  Lemma inter_invariant :
+   âˆ€ (s1 s2 : t),
+    interval_list_invariant s1 = true →
+    interval_list_invariant s2 = true →
+    interval_list_invariant (inter s1 s2) = true.
+  Proof.
+    intros s1 s2 H_inv_s1 H_inv_s2.
+    rewrite /inter.
+ +
+    move : (inter_aux2_props s2 s1 nil).
+    move ⇒ [] //.
+  Qed.
+ +
+ +
+  Global Instance inter_ok s1 s2 : ∀ `(Ok s1, Ok s2), Ok (inter s1 s2).
+  Proof.
+    move ⇒ H_ok_s1 H_ok_s2.
+    move : (H_ok_s1) (H_ok_s2).
+    rewrite /Ok /IsOk /is_encoded_elems_list /add.
+    move ⇒ [H_inv_s1] H_pre1.
+    move ⇒ [H_inv_s2] H_pre2.
+    split. {
+      apply inter_invariant ⇒ //.
+    } {
+      intros y.
+      move : (inter_InZ s1 s2 H_inv_s1 H_inv_s2).
+      rewrite /InZ ⇒ →.
+      move ⇒ [].
+      move ⇒ /H_pre1 //.
+    }
+  Qed.
+ +
+  Lemma inter_spec :
+   âˆ€ (s s' : t) (x : elt) (Hs : Ok s) (Hs' : Ok s'),
+   In x (inter s s') ↔ In x s ∧ In x s'.
+  Proof.
+    intros s s' x H_ok H_ok'.
+    rewrite !In_InZ.
+    rewrite inter_InZ ⇒ //. {
+      apply H_ok.
+    } {
+      apply H_ok'.
+    }
+  Qed.
+ +
+ +
+
+ +
+

diff specification

+ +
+
+ +
+  Lemma diff_aux_alt_def :
+    âˆ€ (y2 : Z) (c2 : N) (s : t) acc,
+      diff_aux y2 c2 acc s = match diff_aux y2 c2 nil s with
+                               (acc', s') ⇒ (acc' ++ acc, s')
+                             end.
+  Proof.
+    intros y2 c2.
+    induction s as [| [y1 c1] acc' IH] ⇒ acc. {
+      rewrite /diff_aux app_nil_l //.
+    } {
+      simpl.
+      case_eq (diff_aux y2 c2 nil acc') ⇒ acc'' s'' H_eq.
+      case (interval_compare (y1, c1) (y2, c2));
+        rewrite ?(IH ((y1, c1)::acc)) ?(IH ((y1, c1)::nil))
+                ?(IH acc) ?(IH ((y1, Z.to_N (y2 - y1)) :: acc))
+                ?(IH ((y1, Z.to_N (y2 - y1)) :: nil)) ?H_eq;
+        rewrite ?insert_intervalZ_guarded_app -?app_assoc -?app_comm_cons //.
+    }
+  Qed.
+ +
+ +
+  Lemma diff_aux_props :
+    âˆ€ (y2 : Z) (c2 : N) (s : t) acc,
+      interval_list_invariant (List.rev acc) = true →
+      interval_list_invariant s = true →
+      (∀ x1 x2, InZ x1 acc → InZ x2 s → Z.succ x1 < x2) →
+      (∀ x, InZ x acc → x < y2) →
+      (c2 ≠ 0%N) →
+      match (diff_aux y2 c2 acc s) with
+        (acc', s') ⇒ (∀ y, InZ y (List.rev_append acc' s') ↔
+                                 InZ y (List.rev_append acc s) ∧ ~(List.In y (elementsZ_single y2 c2))) ∧
+                      (interval_list_invariant (List.rev_append acc' s') = true) ∧
+                      (∀ x, InZ x acc' → x < y2 + Z.of_N c2)
+      end.
+  Proof.
+    intros y2 c2.
+    induction s as [| [y1 c1] s1' IH] ⇒ acc. {
+      rewrite /diff_aux -rev_alt.
+      move ⇒ H_inv_acc _ _ H_in_acc H_c2_neq.
+      split; last split. {
+        move ⇒ y; split; last by move ⇒ [] //.
+        rewrite InZ_rev.
+        move ⇒ H_in. split ⇒ //.
+        move ⇒ /In_elementsZ_single ⇒ [] [] /Z.nlt_ge H_neq.
+        contradict H_neq.
+        by apply H_in_acc.
+      } {
+        assumption.
+      } {
+        intros x H_in_acc'.
+        apply Z.lt_le_trans with (m := y2). {
+          by apply H_in_acc.
+        } {
+          by apply Z_le_add_r.
+        }
+      }
+    } {
+      rewrite interval_list_invariant_cons.
+      move ⇒ H_inv_acc [H_gr_s1'] [H_c1_neq_0] H_inv_s1'.
+      move ⇒ H_in_s1 H_in_acc H_c2_neq_0.
+ +
+      rewrite diff_aux_alt_def.
+      case_eq (diff_aux y2 c2 nil ((y1, c1) :: s1')).
+      move ⇒ acc' s' H_diff_aux_eq.
+ +
+      set P1 := ∀ y : Z,
+        (InZ y acc' ∨ InZ y s') ↔
+        InZ y ((y1, c1) :: s1') ∧ ¬ List.In y (elementsZ_single y2 c2).
+      set P2 := interval_list_invariant (rev acc' ++ s') = true.
+      set P3 := ∀ x : Z, InZ x acc' → (x < y2 + Z.of_N c2).
+ +
+      suff : (P1 ∧ P2 ∧ P3). {
+        move ⇒ [H_P1] [H_P2] H_P3.
+        split; last split. {
+          move ⇒ y.
+          move : (H_P1 y).
+          rewrite !rev_append_rev rev_app_distr !InZ_app
+                  !InZ_rev In_elementsZ_single.
+          suff : (InZ y acc → ¬ y2 ≤ y < y2 + Z.of_N c2). {
+            tauto.
+          }
+          move ⇒ /H_in_acc H_y_lt [H_y_ge] _.
+          contradict H_y_ge.
+          by apply Zlt_not_le.
+        } {
+          rewrite rev_append_rev rev_app_distr -app_assoc.
+          apply interval_list_invariant_app_intro ⇒ //.
+          move ⇒ x1 x2.
+          rewrite InZ_app !InZ_rev.
+          move ⇒ H_in_acc' H_x2_in_s'.
+          suff : (InZ x2 ((y1, c1)::s1')). {
+            by apply H_in_s1.
+          }
+          move : (H_P1 x2).
+          tauto.
+        } {
+          move ⇒ x.
+          rewrite InZ_app.
+          move ⇒ []. {
+            apply H_P3.
+          } {
+            move ⇒ /H_in_acc H_x_lt.
+            eapply Z.lt_trans; eauto.
+            by apply Z_lt_add_r.
+          }
+        }
+      }
+
+      move : (H_gr_s1').
+      rewrite interval_list_elements_greater_alt2_def ⇒ // ⇒ H_gr_s1'_alt.
+ +
+      have : ∀ (acc : list (Z × N)),
+        interval_list_invariant (rev acc) = true →
+        (∀ x : Z,
+            InZ x acc ↔
+            ((y1 ≤ x < y1 + Z.of_N c1) ∧ (x < y2))) →
+        (y1 + Z.of_N c1 ≤ y2 + Z.of_N c2) →
+        (diff_aux y2 c2 acc s1' = (acc', s')) →
+        P1 ∧ P2 ∧ P3. {
+        
+        intros acc0 H_inv_acc0 H_in_acc0 H_c1_before H_diff_aux_eq0.
+        have H_in_s1' : (∀ x1 x2 : Z,
+                            InZ x1 acc0 → InZ x2 s1' → Z.succ x1 < x2). {
+          intros x1 x2 H_x1_in_acc0.
+          move ⇒ /H_gr_s1'_alt.
+ +
+          eapply Z.le_lt_trans.
+          move : H_x1_in_acc0.
+          rewrite Z.le_succ_l H_in_acc0.
+          tauto.
+        }
+        have H_in_acc0' : (∀ x : Z, InZ x acc0 → x < y2). {
+          move ⇒ x.
+          rewrite H_in_acc0.
+          move ⇒ [_] //.
+        }
+        move : (IH acc0 H_inv_acc0 H_inv_s1' H_in_s1' H_in_acc0' H_c2_neq_0).
+        rewrite H_diff_aux_eq0 !rev_append_rev.
+        move ⇒ [H1] [H2] H3.
+        split; last split ⇒ //. {
+          move ⇒ y.
+          move : (H1 y).
+          rewrite !InZ_app !InZ_rev In_elementsZ_single.
+          move ⇒ →.
+          rewrite InZ_cons In_elementsZ_single.
+          split. {
+            rewrite H_in_acc0 -(Z.nle_gt y2 y).
+            tauto.
+          } {
+            rewrite H_in_acc0 -(Z.nle_gt y2 y).
+            move ⇒ [] H_in H_nin_i2.
+            split; last by assumption.
+            move : H_in ⇒ [] H_in; last by right.
+            left.
+            lia.
+          }
+        }
+      }
+      move ⇒ {} IH.
+ +
+      clear H_inv_acc H_in_s1 H_in_acc acc.
+      move : (interval_compare_elim y1 c1 y2 c2) H_diff_aux_eq.
+      unfold diff_aux.
+      case_eq (interval_compare (y1, c1) (y2, c2)) ⇒ H_comp;
+                                                        fold diff_aux. {
+        move ⇒ H_lt_y2.
+        apply IH. {
+          by rewrite interval_list_invariant_sing.
+        } {
+          move ⇒ x.
+          rewrite InZ_cons In_elementsZ_single.
+          split; last by tauto.
+          move ⇒ []; last done.
+          move ⇒ [H_y1_le H_x_lt].
+          split; first done.
+          eapply Z.lt_trans; eauto.
+        } {
+          apply Z.le_trans with (m := y2).
+            - by apply Z.lt_le_incl.
+            - by apply Z_le_add_r.
+        }
+      } {
+        move ⇒ H_eq_y2.
+        apply IH. {
+          by rewrite interval_list_invariant_sing.
+        } {
+          move ⇒ x.
+          rewrite InZ_cons In_elementsZ_single -H_eq_y2.
+          split; last by tauto.
+          move ⇒ []; last done.
+          move ⇒ []. done.
+        } {
+          rewrite H_eq_y2.
+          by apply Z_le_add_r.
+        }
+      } {
+        move ⇒ [H_y1_lt_y2] [H_y2_lt_yc1] H_yc1_lt_yc2.
+        apply IH. {
+          rewrite interval_list_invariant_sing.
+          by apply Z_to_N_minus_neq_0.
+        } {
+          move ⇒ x.
+          rewrite InZ_cons In_elementsZ_single Z2N.id; last lia.
+          replace (y1 + (y2 - y1)) with y2 by lia.
+          split; last tauto.
+          move ⇒ [] //.
+          move ⇒ [H_y1_le] H_x_lt.
+          repeat split ⇒ //.
+          apply Z.lt_trans with (m := y2) ⇒ //.
+        } {
+          by apply Z.lt_le_incl.
+        }
+      } {
+        rewrite /P1 /P2 /P3.
+        move ⇒ [H_y2_lt] [H_y1_lt] H_yc1_lt [H_acc'] H_s'.
+        clear IH P1 P2 P3 H_comp.
+        subst.
+        have H_yc1_intro : y2 + Z.of_N c2 + Z.of_N (Z.to_N (y1 + Z.of_N c1 - (y2 + Z.of_N c2))) = y1 + Z.of_N c1. {
+          rewrite Z2N.id; lia.
+        }
+        have H_nin_yc2 : ∀ y,
+            InZ y s1' → ¬ y2 ≤ y < y2 + Z.of_N c2. {
+          move ⇒ y /H_gr_s1'_alt H_lt_y.
+          move ⇒ [H_y2_le_y].
+          apply Z.le_ngt, Z.lt_le_incl.
+          by apply Z.lt_trans with (m := y1 + Z.of_N c1).
+        }
+        split; last split. {
+          move ⇒ y.
+          rewrite !InZ_cons !In_elementsZ_single H_yc1_intro.
+          split. {
+            move ⇒ [] //.
+            move ⇒ []. {
+              move ⇒ [H_le_y] H_y_lt.
+              split. {
+                left; lia.
+              } {
+                move ⇒ [_].
+                by apply Z.nlt_ge.
+              }
+            } {
+              move : (H_nin_yc2 y). tauto.
+            }
+          } {
+            move ⇒ [] []; last by right; right.
+            move ⇒ [H_y_ge] H_y_lt_yc1 H_nin_yc2'.
+            right; left. lia.
+          }
+        } {
+          rewrite interval_list_invariant_cons H_yc1_intro.
+          split ⇒ //.
+          split ⇒ //.
+          by apply Z_to_N_minus_neq_0.
+        } {
+          move ⇒ [] //.
+        }
+      } {
+        rewrite /P1 /P2 /P3.
+        move ⇒ [H_y12_eq] H_c12_eq [] H_acc' H_s'.
+        clear IH P1 P2 P3 H_comp.
+        subst.
+        split; last split. {
+          move ⇒ y.
+          rewrite InZ_cons In_elementsZ_single.
+          split; last by tauto. {
+            move ⇒ [] //.
+            move ⇒ H_y_in.
+            split; first by right.
+            move ⇒ [] _.
+            by apply Z.nlt_ge, Z.lt_le_incl, H_gr_s1'_alt.
+          }
+        } {
+          apply H_inv_s1'.
+        } {
+          move ⇒ x [] //.
+        }
+      } {
+        move ⇒ [H_y2_le_y1] [H_yc1_le_yc2] _.
+        apply IH. {
+          done.
+        } {
+          move ⇒ x.
+          split; first done.
+          lia.
+        } {
+          assumption.
+        }
+      } {
+        rewrite /P1 /P2 /P3.
+        move ⇒ [H_y1_le] [H_yc2_le_yc1] _ [] H_acc' H_s'.
+        clear IH P1 P2 P3 H_comp.
+        subst.
+        have H_yc1_intro : y2 + Z.of_N c2 + Z.of_N (Z.to_N (y1 + Z.of_N c1 - (y2 + Z.of_N c2))) = y1 + Z.of_N c1. {
+          rewrite Z2N.id; lia.
+        }
+        have H_y1_intro : y1 + Z.of_N (Z.to_N (y2 - y1)) = y2. {
+          rewrite Z2N.id; lia.
+        }
+        split; last split. {
+          move ⇒ y.
+          rewrite !InZ_insert_intervalZ_guarded
+                  !InZ_cons !In_elementsZ_single
+                  H_yc1_intro H_y1_intro InZ_nil.
+          split. {
+            rewrite -!or_assoc.
+            move ⇒ [[[]|]|] //. {
+              move ⇒ [H_y1_le_y] H_y_lt.
+              split. {
+                left.
+                split ⇒ //.
+                apply Z.lt_le_trans with (m := y2 + Z.of_N c2) ⇒ //.
+                apply Z.lt_trans with (m := y2) ⇒ //.
+                by apply Z_lt_add_r.
+              } {
+                move ⇒ [] /Z.le_ngt //.
+              }
+            } {
+              move ⇒ [H_y2c_le_y] H_y_lt_yc1.
+              split. {
+                left.
+                split ⇒ //.
+                apply Z.le_trans with (m := y2 + Z.of_N c2) ⇒ //.
+                apply Z.le_trans with (m := y2) ⇒ //.
+                apply Z_le_add_r.
+              } {
+                move ⇒ [] _ /Z.lt_nge //.
+              }
+            } {
+              move ⇒ H_y_in_s1'.
+              split; first by right.
+              suff H_suff : y2 + Z.of_N c2 ≤ y. {
+                move ⇒ [] _ /Z.lt_nge //.
+              }
+              apply Z.le_trans with (m := y1 + Z.of_N c1) ⇒ //.
+              apply Z.lt_le_incl.
+              by apply H_gr_s1'_alt.
+            }
+          } {
+            move ⇒ [] []; last by tauto.
+            move ⇒ [H_y1_le_y] H_y_lt H_neq_y2.
+            apply not_and in H_neq_y2; last by apply Z.le_decidable.
+            case H_neq_y2. {
+              move ⇒ /Z.nle_gt H_y_lt'.
+              left; left; done.
+            } {
+              move ⇒ /Z.nlt_ge H_le_y.
+              right; left; done.
+            }
+          }
+        } {
+          rewrite insert_intervalZ_guarded_rev_nil_app.
+          rewrite !interval_list_invariant_insert_intervalZ_guarded ⇒ //. {
+            rewrite H_yc1_intro ⇒ //.
+          } {
+            rewrite /insert_intervalZ_guarded.
+            case_eq ((Z.to_N (y1 + Z.of_N c1 - (y2 + Z.of_N c2)) =? 0)%N). {
+              rewrite H_y1_intro.
+              move ⇒ /N.eqb_eq /N2Z.inj_iff.
+              rewrite Z2N.id; last first. {
+                by apply Z.le_0_sub.
+              }
+              move ⇒ /Zminus_eq H_yc1_eq.
+              eapply interval_list_elements_greater_impl;
+                last apply H_gr_s1'.
+              rewrite H_yc1_eq.
+              apply Z_le_add_r.
+            } {
+              move ⇒ _.
+              rewrite interval_list_elements_greater_cons
+                      H_y1_intro.
+              by apply Z_lt_add_r.
+            }
+          }
+        } {
+          move ⇒ x.
+          rewrite InZ_insert_intervalZ_guarded InZ_cons In_elementsZ_single H_y1_intro InZ_nil.
+          move ⇒ [] //.
+          move ⇒ [_] H_x_lt.
+          apply Z.lt_le_trans with (m := y2) ⇒ //.
+          apply Z_le_add_r.
+        }
+      } {
+        rewrite /P1 /P2 /P3.
+        move ⇒ H_yc2_lt [] H_acc' H_s'.
+        clear IH P1 P2 P3 H_comp.
+        subst.
+        split; last split. {
+          move ⇒ y.
+          rewrite InZ_cons In_elementsZ_single.
+          split; last by tauto. {
+            move ⇒ [] //.
+            move ⇒ H_y_in.
+            split; first assumption.
+            rewrite In_elementsZ_single.
+            move ⇒ [] H_y2_le H_y_lt.
+            case H_y_in; first by lia.
+            move ⇒ /H_gr_s1'_alt H_lt_y.
+            suff : y2 + Z.of_N c2 < y. {
+              move ⇒ ?. lia.
+            }
+            apply Z.lt_trans with (m := y1 + Z.of_N c1) ⇒ //.
+            apply Z.lt_le_trans with (m := y1) ⇒ //.
+            apply Z_le_add_r.
+          }
+        } {
+          by rewrite interval_list_invariant_cons.
+        } {
+          done.
+        }
+      } {
+        rewrite /P1 /P2 /P3.
+        move ⇒ H_yc2_eq [] H_acc' H_s'.
+        clear IH P1 P2 P3 H_comp.
+        subst.
+        split; last split. {
+          move ⇒ y.
+          rewrite InZ_cons In_elementsZ_single.
+          split; last by tauto. {
+            move ⇒ [] //.
+            move ⇒ H_y_in.
+            split; first assumption.
+            rewrite In_elementsZ_single.
+            move ⇒ [] H_y2_le H_y_lt.
+            case H_y_in; first by lia.
+            move ⇒ /H_gr_s1'_alt H_lt_y.
+            suff : y2 + Z.of_N c2 < y. {
+              move ⇒ ?. lia.
+            }
+            apply Z.lt_trans with (m := (y2 + Z.of_N c2) + Z.of_N c1) ⇒ //.
+            by apply Z_lt_add_r.
+          }
+        } {
+          by rewrite interval_list_invariant_cons.
+        } {
+          done.
+        }
+      }
+    }
+  Qed.
+ +
+  Lemma diff_aux2_props :
+   âˆ€ (s2 s1 acc : t),
+    interval_list_invariant (rev_append acc s1) = true →
+    interval_list_invariant s2 = true →
+    (∀ x1 x2, InZ x1 acc → InZ x2 s2 → Z.succ x1 < x2) →
+    ((∀ y, (InZ y (diff_aux2 acc s1 s2) ↔
+               ((InZ y acc) ∨ (InZ y s1)) ∧ ¬InZ y s2)) ∧
+    (interval_list_invariant (diff_aux2 acc s1 s2) = true)).
+  Proof.
+    induction s2 as [| [y2 c2] s2' IH]. {
+      move ⇒ s1 acc H_inv_acc_s1 _ _.
+      rewrite /diff_aux2.
+      replace (match s1 with
+        | nil ⇒ rev_append acc s1
+        | _ :: _ ⇒ rev_append acc s1
+       end) with (rev_append acc s1); last by case s1.
+      split. {
+        move ⇒ y.
+        rewrite rev_append_rev InZ_app InZ_rev InZ_nil.
+        tauto.
+      } {
+        assumption.
+      }
+    } {
+      intros s1 acc H_inv_acc_s1.
+      rewrite interval_list_invariant_cons.
+      move ⇒ [H_gr_s2'] [H_c2_neq_0] H_inv_s2'.
+      move ⇒ H_acc_s2.
+      rewrite /diff_aux2; fold diff_aux2.
+      case_eq s1. {
+        move ⇒ H_s1_eq.
+        split. {
+          move ⇒ y.
+          rewrite rev_append_rev InZ_app InZ_nil InZ_rev.
+          split; last tauto.
+          move ⇒ [] // H_y_in.
+          split; first by left.
+          move ⇒ H_y_in'.
+          move : (H_acc_s2 _ _ H_y_in H_y_in').
+          apply Z.nlt_succ_diag_l.
+        } {
+          move : H_inv_acc_s1.
+           by rewrite H_s1_eq.
+        }
+      } {
+        move ⇒ [_ _] _ <-.
+        case_eq (diff_aux y2 c2 acc s1).
+        move ⇒ acc' s1' H_diff_aux_eq.
+ +
+        have H_acc_lt_y2 : (∀ x : Z, InZ x acc → x < y2). {
+          move ⇒ x H_x_in.
+          have H_y2_in: (InZ y2 ((y2,c2) :: s2')). {
+            rewrite InZ_cons.
+            left.
+            by apply In_elementsZ_single_hd.
+          }
+          move : (H_acc_s2 _ _ H_x_in H_y2_in).
+          apply Z.lt_trans, Z.lt_succ_diag_r.
+        }
+
+        have [H_inv_acc [H_inv_s1 H_acc_s1]] :
+          interval_list_invariant (rev acc) = true ∧
+          interval_list_invariant s1 = true ∧
+          (∀ x1 x2 : Z,
+             InZ x1 acc → InZ x2 s1 → Z.succ x1 < x2). {
+
+          move : H_inv_acc_s1.
+          rewrite rev_append_rev.
+          move ⇒ /interval_list_invariant_app_elim.
+          move ⇒ [?] [?] H_x.
+          split; first assumption.
+          split; first assumption.
+          move ⇒ x1 x2 H_in_x1.
+          apply H_x.
+          by rewrite InZ_rev.
+        }
+
+        move : (diff_aux_props y2 c2 s1 acc H_inv_acc H_inv_s1 H_acc_s1 H_acc_lt_y2 H_c2_neq_0).
+        rewrite !H_diff_aux_eq.
+        move ⇒ [H_inZ_res] [H_inv_res] H_inZ_acc'.
+ +
+        have H_acc'_s2' : (∀ x1 x2 : Z,
+                              InZ x1 acc' → InZ x2 s2' → Z.succ x1 < x2). {
+          move ⇒ x1 x2 H_x1_in H_x2_in.
+          apply Z.le_lt_trans with (m := y2 + Z.of_N c2). {
+            apply Z.le_succ_l.
+            by apply H_inZ_acc'.
+          } {
+            move : H_gr_s2'.
+            rewrite interval_list_elements_greater_alt2_def //.
+            move ⇒ H_gr_s2'.
+            by apply H_gr_s2'.
+          }
+        }
+
+        move : (IH s1' acc' H_inv_res H_inv_s2' H_acc'_s2').
+        move ⇒ [] H_inZ_diff_res →.
+        split; last done.
+        move ⇒ y.
+        rewrite H_inZ_diff_res.
+        move : (H_inZ_res y).
+        rewrite !rev_append_rev !InZ_app !InZ_rev InZ_cons.
+        move ⇒ →.
+        tauto.
+      }
+    }
+  Qed.
+ +
+  Lemma diff_InZ :
+   âˆ€ (s1 s2 : t),
+    interval_list_invariant s1 = true →
+    interval_list_invariant s2 = true →
+    âˆ€ y, (InZ y (diff s1 s2) ↔ InZ y s1 ∧ ¬InZ y s2).
+  Proof.
+    intros s1 s2 H_inv_s1 H_inv_s2 y.
+    rewrite /diff.
+ +
+    move : (diff_aux2_props s2 s1 nil).
+    move ⇒ [] //.
+    move ⇒ H_in_diff _.
+    rewrite H_in_diff InZ_nil.
+    tauto.
+  Qed.
+ +
+  Lemma diff_invariant :
+   âˆ€ (s1 s2 : t),
+    interval_list_invariant s1 = true →
+    interval_list_invariant s2 = true →
+    interval_list_invariant (diff s1 s2) = true.
+  Proof.
+    intros s1 s2 H_inv_s1 H_inv_s2.
+    rewrite /diff.
+ +
+    move : (diff_aux2_props s2 s1 nil).
+    move ⇒ [] //.
+  Qed.
+ +
+ +
+  Global Instance diff_ok s1 s2 : ∀ `(Ok s1, Ok s2), Ok (diff s1 s2).
+  Proof.
+    move ⇒ H_ok_s1 H_ok_s2.
+    move : (H_ok_s1) (H_ok_s2).
+    rewrite /Ok /IsOk /is_encoded_elems_list /add.
+    move ⇒ [H_inv_s1] H_pre1.
+    move ⇒ [H_inv_s2] H_pre2.
+    split. {
+      apply diff_invariant ⇒ //.
+    } {
+      intros y.
+      move : (diff_InZ s1 s2 H_inv_s1 H_inv_s2).
+      rewrite /InZ ⇒ →.
+      move ⇒ [].
+      move ⇒ /H_pre1 //.
+    }
+  Qed.
+ +
+  Lemma diff_spec :
+   âˆ€ (s s' : t) (x : elt) (Hs : Ok s) (Hs' : Ok s'),
+   In x (diff s s') ↔ In x s ∧ ¬In x s'.
+  Proof.
+    intros s s' x H_ok H_ok'.
+    rewrite !In_InZ.
+    rewrite diff_InZ ⇒ //. {
+      apply H_ok.
+    } {
+      apply H_ok'.
+    }
+  Qed.
+ +
+
+ +
+

remove specification

+ +
+
+ +
+  Lemma removeZ_alt_def : ∀ x s acc,
+    interval_list_invariant s = true →
+    removeZ_aux acc x s = match diff_aux x (1%N) acc s with
+                    (acc', s') ⇒ rev_append acc' s'
+                  end.
+  Proof.
+    intros y2.
+    induction s as [| [y1 c1] s' IH]; first done.
+ +
+    move ⇒ acc.
+    rewrite interval_list_invariant_cons /=.
+    move ⇒ [H_gr] [H_c1_neq_0] H_inv_s'.
+    move : (interval_1_compare_elim y2 y1 c1).
+    rewrite interval_1_compare_alt_def.
+    rewrite !(interval_compare_swap y1 c1 y2); last first. {
+      right. done.
+    }
+    move : (interval_compare_elim y1 c1 y2 (1%N)).
+    case_eq (interval_compare (y1, c1) (y2, (1%N))) ⇒ H_eq. {
+      move ⇒ H_lt_y2 _.
+      have H_yc2_nlt : ~(y2 < y1 + Z.of_N c1). {
+        by apply Z.nlt_ge, Z.lt_le_incl.
+      }
+      have H_y2_nlt : ~(y2 < y1). {
+        move ⇒ H_y2_y1.
+        apply H_yc2_nlt.
+        apply Z.lt_le_trans with (m := y1) ⇒ //.
+        apply Z_le_add_r.
+      }
+      move : (H_y2_nlt) (H_yc2_nlt) ⇒ /Z.ltb_nlt → /Z.ltb_nlt →.
+      rewrite IH //.
+    } {
+      move ⇒ H_lt_y2 _.
+      have H_yc2_nlt : ~(y2 < y1 + Z.of_N c1). {
+        apply Z.nlt_ge.
+        rewrite H_lt_y2.
+        apply Z.le_refl.
+      }
+      have H_y2_nlt : ~(y2 < y1). {
+        move ⇒ H_y2_y1.
+        apply H_yc2_nlt.
+        apply Z.lt_le_trans with (m := y1) ⇒ //.
+        apply Z_le_add_r.
+      }
+      move : (H_y2_nlt) (H_yc2_nlt) ⇒ /Z.ltb_nlt → /Z.ltb_nlt →.
+      rewrite IH //.
+    } {
+      done.
+    } {
+      done.
+    } {
+      move ⇒ [H_y1_eq] H_c1_eq.
+      move ⇒ [] // .
+      move ⇒ [H_lt_y2] H_y2_lt.
+      have H_y2_nlt : ~(y2 < y1). {
+        apply Z.nlt_ge ⇒ //.
+      }
+      move : (H_y2_nlt) (H_y2_lt) ⇒ /Z.ltb_nlt → /Z.ltb_lt →.
+      rewrite /insert_intervalZ_guarded.
+ +
+      have → : (Z.to_N (y1 + Z.of_N c1 - Z.succ y2) =? 0 = true)%N. {
+        rewrite H_y1_eq H_c1_eq Z.add_1_r Z.sub_diag //.
+      }
+
+      have → : (Z.to_N (y2 - y1) =? 0 = true)%N. {
+        rewrite H_y1_eq Z.sub_diag //.
+      }
+      done.
+    } {
+      move ⇒ [H_y2_le] [H_yc1_le] _.
+      move ⇒ [] //.
+      move ⇒ [H_y1_le] H_y2_lt.
+      have H_y2_nlt : ~(y2 < y1). {
+        apply Z.nlt_ge ⇒ //.
+      }
+      move : (H_y2_nlt) (H_y2_lt) ⇒ /Z.ltb_nlt → /Z.ltb_lt →.
+ +
+      have H_y1_eq : (y1 = y2) by lia.
+      have H_yc1_eq : (y1 + Z.of_N c1 = Z.succ y2). {
+        apply Z.le_antisymm. {
+          move : H_yc1_le.
+          rewrite Z.add_1_r //.
+        } {
+          by apply Z.le_succ_l.
+        }
+      }
+
+      rewrite /insert_intervalZ_guarded.
+      have → : (Z.to_N (y1 + Z.of_N c1 - Z.succ y2) =? 0 = true)%N. {
+        rewrite H_yc1_eq Z.sub_diag //.
+      }
+
+      have → : (Z.to_N (y2 - y1) =? 0 = true)%N. {
+        rewrite H_y1_eq Z.sub_diag //.
+      }
+
+      suff → : diff_aux y2 (1%N) acc s' = (acc, s') by done.
+ +
+      move : H_gr.
+      rewrite H_yc1_eq.
+      case s' as [| [y' c'] s'']. {
+        done.
+      } {
+        rewrite interval_list_elements_greater_cons /=
+                /interval_compare.
+        move ⇒ H_lt_y'.
+        have → : y2 + Z.of_N 1 ?= y' = Lt. {
+          apply Z.compare_lt_iff.
+          by rewrite Z.add_1_r.
+        }
+        done.
+      }
+    } {
+      move ⇒ [H_y1_le] [H_yc2_le] _.
+      move ⇒ [] //.
+      move ⇒ [_] H_y2_lt.
+      have H_y2_nlt : ~(y2 < y1). {
+        apply Z.nlt_ge ⇒ //.
+      }
+      move : (H_y2_nlt) (H_y2_lt) ⇒ /Z.ltb_nlt → /Z.ltb_lt →.
+      rewrite !rev_append_rev /insert_intervalZ_guarded Z.add_1_r.
+      case ((Z.to_N (y2 - y1) =? 0)%N), (Z.to_N (y1 + Z.of_N c1 - Z.succ y2) =? 0)%N. {
+        reflexivity.
+      } {
+        rewrite /= -!app_assoc //.
+      } {
+        reflexivity.
+      } {
+        rewrite /= -!app_assoc //.
+      }
+    } {
+      move ⇒ _ H_y2_lt'.
+      have H_y2_lt : (y2 < y1). {
+        apply Z.lt_trans with (m := Z.succ y2) ⇒ //.
+        apply Z.lt_succ_diag_r.
+      }
+      move : (H_y2_lt) ⇒ /Z.ltb_lt → //.
+    } {
+      move ⇒ _ H_y1_eq.
+      have H_y2_lt : (y2 < y1). {
+        rewrite H_y1_eq.
+        apply Z.lt_succ_diag_r.
+      }
+      move : (H_y2_lt) ⇒ /Z.ltb_lt → //.
+    }
+  Qed.
+ +
+  Lemma removeZ_interval_list_invariant : ∀ s x, interval_list_invariant s = true → interval_list_invariant (removeZ x s) = true.
+  Proof.
+    intros s x H_inv.
+    rewrite /removeZ removeZ_alt_def //.
+    move : (diff_aux_props x (1%N) s nil).
+    case_eq (diff_aux x 1%N nil s).
+    move ⇒ acc' s' H_eq [] //.
+    move ⇒ _ [] //.
+  Qed.
+ +
+  Lemma removeZ_spec :
+   âˆ€ (s : t) (x y : Z) (Hs : interval_list_invariant s = true),
+    InZ y (removeZ x s) ↔ InZ y s ∧ ¬Z.eq y x.
+  Proof.
+    intros s x y H_inv.
+    rewrite /removeZ removeZ_alt_def //.
+    move : (diff_aux_props x (1%N) s nil).
+    case_eq (diff_aux x 1%N nil s).
+    move ⇒ acc' s' H_eq [] //.
+    move ⇒ → _.
+    rewrite rev_append_rev InZ_app InZ_rev InZ_nil
+            In_elementsZ_single1.
+    split; move ⇒ [H1 H2]; split ⇒ //;
+      move ⇒ H3; apply H2; by rewrite H3.
+  Qed.
+ +
+  Global Instance remove_ok s x : ∀ `(Ok s), Ok (remove x s).
+  Proof.
+    rewrite /Ok /interval_list_invariant /remove.
+    move ⇒ [H_is_ok_s H_enc_s].
+    split. {
+      by apply removeZ_interval_list_invariant.
+    } {
+      rewrite /is_encoded_elems_list ⇒ y.
+      move : (removeZ_spec s (Enc.encode x) y H_is_ok_s).
+      rewrite /InZ ⇒ → [] H_y_in _.
+      apply H_enc_s ⇒ //.
+    }
+  Qed.
+ +
+  Lemma remove_spec :
+   âˆ€ (s : t) (x y : elt) (Hs : Ok s),
+    In y (remove x s) ↔ In y s ∧ ¬Enc.E.eq y x.
+  Proof.
+    intros s x y Hs.
+    have H_rs := (remove_ok s x Hs).
+    rewrite /remove !In_InZ.
+    rewrite removeZ_spec. {
+      rewrite Enc.encode_eq //.
+    } {
+      apply Hs.
+    }
+  Qed.
+ +
+
+ +
+

remove_list specification

+ +
+
+ +
+  Lemma remove_list_ok : ∀ l s, Ok s → Ok (remove_list l s).
+  Proof.
+    induction l as [| x l' IH]. {
+      done.
+    } {
+      move ⇒ s H_s_ok /=.
+      apply IH.
+      by apply remove_ok.
+    }
+  Qed.
+ +
+  Lemma remove_list_spec : ∀ x l s, Ok s →
+     (In x (remove_list l s) ↔ ~(InA Enc.E.eq x l) ∧ In x s).
+  Proof.
+    move ⇒ x.
+    induction l as [| y l' IH]. {
+      intros s H.
+      rewrite /= InA_nil.
+      tauto.
+    } {
+      move ⇒ s H_ok /=.
+      rewrite IH remove_spec InA_cons.
+      tauto.
+    }
+  Qed.
+ +
+ +
+
+ +
+

subset specification

+ +
+
+ +
+  Lemma subset_flatten_alt_def : ∀ (s1 s2 : t),
+    subset s1 s2 =
+    match (s1, s2) with
+    | (nil, _) ⇒ true
+    | (_ :: _, nil) ⇒ false
+    | ((y1, c1) :: l1, (y2, c2) :: l2) ⇒
+        match (interval_compare (y1, c1) (y2,c2)) with
+          | ICR_before ⇒ false
+          | ICR_before_touch ⇒ false
+          | ICR_after ⇒ subset s1 l2
+          | ICR_after_touch ⇒ false
+          | ICR_overlap_before ⇒ false
+          | ICR_overlap_after ⇒ false
+          | ICR_equal ⇒ subset l1 l2
+          | ICR_subsume_1 ⇒ subset l1 s2
+          | ICR_subsume_2 ⇒ false
+        end
+    end.
+  Proof.
+    intros s1 s2.
+    case s1, s2 ⇒ //.
+  Qed.
+ +
+  Lemma subset_props_aux : ∀ y1 c1 l1 y2 c2 l2,
+    (∃ y, InZ y ((y1, c1) :: l1) ∧ ¬InZ y ((y2, c2) :: l2)) →
+    (false = true ↔
+    (∀ y : Z,
+        InZ y ((y1, c1) :: l1) → InZ y ((y2, c2) :: l2))).
+  Proof.
+    intros y1 c1 l1 y2 c2 l2.
+    move ⇒ [y] [H_y_in H_y_nin].
+    split; first done.
+    move ⇒ H.
+    contradict H_y_nin.
+    by apply H.
+  Qed.
+ +
+  Lemma subset_props_aux_before : ∀ y1 c1 l1 y2 c2 l2,
+    (c1 ≠ 0%N) →
+    interval_list_invariant ((y2, c2) :: l2) = true →
+    (y1 < y2) →
+    (false = true ↔
+    (∀ y : Z,
+        InZ y ((y1, c1) :: l1) → InZ y ((y2, c2) :: l2))).
+  Proof.
+    intros y1 c1 l1 y2 c2 l2.
+    rewrite interval_list_invariant_cons.
+    move ⇒ H_c1_neq_0 [H_gr] [H_inv_l2] H_c2_neq_0 H_y1_lt.
+    apply subset_props_aux.
+    âˆƒ y1.
+    split. {
+      rewrite InZ_cons.
+      left.
+      by apply In_elementsZ_single_hd.
+    } {
+      rewrite InZ_cons.
+      suff : ¬ (List.In y1 (elementsZ_single y2 c2)) ∧ ¬ InZ y1 l2 by tauto.
+      split. {
+        rewrite In_elementsZ_single.
+        move ⇒ [] /Z.le_ngt //.
+      } {
+        eapply Nin_elements_greater; eauto.
+        apply Z.le_trans with (m := y2). {
+          by apply Z.lt_le_incl.
+        } {
+          apply Z_le_add_r.
+        }
+      }
+    }
+  Qed.
+ +
+ +
+  Lemma subset_props : ∀ s1 s2 : t,
+    interval_list_invariant s1 = true →
+    interval_list_invariant s2 = true →
+    (subset s1 s2 = true ↔
+     (∀ y, InZ y s1 → InZ y s2)).
+  Proof.
+    induction s1 as [| [y1 c1] l1 IH1]. {
+      move ⇒ s2 _ _.
+      rewrite subset_flatten_alt_def.
+      split; done.
+    } {
+      induction s2 as [| [y2 c2] l2 IH2]. {
+        rewrite interval_list_invariant_cons
+                subset_flatten_alt_def.
+        move ⇒ [_] [H_c1_neq_0] _ _.
+        split ⇒ //.
+        move ⇒ H; move : (H y1).
+        rewrite InZ_nil ⇒ {} H.
+        contradict H.
+        rewrite InZ_cons; left.
+        by apply In_elementsZ_single_hd.
+      } {
+        move ⇒ H_inv_s1 H_inv_s2.
+        move : (H_inv_s1) (H_inv_s2).
+        rewrite !interval_list_invariant_cons.
+        move ⇒ [H_gr_l1] [H_c1_neq_0] H_inv_l1.
+        move ⇒ [H_gr_l2] [H_c2_neq_0] H_inv_l2.
+        move : (IH2 H_inv_s1 H_inv_l2) ⇒ {} IH2.
+        have : ∀ s2 : t,
+          interval_list_invariant s2 = true →
+          (subset l1 s2 = true ↔
+          (∀ y : Z, InZ y l1 → InZ y s2)). {
+          intros. by apply IH1.
+        }
+        move ⇒ {} IH1.
+ +
+        have H_yc2_nin : ¬ InZ (y2 + Z.of_N c2) ((y2, c2) :: l2). {
+          rewrite !InZ_cons !In_elementsZ_single.
+          move ⇒ []. {
+            move ⇒ [_] /Z.lt_irrefl //.
+          } {
+            eapply Nin_elements_greater; eauto.
+            apply Z.le_refl.
+          }
+        }
+          
+        rewrite subset_flatten_alt_def.
+        move : (interval_compare_elim y1 c1 y2 c2).
+        case (interval_compare (y1, c1) (y2, c2)). {
+          move ⇒ H_lt_y2.
+          apply subset_props_aux_before ⇒ //.
+          apply Z.le_lt_trans with (m := y1 + Z.of_N c1) ⇒ //.
+          apply Z_le_add_r.
+        } {
+          move ⇒ H_y2_eq.
+          apply subset_props_aux_before ⇒ //.
+          rewrite -H_y2_eq.
+          by apply Z_lt_add_r.
+        } {
+          move ⇒ [H_y1_lt] _.
+          apply subset_props_aux_before ⇒ //.
+        } {
+          move ⇒ [H_y2_lt] [H_y1_lt] H_yc2_lt.
+          apply subset_props_aux.
+          âˆƒ (y2 + Z.of_N c2).
+          split ⇒ //.
+          rewrite !InZ_cons !In_elementsZ_single.
+          left.
+          split ⇒ //.
+          by apply Z.lt_le_incl.
+        } {
+          move ⇒ [H_y1_eq] H_c1_eq; subst.
+          rewrite IH1 ⇒ //.
+          split; move ⇒ H_pre y; move : (H_pre y) ⇒ {H_pre};
+            rewrite !InZ_cons. {
+            tauto.
+          } {
+            move ⇒ H_pre H_y_in_l1.
+            suff : ~(List.In y (elementsZ_single y2 c2)). {
+              tauto.
+            }
+            move : H_gr_l1.
+            rewrite interval_list_elements_greater_alt2_def
+              // In_elementsZ_single.
+            move ⇒ H; move : (H y H_y_in_l1) ⇒ {H}.
+            move ⇒ /Z.lt_ngt H_neq [_] //.
+          }
+        } {
+          move ⇒ [H_y2_lt_y1] [H_yc1_le] _.
+          rewrite IH1.
+          split; move ⇒ H_pre y; move : (H_pre y) ⇒ {H_pre};
+            rewrite !InZ_cons. {
+            move ⇒ H []; last apply H. move ⇒ {H}.
+            rewrite !In_elementsZ_single.
+            move ⇒ [H_y1_le] H_y_lt.
+            left.
+            lia.
+          } {
+            move ⇒ H_pre H_y_in_l1.
+            apply H_pre.
+            by right.
+          } {
+            assumption.
+          }
+        } {
+          move ⇒ [H_y1_le] [_] []. {
+            apply subset_props_aux_before ⇒ //.
+          } {
+            move ⇒ H_yc2_lt.
+            apply subset_props_aux.
+            âˆƒ (y2 + Z.of_N c2).
+            split ⇒ //.
+            rewrite !InZ_cons !In_elementsZ_single.
+            left.
+            split ⇒ //.
+            apply Z.le_trans with (m := y2) ⇒ //.
+            apply Z_le_add_r.
+          }
+        } {
+          move ⇒ H_yc2_lt_y1.
+          rewrite IH2.
+          split; move ⇒ H_pre y; move : (H_pre y) ⇒ {H_pre};
+                                                        rewrite !InZ_cons. {
+            tauto.
+          } {
+            rewrite !In_elementsZ_single.
+            move ⇒ H_pre H_y_in.
+            suff : ~(y2 ≤ y < y2 + Z.of_N c2). {
+              tauto.
+            }
+            move ⇒ [H_y2_le H_y_lt].
+            move : H_y_in ⇒ []. {
+              move ⇒ [H_y1_le] H_y_lt'.
+              lia.
+            } {
+              eapply Nin_elements_greater; eauto.
+              apply Z.le_trans with (m := y1); last first. {
+                apply Z_le_add_r.
+              }
+              apply Z.lt_le_incl.
+              apply Z.lt_trans with (m := y2 + Z.of_N c2) ⇒ //.
+            }
+          }
+        } {
+          move ⇒ H_y1_eq.
+          apply subset_props_aux.
+          âˆƒ y1.
+          rewrite !InZ_cons.
+          split. {
+            left.
+            by apply In_elementsZ_single_hd.
+          } {
+            rewrite !In_elementsZ_single H_y1_eq.
+            move ⇒ []. {
+              move ⇒ [_] /Z.lt_irrefl //.
+            } {
+              eapply Nin_elements_greater; eauto.
+              rewrite H_y1_eq.
+              apply Z.le_refl.
+            }
+          }
+        }
+      }
+    }
+  Qed.
+ +
+  Lemma subset_spec :
+   âˆ€ (s s' : t) (Hs : Ok s) (Hs' : Ok s'),
+   subset s s' = true ↔ Subset s s'.
+  Proof.
+    intros s s' Hs Hs'.
+    move : (Hs) (Hs').
+    rewrite /Ok /IsOk.
+    move ⇒ [H_inv_s H_enc_s] [H_inv_s' H_enc_s'].
+    rewrite (subset_props s s' H_inv_s H_inv_s').
+    rewrite /Subset.
+    split. {
+      move ⇒ H_pre enc_y.
+      rewrite !In_InZ.
+      apply H_pre.
+    } {
+      move ⇒ H_pre y H_y_in.
+      move : (H_enc_s _ H_y_in) ⇒ [e] H_e. subst.
+      move : (H_pre e) H_y_in.
+      rewrite !In_InZ //.
+    }
+  Qed.
+ +
+
+ +
+

elements and elementsZ specification

+ +
+
+ +
+  Lemma elements_spec1 : ∀ (s : t) (x : elt) (Hs : Ok s), List.In x (elements s) ↔ In x s.
+  Proof.
+    intros s x Hs.
+    by rewrite In_alt_def.
+  Qed.
+ +
+  Lemma NoDupA_elementsZ_single: ∀ c x,
+    NoDupA Z.eq (elementsZ_single x c).
+  Proof.
+    induction c as [| c' IH] using N.peano_ind. {
+      intros x.
+      rewrite elementsZ_single_base //.
+    } {
+      intros x.
+      rewrite elementsZ_single_succ.
+      apply NoDupA_app. {
+        apply Z.eq_equiv.
+      } {
+        apply IH.
+      } {
+        apply NoDupA_singleton.
+      } {
+        move ⇒ y.
+        rewrite !InA_alt.
+        move ⇒ [_] [<-] H_y_in.
+        move ⇒ [_] [<-] H_y_in'.
+        move : H_y_in H_y_in'.
+        rewrite In_elementsZ_single /=.
+        move ⇒ [H_x_le] H_y_lt [] // H_y_eq.
+        contradict H_y_lt.
+        rewrite H_y_eq.
+        apply Z.lt_irrefl.
+      }
+    }
+  Qed.
+ +
+  Lemma elementsZ_spec2w : ∀ (s : t) (Hs : Ok s), NoDupA Z.eq (elementsZ s).
+  Proof.
+    induction s as [| [x c] s' IH]. {
+      move ⇒ _.
+      rewrite elementsZ_nil.
+      apply NoDupA_nil.
+    } {
+      move ⇒ H_ok_s.
+      move : (H_ok_s) ⇒ /Ok_cons [H_interval_list_elements_greater] [H_c] [H_enc] H_s'.
+      rewrite elementsZ_cons.
+      apply NoDupA_app. {
+        apply Z.eq_equiv.
+      } {
+        by apply IH.
+      } {
+        apply NoDupA_rev. {
+          apply Z.eq_equiv.
+        } {
+          apply NoDupA_elementsZ_single.
+        }
+      } {
+        move ⇒ y.
+        rewrite !InA_alt.
+        move ⇒ [_] [<-] H_y_in.
+        move ⇒ [_] [<-] H_y_in'.
+        move : H_y_in'.
+        rewrite -in_rev In_elementsZ_single /=.
+        move ⇒ [H_x_le] H_y_lt.
+        eapply (Nin_elements_greater s' (x + Z.of_N c)) ⇒ //. {
+          apply H_s'.
+        } {
+          apply Z.lt_le_incl, H_y_lt.
+        } {
+          apply H_y_in.
+        }
+      }
+    }
+  Qed.
+ +
+  Lemma elements_spec2w : ∀ (s : t) (Hs : Ok s), NoDupA Enc.E.eq (elements s).
+  Proof.
+    intros s Hs.
+    rewrite /elements rev_map_alt_def.
+    apply NoDupA_rev. {
+      apply Enc.E.eq_equiv.
+    } {
+      eapply NoDupA_map; first by apply elementsZ_spec2w.
+ +
+      intros x1 x2 H_x1_in H_x2_in H_dec_eq.
+      have H_is_enc: is_encoded_elems_list (elementsZ s). {
+        apply Hs.
+      }
+      move : (H_is_enc _ H_x1_in) ⇒ [y1 H_x1_eq].
+      move : (H_is_enc _ H_x2_in) ⇒ [y2 H_x2_eq].
+      move : H_dec_eq.
+      rewrite -H_x1_eq -H_x2_eq !Enc.decode_encode_ok Enc.encode_eq //.
+    }
+  Qed.
+ +
+
+ +
+

equal specification

+ +
+
+ +
+  Lemma equal_alt_def : ∀ s1 s2,
+    equal s1 s2 = true ↔ (s1 = s2).
+  Proof.
+    induction s1 as [| [x cx] xs IH]. {
+      move ⇒ [] //.
+    } {
+      move ⇒ [] //=.
+      move ⇒ [y cy] ys.
+      rewrite !andb_true_iff IH N.eqb_eq Z.eqb_eq.
+      split. {
+        move ⇒ [->] [->] → //.
+      } {
+        move ⇒ [->] → → //.
+      }
+    }
+  Qed.
+ +
+  Lemma equal_elementsZ :
+    âˆ€ (s s' : t) {Hs : Ok s} {Hs' : Ok s'},
+    (∀ x, (InZ x s ↔ InZ x s')) → (s = s').
+  Proof.
+    intros s s'.
+    move ⇒ H_ok_s H_ok_s' H_InZ_eq.
+    have [] : ((subset s s' = true) ∧ (subset s' s = true)). {
+      rewrite !subset_spec /Subset.
+      split ⇒ x; rewrite !In_InZ H_InZ_eq //.
+    }
+    have : interval_list_invariant s' = true by apply H_ok_s'.
+    have : interval_list_invariant s = true by apply H_ok_s.
+    clear H_ok_s H_ok_s' H_InZ_eq.
+    move : s s'.
+    induction s as [| [x1 c1] s1 IH];
+      case s' as [| [x2 c2] s2] ⇒ //.
+    rewrite !interval_list_invariant_cons.
+    move ⇒ [H_gr_s1] [H_c1_neq_0] H_inv_s1.
+    move ⇒ [H_gr_s2] [H_c2_neq_0] H_inv_s2.
+    rewrite subset_flatten_alt_def
+            (subset_flatten_alt_def ((x2, c2)::s2)).
+    rewrite (interval_compare_swap x1 c1); last by left.
+    move : (interval_compare_elim x1 c1 x2 c2).
+    case (interval_compare (x1, c1) (x2, c2)) ⇒ //.
+    move ⇒ [->] → H_sub_s12 H_sub_s21.
+ +
+    suff → : s1 = s2 by done.
+    by apply IH.
+  Qed.
+ +
+  Lemma equal_spec :
+    âˆ€ (s s' : t) {Hs : Ok s} {Hs' : Ok s'},
+    equal s s' = true ↔ Equal s s'.
+  Proof.
+    intros s s' Hs Hs'.
+    rewrite equal_alt_def /Equal.
+    split. {
+      move ⇒ → //.
+    } {
+      move ⇒ H.
+      apply equal_elementsZ ⇒ // x.
+      move : (H (Enc.decode x)).
+      rewrite !In_InZ.
+ +
+      suff H_ex : (∀ s'', Ok s'' → InZ x s'' → (∃ z, Enc.encode z = x)). {
+        move ⇒ HH.
+        split. {
+          move ⇒ H3.
+          move : HH (H3).
+          move : (H_ex s Hs H3) ⇒ [z] <-.
+          rewrite Enc.decode_encode_ok ⇒ <- //.
+        } {
+          move ⇒ H3.
+          move : HH (H3).
+          move : (H_ex s' Hs' H3) ⇒ [z] <-.
+          rewrite Enc.decode_encode_ok ⇒ <- //.
+        }
+      }
+      clear.
+      intros s'' H_ok H_in_x.
+      have H_enc : is_encoded_elems_list (elementsZ s''). {
+        apply H_ok.
+      }
+      apply H_enc.
+      apply H_in_x.
+    }
+  Qed.
+ +
+
+ +
+

compare

+ +
+
+  Definition lt (s1 s2 : t) : Prop := (compare s1 s2 = Lt).
+ +
+  Lemma compare_eq_Eq : ∀ s1 s2,
+    (compare s1 s2 = Eq ↔ equal s1 s2 = true).
+  Proof.
+    induction s1 as [| [y1 c1] s1' IH];
+      case s2 as [| [y2 c2] s2'] ⇒ //.
+    rewrite /= !andb_true_iff -IH Z.eqb_eq N.eqb_eq.
+    move : (Z.compare_eq_iff y1 y2).
+    case (Z.compare y1 y2). {
+      move ⇒ H.
+      have → : y1 = y2. by apply H.
+      clear H.
+ +
+      move : (N.compare_eq_iff c1 c2).
+      case (N.compare c1 c2). {
+        move ⇒ H.
+        have → : c1 = c2. by apply H.
+        tauto.
+      } {
+        move ⇒ H.
+        have H_neq : ~(c1 = c2). by rewrite -H ⇒ {H}.
+        tauto.
+      } {
+        move ⇒ H.
+        have H_neq : ~(c1 = c2). by rewrite -H ⇒ {H}.
+        tauto.
+      }
+    } {
+      move ⇒ H.
+      have H_neq : ~(y1 = y2). by rewrite -H ⇒ {H}.
+      tauto.
+    } {
+      move ⇒ H.
+      have H_neq : ~(y1 = y2). by rewrite -H ⇒ {H}.
+      tauto.
+    }
+  Qed.
+ +
+  Lemma compare_eq_Lt_nil_l : ∀ s,
+    compare nil s = Lt ↔ s ≠ nil.
+  Proof.
+    intros s.
+    case s ⇒ //=.
+  Qed.
+ +
+  Lemma compare_eq_Lt_nil_r : ∀ s,
+    ~(compare s nil = Lt).
+  Proof.
+    intros s.
+    case s as [| [y1 c1] s'] ⇒ //=.
+  Qed.
+ +
+  Lemma compare_eq_Lt_cons : ∀ y1 y2 c1 c2 s1 s2,
+    compare ((y1, c1)::s1) ((y2, c2)::s2) = Lt ↔
+    (y1 < y2) ∨ ((y1 = y2) ∧ (c1 < c2)%N) ∨
+    ((y1 = y2) ∧ (c1 = c2) ∧ compare s1 s2 = Lt).
+  Proof.
+    intros y1 y2 c1 c2 s1 s2.
+    rewrite /=.
+    case_eq (Z.compare y1 y2). {
+      move ⇒ /Z.compare_eq_iff →.
+      case_eq (N.compare c1 c2). {
+        move ⇒ /N.compare_eq_iff →.
+        split. {
+          move ⇒ H.
+          right; right.
+          done.
+        } {
+          move ⇒ [| []]. {
+            move ⇒ /Z.lt_irrefl //.
+          } {
+            move ⇒ [_] /N.lt_irrefl //.
+          } {
+            move ⇒ [_] [_] → //.
+          }
+        }
+      } {
+        move ⇒ /N.compare_lt_iff H_c1_lt.
+        split ⇒ //.
+        move ⇒ _.
+        right; left. done.
+      } {
+        move ⇒ /N.compare_gt_iff H_c2_lt.
+        split ⇒ //.
+        move ⇒ [| []]. {
+          move ⇒ /Z.lt_irrefl //.
+        } {
+          move ⇒ [_] /N.lt_asymm //.
+        } {
+          move ⇒ [_] [] H_c1_eq.
+          contradict H_c2_lt.
+          subst c1.
+          by apply N.lt_irrefl.
+        }
+      }
+    } {
+      move ⇒ /Z.compare_lt_iff.
+      tauto.
+    } {
+      move ⇒ /Z.compare_gt_iff H_y2_lt.
+      split ⇒ //.
+      move ⇒ [| []]. {
+        move ⇒ /Z.lt_asymm //.
+      } {
+        move ⇒ [] H_y1_eq.
+        exfalso. lia.
+      } {
+        move ⇒ [] H_y1_eq.
+        exfalso. lia.
+      }
+    }
+  Qed.
+ +
+ +
+  Lemma compare_antisym: ∀ (s1 s2 : t),
+    (compare s1 s2) = CompOpp (compare s2 s1).
+  Proof.
+    induction s1 as [| [y1 c1] s1' IH];
+      case s2 as [| [y2 c2] s2'] ⇒ //.
+    rewrite /= (Z.compare_antisym y1 y2) (N.compare_antisym c1 c2).
+    case (Z.compare y1 y2) ⇒ //=.
+    case (N.compare c1 c2) ⇒ //=.
+  Qed.
+ +
+  Lemma compare_spec : ∀ s1 s2,
+    CompSpec eq lt s1 s2 (compare s1 s2).
+  Proof.
+    intros s1 s2.
+    rewrite /CompSpec /lt (compare_antisym s2 s1).
+    case_eq (compare s1 s2). {
+      rewrite compare_eq_Eq equal_alt_def ⇒ →.
+      by apply CompEq.
+    } {
+      move ⇒ _.
+      by apply CompLt.
+    } {
+      move ⇒ _.
+      by apply CompGt.
+    }
+  Qed.
+ +
+  Lemma lt_Irreflexive : Irreflexive lt.
+  Proof.
+    rewrite /Irreflexive /Reflexive /complement /lt.
+    intros x.
+    suff → : compare x x = Eq by done.
+    rewrite compare_eq_Eq equal_alt_def //.
+  Qed.
+ +
+  Lemma lt_Transitive : Transitive lt.
+  Proof.
+    rewrite /Transitive /lt.
+    induction x as [| [y1 c1] s1' IH];
+      case y as [| [y2 c2] s2'];
+      case z as [| [y3 c3] s3'] ⇒ //.
+ +
+    rewrite !compare_eq_Lt_cons.
+    move ⇒ [H_y1_lt | [[->] H_c1_lt | [->] [->] H_comp]]
+ [H_y2_lt | [[<-] H_c2_lt | [<-] [<-] H_comp']]. {
+      left.
+      by apply Z.lt_trans with (m := y2).
+    } {
+      by left.
+    } {
+      by left.
+    } {
+      by left.
+    } {
+      right; left.
+      split ⇒ //.
+      by apply N.lt_trans with (m := c2).
+    } {
+      by right; left.
+    } {
+      by left.
+    } {
+      by right; left.
+    } {
+      right; right.
+      split ⇒ //.
+      split ⇒ //.
+      by apply (IH s2').
+    }
+  Qed.
+ +
+
+ +
+

elements is sorted

+ +
+
+ +
+  Lemma elementsZ_single_sorted : ∀ c x,
+    sort Z.lt (elementsZ_single x c).
+  Proof.
+    induction c as [| c' IH] using N.peano_ind. {
+      intro x.
+      rewrite elementsZ_single_base.
+      apply Sorted_nil.
+    } {
+      intro x.
+      rewrite elementsZ_single_succ_front.
+      apply Sorted_cons. {
+        apply IH.
+      } {
+        case (N.zero_or_succ c'). {
+          move ⇒ →.
+          rewrite elementsZ_single_base //.
+        } {
+          move ⇒ [c''] →.
+          rewrite elementsZ_single_succ_front.
+          constructor.
+          apply Z.lt_succ_diag_r.
+        }
+      }
+    }
+  Qed.
+ +
+  Lemma elementsZ_sorted : ∀ s,
+    interval_list_invariant s = true →
+    sort Z.lt (rev (elementsZ s)).
+  Proof.
+    induction s as [| [y c] s' IH]. {
+      move ⇒ _.
+      rewrite elementsZ_nil.
+      apply Sorted_nil.
+    } {
+      rewrite interval_list_invariant_cons elementsZ_cons
+              rev_app_distr rev_involutive.
+      move ⇒ [H_gr] [H_c_neq_0] H_inv_s'.
+      apply SortA_app with (eqA := Logic.eq). {
+        apply eq_equivalence.
+      } {
+        apply elementsZ_single_sorted.
+      } {
+        by apply IH.
+      } {
+        intros x1 x2.
+        move ⇒ /InA_alt [_] [<-] /In_elementsZ_single [_ H_x1_lt].
+        move ⇒ /InA_alt [_] [<-].
+        rewrite -In_rev ⇒ H_x2_in.
+ +
+        apply Z.lt_trans with (m := (y + Z.of_N c)) ⇒ //.
+        eapply interval_list_elements_greater_alt2_def;
+          eauto.
+      }
+    }
+  Qed.
+ +
+ +
+  Lemma elements_sorted : ∀ s,
+    Ok s →
+    sort Enc.E.lt (elements s).
+  Proof.
+    move ⇒ s [H_inv] H_enc.
+    rewrite /elements rev_map_alt_def -map_rev.
+    have : (∀ x : Z, List.In x (rev (elementsZ s)) →
+           âˆƒ e : Enc.E.t, Enc.encode e = x). {
+      move ⇒ x.
+      move : (H_enc x).
+      rewrite In_rev //.
+    }
+    move : (elementsZ_sorted s H_inv) ⇒ {H_enc}.
+    generalize (rev (elementsZ s)).
+    induction l as [| x xs IH]. {
+      rewrite /= ⇒ _ _.
+      apply Sorted_nil.
+    } {
+      move ⇒ H_sort H_enc.
+      apply Sorted_inv in H_sort as [H_sort H_hd_rel].
+      simpl.
+      apply Sorted_cons. {
+        apply IH ⇒ //.
+        move ⇒ xx H_xx_in.
+        apply H_enc.
+        by apply in_cons.
+      } {
+        move : H_hd_rel H_enc.
+        case xs ⇒ //=.
+        move ⇒ x' xs' H_hd_rel H_enc.
+        apply HdRel_inv in H_hd_rel.
+        apply HdRel_cons.
+        rewrite -Enc.encode_lt.
+        have [y H_y] : (∃ y, Enc.encode y = x). {
+          apply H_enc. by left.
+        }
+        have [y' H_y'] : (∃ y', Enc.encode y' = x'). {
+          apply H_enc. by right; left.
+        }
+        move : H_hd_rel.
+        rewrite -!H_y -!H_y' !Enc.decode_encode_ok //.
+      }
+    }
+  Qed.
+ +
+ +
+
+ +
+

choose specification

+ +
+
+ +
+  Definition min_eltZ_spec1 :
+    âˆ€ (s : t) (x : Z),
+      interval_list_invariant s = true →
+      min_eltZ s = Some x → InZ x s.
+  Proof.
+    intros s x.
+    case s as [| [x' c] s']. {
+      rewrite /min_eltZ //.
+    } {
+      rewrite /min_eltZ InZ_cons interval_list_invariant_cons.
+      move ⇒ [_] [H_c_neq] _ [->].
+      left.
+      by apply In_elementsZ_single_hd.
+    }
+  Qed.
+ +
+  Lemma min_eltZ_spec2 :
+    âˆ€ (s : t) (x y : Z) (Hs : Ok s),
+    min_eltZ s = Some x → InZ y s → ¬ Z.lt y x.
+  Proof.
+    intros s x y H_ok H_min H_in H_y_lt_x.
+    eapply (Nin_elements_greater s (Z.pred x)) ⇒ //; last apply H_in. {
+      move : H_ok H_min.
+      case s ⇒ //.
+      move ⇒ [z c] s' _ [<-].
+      rewrite interval_list_elements_greater_cons.
+      apply Z.lt_pred_l.
+    } {
+      apply H_ok.
+    } {
+      by apply Z.lt_le_pred.
+    }
+  Qed.
+ +
+  Definition min_eltZ_spec3 :
+    âˆ€ (s : t),
+      min_eltZ s = None → ∀ x, ¬InZ x s.
+  Proof.
+    intros s.
+    case s as [| [x' c] s'];
+      rewrite /min_eltZ //.
+    move ⇒ _ x //.
+  Qed.
+ +
+  Definition min_elt_spec1 :
+    âˆ€ (s : t) (x : elt) (Hs : Ok s), min_elt s = Some x → In x s.
+  Proof.
+    rewrite /min_elt.
+    move ⇒ s x H_ok.
+    case_eq (min_eltZ s) ⇒ //.
+    move ⇒ z H_min_elt [<-].
+    apply InZ_In ⇒ //.
+    apply min_eltZ_spec1 ⇒ //.
+    apply H_ok.
+  Qed.
+ +
+  Definition min_elt_spec2 :
+    âˆ€ (s : t) (x y : elt) (Hs : Ok s), min_elt s = Some x → In y s → ~(Enc.E.lt y x).
+  Proof.
+    rewrite /min_elt.
+    move ⇒ s x y H_ok.
+    case_eq (min_eltZ s) ⇒ //.
+    move ⇒ z H_min_elt [<-].
+    rewrite In_InZ ⇒ H_inZ.
+    have H_y_eq : y = Enc.decode (Enc.encode y). {
+      by rewrite Enc.decode_encode_ok.
+    }
+    rewrite H_y_eq -Enc.encode_lt.
+    apply (min_eltZ_spec2 _ _ _ H_ok); last first. {
+      by rewrite Enc.decode_encode_ok.
+    }
+    suff → : Enc.encode (Enc.decode z) = z by assumption.
+    apply encode_decode_eq with (s := s) ⇒ //.
+    apply min_eltZ_spec1 ⇒ //.
+    apply H_ok.
+  Qed.
+ +
+  Definition min_elt_spec3 :
+    âˆ€ s : t, min_elt s = None → Empty s.
+  Proof.
+    rewrite /min_elt /min_eltZ /Empty /In.
+    case s as [| [x' c] s'] ⇒ //.
+    move ⇒ _ e.
+    rewrite elements_nil InA_nil //.
+  Qed.
+ +
+  Definition choose_spec1 :
+    âˆ€ (s : t) (x : elt) (Hs : Ok s), choose s = Some x → In x s.
+  Proof.
+    rewrite /choose.
+    apply min_elt_spec1.
+  Qed.
+ +
+  Definition choose_spec2 :
+    âˆ€ s : t, choose s = None → Empty s.
+  Proof.
+    rewrite /choose.
+    apply min_elt_spec3.
+  Qed.
+ +
+  Lemma choose_spec3: ∀ s s' x x', Ok s → Ok s' →
+    choose s = Some x → choose s' = Some x' → Equal s s' → x = x'.
+  Proof.
+    intros s s' x x' Hs Hs' Hx Hx'.
+    rewrite -equal_spec equal_alt_def ⇒ H_s_eq.
+    move : Hx Hx'.
+    rewrite H_s_eq ⇒ → [] //.
+  Qed.
+ +
+ +
+  Definition max_eltZ_spec1 :
+    âˆ€ (s : t) (x : Z),
+      interval_list_invariant s = true →
+      max_eltZ s = Some x → InZ x s.
+  Proof.
+    intros s x.
+    induction s as [| [x' c] s' IH]. {
+      rewrite /max_eltZ //.
+    } {
+      rewrite InZ_cons interval_list_invariant_cons /=.
+      move ⇒ [_] [H_c_neq].
+      case s' as [| [y' c'] s'']. {
+        move ⇒ _ [<-].
+        left. {
+          rewrite In_elementsZ_single.
+          split. {
+            rewrite -Z.lt_le_pred.
+            by apply Z_lt_add_r.
+          } {
+            apply Z.lt_pred_l.
+          }
+        }
+      } {
+        move ⇒ H_inv H_max_eq.
+        right.
+        by apply IH.
+      }
+    }
+  Qed.
+ +
+  Lemma max_eltZ_spec2 :
+    âˆ€ (s : t) (x y : Z),
+    interval_list_invariant s = true →
+    max_eltZ s = Some x → InZ y s → ¬ Z.lt x y.
+  Proof.
+    induction s as [| [y c] s' IH]. {
+      done.
+    } {
+      move ⇒ x x'.
+      rewrite interval_list_invariant_cons.
+      move ⇒ [H_gr] [H_c_neq_0] H_inv_s'.
+      have H_gr' : (∀ xx : Z, InZ xx (s') → y + Z.of_N c < xx). {
+        apply interval_list_elements_greater_alt2_def ⇒ //.
+      }
+
+      case s' as [| [y' c'] s'']. {
+        move ⇒ [<-].
+        rewrite InZ_cons InZ_nil In_elementsZ_single.
+        lia.
+      } {
+        move ⇒ H_max_eq.
+        rewrite InZ_cons.
+        move ⇒ []; last by apply IH.
+        rewrite In_elementsZ_single.
+        move ⇒ [_] H_x'_lt H_lt_x'.
+ +
+        have H_x_in : InZ x ((y', c')::s''). {
+          by apply max_eltZ_spec1.
+        }
+        
+        move : (H_gr' _ H_x_in).
+        apply Z.nlt_ge, Z.lt_le_incl.
+        by apply Z.lt_trans with (m := x').
+      }
+    }
+  Qed.
+ +
+  Lemma max_eltZ_eq_None :
+    âˆ€ (s : t),
+      max_eltZ s = None → s = nil.
+  Proof.
+    induction s as [| [x' c] s' IH] ⇒ //.
+    move : IH.
+    case s' as [| [y' c'] s''] ⇒ //=.
+    move ⇒ H H_pre.
+    move : (H H_pre) ⇒ //.
+  Qed.
+ +
+  Definition max_eltZ_spec3 :
+    âˆ€ (s : t),
+      max_eltZ s = None → ∀ x, ¬InZ x s.
+  Proof.
+    move ⇒ s /max_eltZ_eq_None → x /InZ_nil //.
+  Qed.
+ +
+  Definition max_elt_spec1 :
+    âˆ€ (s : t) (x : elt) (Hs : Ok s), max_elt s = Some x → In x s.
+  Proof.
+    rewrite /max_elt.
+    move ⇒ s x H_ok.
+    case_eq (max_eltZ s) ⇒ //.
+    move ⇒ z H_max_elt [<-].
+    apply InZ_In ⇒ //.
+    apply max_eltZ_spec1 ⇒ //.
+    apply H_ok.
+  Qed.
+ +
+  Definition max_elt_spec2 :
+    âˆ€ (s : t) (x y : elt) (Hs : Ok s), max_elt s = Some x → In y s → ~(Enc.E.lt x y).
+  Proof.
+    rewrite /max_elt.
+    move ⇒ s x y H_ok.
+    move : (H_ok) ⇒ [H_inv] _.
+    case_eq (max_eltZ s) ⇒ //.
+    move ⇒ z H_max_elt [<-].
+    rewrite In_InZ ⇒ H_inZ.
+    rewrite -Enc.encode_lt.
+    apply (max_eltZ_spec2 _ _ _ H_inv) ⇒ //.
+    suff → : Enc.encode (Enc.decode z) = z ⇒ //.
+    apply encode_decode_eq with (s := s) ⇒ //.
+    apply max_eltZ_spec1 ⇒ //.
+  Qed.
+ +
+  Definition max_elt_spec3 :
+    âˆ€ s : t, max_elt s = None → Empty s.
+  Proof.
+    intro s.
+    rewrite /max_elt /Empty.
+    case_eq (max_eltZ s) ⇒ //.
+    move ⇒ /max_eltZ_eq_None → _ x.
+    rewrite /In elements_nil InA_nil //.
+  Qed.
+ +
+
+ +
+

fold specification

+ +
+
+ +
+  Lemma fold_spec :
+   âˆ€ (s : t) (A : Type) (i : A) (f : elt → A → A),
+   fold f s i = fold_left (flip f) (elements s) i.
+  Proof.
+    intros s A i f.
+    rewrite /fold fold_elementsZ_alt_def /elements
+            rev_map_alt_def -map_rev.
+    move : i.
+    generalize (rev (elementsZ s)).
+    induction l as [| x xs IH]. {
+      done.
+    } {
+      move ⇒ i.
+      rewrite /= IH //.
+    }
+  Qed.
+ +
+ +
+
+ +
+

cardinal specification

+ +
+
+ +
+  Lemma cardinalN_spec : ∀ (s : t) (c : N),
+    cardinalN c s = (c + N.of_nat (length (elements s)))%N.
+  Proof.
+    induction s as [| [x cx] xs IH]. {
+      intros c.
+      rewrite elements_nil /= N.add_0_r //.
+    } {
+      intros c.
+      rewrite /= IH.
+      rewrite /elements !rev_map_alt_def !rev_length !map_length.
+      rewrite elementsZ_cons app_length Nat2N.inj_add rev_length.
+      rewrite length_elementsZ_single N2Nat.id.
+      ring.
+    }
+  Qed.
+ +
+  Lemma cardinal_spec :
+   âˆ€ (s : t),
+   cardinal s = length (elements s).
+  Proof.
+    intros s.
+    rewrite /cardinal cardinalN_spec N.add_0_l Nat2N.id //.
+  Qed.
+ +
+
+ +
+

for_all specification

+ +
+
+ +
+  Lemma for_all_spec :
+   âˆ€ (s : t) (f : elt → bool) (Hs : Ok s),
+   Proper (Enc.E.eq==>eq) f →
+   (for_all f s = true ↔ For_all (fun x ⇒ f x = true) s).
+  Proof.
+    intros s f Hs H.
+    rewrite /for_all /For_all /In fold_elementsZ_alt_def
+            /elements rev_map_alt_def -map_rev.
+    generalize (rev (elementsZ s)).
+    induction l as [| x xs IH]. {
+      split ⇒ // _ x /= /InA_nil //.
+    } {
+      rewrite /=.
+      case_eq (f (Enc.decode x)) ⇒ H_f_eq. {
+        rewrite IH.
+        split. {
+          move ⇒ HH x' /InA_cons []. {
+            by move ⇒ →.
+          } {
+            apply HH.
+          }
+        } {
+          move ⇒ HH x' H_in.
+          apply HH.
+          apply InA_cons.
+          by right.
+        }
+      } {
+        split; move ⇒ HH. {
+          contradict HH.
+          case xs ⇒ //.
+        } {
+          exfalso.
+          have H_in: (InA Enc.E.eq (Enc.decode x) (Enc.decode x :: map Enc.decode xs)). {
+            apply InA_cons.
+            left.
+            apply Enc.E.eq_equiv.
+          }
+          move : (HH _ H_in).
+          rewrite H_f_eq ⇒ //.
+        }
+      }
+    }
+  Qed.
+ +
+
+ +
+

exists specification

+ +
+
+ +
+  Lemma exists_spec :
+   âˆ€ (s : t) (f : elt → bool) (Hs : Ok s),
+   Proper (Enc.E.eq==>eq) f →
+   (exists_ f s = true ↔ Exists (fun x ⇒ f x = true) s).
+  Proof.
+    intros s f Hs H.
+    rewrite /exists_ /Exists /In fold_elementsZ_alt_def
+            /elements rev_map_alt_def -map_rev.
+    generalize (rev (elementsZ s)).
+    induction l as [| x xs IH]. {
+      split ⇒ //.
+      move ⇒ [x] /= [] /InA_nil //.
+    } {
+      rewrite /=.
+      case_eq (f (Enc.decode x)) ⇒ H_f_eq. {
+        split ⇒ _. {
+          âˆƒ (Enc.decode x).
+          split ⇒ //.
+          apply InA_cons.
+          left.
+          apply Enc.E.eq_equiv.
+        } {
+          case xs ⇒ //.
+        }
+      } {
+        rewrite IH.
+        split. {
+          move ⇒ [x0] [H_in] H_f_x0.
+          âˆƒ x0.
+          split ⇒ //.
+          apply InA_cons.
+          by right.
+        } {
+          move ⇒ [x0] [] /InA_cons H_in H_f_x0.
+          âˆƒ x0.
+          split ⇒ //.
+          move : H_in ⇒ [] // H_in.
+          contradict H_f_x0.
+          rewrite H_in H_f_eq //.
+        }
+      }
+    }
+  Qed.
+ +
+
+ +
+

filter specification

+ +
+
+ +
+  Definition partitionZ_aux_invariant (x : Z) acc c :=
+    interval_list_invariant (List.rev (partitionZ_fold_skip acc c)) = true ∧
+    match c with
+      None ⇒ (∀ y', InZ y' acc → Z.succ y' < x)
+    | Some (y, c') ⇒ (x = y + Z.of_N c')
+    end.
+ +
+  Lemma partitionZ_aux_invariant_insert : ∀ x acc c,
+    partitionZ_aux_invariant x acc c →
+    partitionZ_aux_invariant (Z.succ x) acc
+      (Some (partitionZ_fold_insert c x)).
+  Proof.
+    intros x acc c.
+    rewrite /partitionZ_fold_insert /partitionZ_aux_invariant
+            /partitionZ_fold_skip.
+    case c; last first. {
+      move ⇒ [H_inv] H_in.
+      rewrite /= interval_list_invariant_app_iff Z.add_1_r.
+      split; last done.
+      split; first done.
+      split; first done.
+      move ⇒ x1 x2.
+      rewrite InZ_rev InZ_cons InZ_nil In_elementsZ_single1.
+      move ⇒ H_x1_in [] // <-.
+      by apply H_in.
+    } {
+      move ⇒ [y c'].
+      rewrite /= !interval_list_invariant_app_iff
+        N2Z.inj_succ Z.add_succ_r .
+      rewrite !interval_list_invariant_cons !interval_list_invariant_nil.
+      move ⇒ [] [H_inv_acc] [] [] _ [H_c_neq_0] _
+        H_in_c →.
+      split; last done.
+      split; first done.
+      split. {
+        split; first done.
+        split; last done.
+        apply N.neq_succ_0.
+      } {
+        move ⇒ x1 x2.
+        rewrite InZ_cons InZ_nil In_elementsZ_single.
+        move ⇒ H_x1_in [] // [H_y_le] H_x2_lt.
+        apply Z.lt_le_trans with (m := y) ⇒ //.
+        apply H_in_c ⇒ //.
+        rewrite InZ_cons In_elementsZ_single.
+        left.
+        split. {
+          apply Z.le_refl.
+        } {
+          by apply Z_lt_add_r.
+        }
+      }
+    }
+  Qed.
+ +
+  Lemma partitionZ_aux_invariant_skip : ∀ x acc c,
+    partitionZ_aux_invariant x acc c →
+    partitionZ_aux_invariant (Z.succ x) (partitionZ_fold_skip acc c) None.
+  Proof.
+    intros x acc c.
+    rewrite /partitionZ_fold_skip /partitionZ_aux_invariant
+            /partitionZ_fold_skip.
+    case c; last first. {
+      move ⇒ [H_inv] H_in.
+      split; first done.
+      move ⇒ y' H_y'_in.
+      apply Z.lt_trans with (m := x). {
+        by apply H_in.
+      } {
+        apply Z.lt_succ_diag_r.
+      }
+    } {
+      move ⇒ [y c'] [H_inv] →.
+      split ⇒ //.
+      move ⇒ y'.
+      rewrite InZ_cons In_elementsZ_single.
+      move ⇒ []. {
+        move ⇒ [_].
+        rewrite -Z.succ_lt_mono //.
+      } {
+        move : H_inv.
+        rewrite /= !interval_list_invariant_app_iff interval_list_invariant_cons.
+        move ⇒ [_] [] [_] [H_c'_neq] _ H_pre H_y'_in.
+        apply Z.lt_trans with (m := y). {
+          apply H_pre. {
+            by rewrite InZ_rev.
+          } {
+            rewrite InZ_cons.
+            left.
+            by apply In_elementsZ_single_hd.
+          }
+        }
+        apply Z.lt_succ_r, Z_le_add_r.
+      }
+    }
+  Qed.
+ +
+  Definition partitionZ_fold_current (c : option (Z × N)) :=
+    match c with
+       None ⇒ nil
+     | Some yc ⇒ yc::nil
+    end.
+ +
+  Lemma InZ_partitionZ_fold_current_Some : ∀ yc y,
+     InZ y (partitionZ_fold_current (Some yc)) ↔
+     InZ y (yc :: nil).
+  Proof. done. Qed.
+ +
+  Lemma InZ_partitionZ_fold_insert : ∀ c x y l,
+   match c with
+   | Some (y, c') ⇒ x = y + Z.of_N c'
+   | None ⇒ True
+   end → (
+   InZ y (partitionZ_fold_insert c x :: l) ↔
+    ((x = y) ∨ InZ y (partitionZ_fold_current c) ∨
+       InZ y l)).
+  Proof.
+    intros c x y l.
+    rewrite /partitionZ_fold_insert /partitionZ_fold_current
+            /partitionZ_fold_skip.
+    case c. {
+      move ⇒ [y' c'] →.
+      rewrite !InZ_cons elementsZ_single_succ in_app_iff
+              InZ_nil /=.
+      tauto.
+    } {
+      rewrite InZ_cons InZ_nil In_elementsZ_single1.
+      tauto.
+    }
+  Qed.
+ +
+  Lemma InZ_partitionZ_fold_skip : ∀ c acc y,
+    InZ y (partitionZ_fold_skip acc c) ↔
+    (InZ y (partitionZ_fold_current c) ∨ InZ y acc).
+  Proof.
+    intros c acc y.
+    rewrite /partitionZ_fold_skip /partitionZ_fold_current
+            /partitionZ_fold_skip.
+    case c. {
+      move ⇒ [y' c'].
+      rewrite !InZ_cons InZ_nil /=.
+      tauto.
+    } {
+      rewrite InZ_nil.
+      tauto.
+    }
+  Qed.
+ +
+  Lemma filterZ_single_aux_props :
+    âˆ€ f c x acc cur,
+      partitionZ_aux_invariant x acc cur →
+      match (filterZ_single_aux f (acc, cur) x c) with
+        (acc', c') ⇒
+        let r := partitionZ_fold_skip acc' c' in
+        interval_list_invariant (List.rev r) = true ∧
+        (∀ y', InZ y' r ↔ (InZ y' (partitionZ_fold_skip acc cur) ∨
+                                    (f y' = true ∧ List.In y' (elementsZ_single x c))))
+
+      end.
+  Proof.
+    intro f.
+    induction c as [| c' IH] using N.peano_ind. {
+      intros x acc cur.
+      rewrite /partitionZ_aux_invariant.
+      move ⇒ [H_inv] _.
+      rewrite /filterZ_single_aux fold_elementsZ_single_zero /=.
+      tauto.
+    }
+    intros x acc cur H_inv.
+    have → : filterZ_single_aux f (acc, cur) x (N.succ c') =
+               filterZ_single_aux f (filterZ_fold_fun f (acc, cur) x) (Z.succ x) c'. {
+        by rewrite /filterZ_single_aux fold_elementsZ_single_succ.
+    }
+    case_eq (filterZ_fold_fun f (acc, cur) x).
+    move ⇒ acc' cur' H_fold_eq.
+ +
+    case_eq (filterZ_single_aux f (acc', cur') (Z.succ x) c').
+    move ⇒ acc'' cur'' H_succ_eq.
+ +
+    have H_inv' : partitionZ_aux_invariant (Z.succ x) acc' cur'. {
+      move : H_fold_eq H_inv.
+      rewrite /filterZ_fold_fun.
+      case (f x); move ⇒ [<-] <-. {
+        apply partitionZ_aux_invariant_insert.
+      } {
+        apply partitionZ_aux_invariant_skip.
+      }
+    }
+   
+    move : (IH (Z.succ x) acc' cur' H_inv') ⇒ {IH}.
+    rewrite H_succ_eq /=.
+    set r := partitionZ_fold_skip acc'' cur''.
+    move ⇒ [H_inv_r] H_in_r.
+    split; first assumption.
+ +
+    move ⇒ y'.
+    move : H_fold_eq.
+    rewrite H_in_r /filterZ_fold_fun.
+    case_eq (f x) ⇒ H_fx [<-] <-. {
+      rewrite InZ_partitionZ_fold_skip InZ_partitionZ_fold_current_Some InZ_partitionZ_fold_skip elementsZ_single_succ_front.
+      rewrite InZ_partitionZ_fold_insert; last first. {
+        move : H_inv.
+        rewrite /partitionZ_aux_invariant ⇒ [[_]].
+        case cur ⇒ //.
+      }
+      rewrite InZ_nil /=.
+      split; last by tauto.
+      move ⇒ []; last by tauto.
+      move ⇒ []; last by tauto.
+      move ⇒ []. {
+        move ⇒ <-.
+        tauto.
+      } {
+        tauto.
+      }
+    } {
+      rewrite InZ_partitionZ_fold_skip /partitionZ_fold_current InZ_partitionZ_fold_skip elementsZ_single_succ_front !InZ_nil /=.
+      split; first by tauto.
+      move ⇒ []; first by tauto.
+      move ⇒ [] H_fy' []. {
+        move ⇒ H_x_eq; subst y'.
+        contradict H_fy'.
+        by rewrite H_fx.
+      } {
+        tauto.
+      }
+    }
+  Qed.
+ +
+  Lemma filterZ_single_props :
+    âˆ€ f c x acc,
+      interval_list_invariant (rev acc) = true →
+      (∀ y' : Z, InZ y' acc → Z.succ y' < x) →
+      match (filterZ_single f acc x c) with
+        r ⇒
+        interval_list_invariant (List.rev r) = true ∧
+        (∀ y', InZ y' r ↔ (InZ y' acc ∨
+                                 (f y' = true ∧ List.In y' (elementsZ_single x c))))
+
+      end.
+  Proof.
+    intros f c x acc.
+    move ⇒ H_inv H_acc.
+    rewrite /filterZ_single.
+ +
+    have H_inv' : partitionZ_aux_invariant x acc None. {
+      by rewrite /partitionZ_aux_invariant /=.
+    }
+    move : (filterZ_single_aux_props f c x acc None H_inv').
+    case_eq (filterZ_single_aux f (acc, None) x c).
+    move ⇒ acc' cur' /= H_res.
+    tauto.
+  Qed.
+ +
+ +
+  Lemma filterZ_aux_props :
+    âˆ€ f s acc,
+      interval_list_invariant s = true →
+      interval_list_invariant (rev acc) = true →
+      (∀ x1 x2 : Z, InZ x1 acc → InZ x2 s → Z.succ x1 < x2) →
+      match (filterZ_aux acc f s) with
+        r ⇒
+        interval_list_invariant r = true ∧
+        (∀ y', InZ y' r ↔ (InZ y' acc ∨
+                                 (f y' = true ∧ InZ y' s)))
+      end.
+  Proof.
+    intro f.
+    induction s as [| [y c] s' IH]. {
+      intros acc.
+      move ⇒ _ H_inv _.
+      rewrite /filterZ_aux.
+      split; first assumption.
+      move ⇒ y'; rewrite InZ_rev InZ_nil; tauto.
+    } {
+      intros acc.
+      rewrite interval_list_invariant_cons.
+      move ⇒ [H_gr] [H_c_neq_0] H_inv_s' H_inv H_in_acc /=.
+      move : H_gr.
+      rewrite interval_list_elements_greater_alt2_def ⇒ // H_gr.
+ +
+      have H_pre : (∀ y' : Z, InZ y' acc → Z.succ y' < y). {
+        move ⇒ x1 H_x1_in.
+        apply H_in_acc ⇒ //.
+        rewrite InZ_cons.
+        by left; apply In_elementsZ_single_hd.
+      }
+      
+      move : (filterZ_single_props f c y acc H_inv H_pre) ⇒ {H_pre}.
+      set acc' := filterZ_single f acc y c.
+      move ⇒ [H_inv'] H_in_acc'.
+ +
+      have H_pre : (∀ x1 x2 : Z,
+                      InZ x1 acc' → InZ x2 s' → Z.succ x1 < x2). {
+        move ⇒ x1 x2.
+        rewrite H_in_acc' In_elementsZ_single.
+        move ⇒ []. {
+          move ⇒ H_x1_in H_x2_in.
+          apply H_in_acc ⇒ //.
+          rewrite InZ_cons.
+          by right.
+        } {
+          move ⇒ [_] [_] H_x1_lt H_x2_in.
+          apply Z.le_lt_trans with (m := y + Z.of_N c).
+            - by apply Z.le_succ_l.
+            - by apply H_gr.
+        }
+      }
+      move : (IH acc' H_inv_s' H_inv' H_pre) ⇒ {H_pre}.
+ +
+      move ⇒ [H_inv_r] H_in_r.
+      split; first assumption.
+      move ⇒ y'.
+      rewrite H_in_r H_in_acc' InZ_cons.
+      tauto.
+    }
+  Qed.
+ +
+  Lemma filterZ_props :
+    âˆ€ f s,
+      interval_list_invariant s = true →
+      match (filterZ f s) with r ⇒
+        interval_list_invariant r = true ∧
+        (∀ y', InZ y' r ↔ (f y' = true ∧ InZ y' s))
+      end.
+  Proof.
+    intros f s H_inv_s.
+    rewrite /filterZ.
+ +
+    have H_pre_1 : interval_list_invariant (rev nil) = true by done.
+    have H_pre_2 : (∀ x1 x2 : Z, InZ x1 nil → InZ x2 s → Z.succ x1 < x2) by done.
+ +
+    move : (filterZ_aux_props f s nil H_inv_s H_pre_1 H_pre_2) ⇒ {H_pre_1} {H_pre_2}.
+    move ⇒ [H_inv'] H_in_r.
+    split; first assumption.
+    move ⇒ y'.
+    rewrite H_in_r InZ_nil.
+    tauto.
+  Qed.
+ +
+  Global Instance filter_ok s f : ∀ `(Ok s), Ok (filter f s).
+  Proof.
+    move ⇒ [H_inv H_enc].
+    rewrite /filter.
+    set f' := (fun z : Z ⇒ f (Enc.decode z)).
+    move : (filterZ_props f' s H_inv).
+    move ⇒ [H_inv'] H_in_r.
+    rewrite /Ok /IsOk /is_encoded_elems_list.
+    split; first assumption.
+    move ⇒ x /H_in_r [_] H_x_in.
+    by apply H_enc.
+  Qed.
+ +
+  Lemma filter_spec :
+   âˆ€ (s : t) (x : elt) (f : elt → bool),
+   Ok s →
+   (In x (filter f s) ↔ In x s ∧ f x = true).
+  Proof.
+    move ⇒ s x f H_ok.
+    suff H_suff :
+      (∀ x, (InZ x (filter f s)) ↔
+                 InZ x s ∧ f (Enc.decode x) = true). {
+      rewrite !In_alt_def /elements !rev_map_alt_def
+              -!in_rev !in_map_iff.
+      setoid_rewrite H_suff.
+      rewrite /InZ.
+      split. {
+        move ⇒ [y] [<-] [?] ?.
+        split ⇒ //.
+        by ∃ y.
+      } {
+        move ⇒ [] [y] [<-] ? ?.
+        by ∃ y.
+      }
+    }
+    rewrite /filter.
+    set f' := (fun z : Z ⇒ f (Enc.decode z)).
+    move : (H_ok) ⇒ [H_inv _].
+    move : (filterZ_props f' s H_inv).
+    move ⇒ [H_inv'] H_in_r.
+    move ⇒ y; rewrite H_in_r; tauto.
+  Qed.
+ +
+
+ +
+

partition specification

+ +
+
+ +
+  Lemma partitionZ_single_aux_alt_def : ∀ f c y acc_t c_t acc_f c_f,
+    partitionZ_single_aux f ((acc_t, c_t), (acc_f, c_f)) y c =
+    (filterZ_single_aux f (acc_t, c_t) y c,
+     filterZ_single_aux (fun x : Z ⇒ negb (f x)) (acc_f, c_f) y c).
+  Proof.
+    intros f.
+    rewrite /partitionZ_single_aux /filterZ_single_aux.
+    induction c as [| c' IH] using N.peano_ind. {
+      intros y acc_t c_t acc_f c_f.
+      rewrite !fold_elementsZ_single_zero //. } {
+      intros y acc_t c_t acc_f c_f.
+      rewrite !fold_elementsZ_single_succ.
+      case_eq (partitionZ_fold_fun f (acc_t, c_t, (acc_f, c_f)) y) ⇒ [] [acc_t' c_t'] [acc_f' c_f'] H_fold_eq.
+      rewrite IH ⇒ {IH}.
+      suff : (filterZ_fold_fun f (acc_t, c_t) y = (acc_t', c_t')) ∧
+             (filterZ_fold_fun (fun x : Z ⇒ negb (f x)) (acc_f, c_f) y = (acc_f', c_f')). {
+        move ⇒ [->] → //.
+      }
+      move : H_fold_eq.
+      rewrite /partitionZ_fold_fun /filterZ_fold_fun.
+      case (f y); move ⇒ [<-] <- <- <- //.
+    }
+  Qed.
+ +
+  Lemma partitionZ_aux_alt_def : ∀ f s acc_t acc_f,
+   partitionZ_aux acc_t acc_f f s =
+   (filterZ_aux acc_t f s,
+    filterZ_aux acc_f (fun x : Z ⇒ negb (f x)) s).
+  Proof.
+    intros f.
+    induction s as [| [y c] s' IH]. {
+      done.
+    } {
+      intros acc_t acc_f.
+      rewrite /= /partitionZ_single /filterZ_single
+              partitionZ_single_aux_alt_def.
+      case (filterZ_single_aux f (acc_t, None) y c) ⇒ acc_t' c_t'.
+      case (filterZ_single_aux (fun x : Z ⇒ negb (f x)) (acc_f, None) y c) ⇒ acc_f' c_f'.
+      rewrite IH //.
+    }
+  Qed.
+ +
+  Lemma partitionZ_alt_def : ∀ f s,
+    partitionZ f s = (filterZ f s,
+                      filterZ (fun x ⇒ negb (f x)) s).
+  Proof.
+    intros f s.
+    rewrite /partitionZ /filterZ
+            partitionZ_aux_alt_def //.
+  Qed.
+ +
+  Lemma partition_alt_def : ∀ f s,
+    partition f s = (filter f s,
+                     filter (fun x ⇒ negb (f x)) s).
+  Proof.
+    intros f s.
+    rewrite /partition /filter partitionZ_alt_def.
+    done.
+  Qed.
+ +
+  Global Instance partition_ok1 s f : ∀ `(Ok s), Ok (fst (partition f s)).
+  Proof.
+    move ⇒ H_ok.
+    rewrite partition_alt_def /fst.
+    by apply filter_ok.
+  Qed.
+ +
+  Global Instance partition_ok2 s f : ∀ `(Ok s), Ok (snd (partition f s)).
+  Proof.
+    move ⇒ H_ok.
+    rewrite partition_alt_def /snd.
+    by apply filter_ok.
+  Qed.
+ +
+  Lemma partition_spec1 :
+   âˆ€ (s : t) (f : elt → bool),
+   Equal (fst (partition f s)) (filter f s).
+  Proof.
+    intros s f.
+    rewrite partition_alt_def /fst /Equal //.
+  Qed.
+ +
+  Lemma partition_spec2 :
+   âˆ€ (s : t) (f : elt → bool),
+   Ok s →
+   Equal (snd (partition f s)) (filter (fun x ⇒ negb (f x)) s).
+  Proof.
+    intros s f.
+    rewrite partition_alt_def /snd /Equal //.
+  Qed.
+ +
+End Raw.
+ +
+
+ +
+

Main Module

+ + +
+ + We can now build the invariant into the set type to obtain an instantiation + of module type WSetsOn. +
+
+ +
+Module MSetIntervals (Enc : ElementEncode) <: SetsOn Enc.E.
+  Module E := Enc.E.
+  Module Raw := Raw Enc.
+ +
Local Unset Elimination Schemes.
Local Unset Case Analysis Schemes.
+ +
Definition elt := Raw.elt.
Record t_ := Mkt {this :> Raw.t; is_ok : Raw.Ok this}.
Definition t := t_.
Arguments Mkt this {is_ok}.
+ #[local] Hint Resolve is_ok : typeclass_instances.
+ +
Definition In (x : elt)(s : t) := Raw.In x s.(this).
Definition Equal (s s' : t) := ∀ a : elt, In a s ↔ In a s'.
Definition Subset (s s' : t) := ∀ a : elt, In a s → In a s'.
Definition Empty (s : t) := ∀ a : elt, ¬ In a s.
Definition For_all (P : elt → Prop)(s : t) := ∀ x, In x s → P x.
Definition Exists (P : elt → Prop)(s : t) := ∃ x, In x s ∧ P x.
+ +
Definition mem (x : elt)(s : t) := Raw.mem x s.(this).
Definition add (x : elt)(s : t) : t := Mkt (Raw.add x s.(this)).
Definition remove (x : elt)(s : t) : t := Mkt (Raw.remove x s.(this)).
Definition singleton (x : elt) : t := Mkt (Raw.singleton x).
Definition union (s s' : t) : t := Mkt (Raw.union s s').
Definition inter (s s' : t) : t := Mkt (Raw.inter s s').
Definition diff (s s' : t) : t := Mkt (Raw.diff s s').
Definition equal (s s' : t) := Raw.equal s s'.
Definition subset (s s' : t) := Raw.subset s s'.(this).
Definition empty : t := Mkt Raw.empty.
Definition is_empty (s : t) := Raw.is_empty s.
Definition elements (s : t) : list elt := Raw.elements s.
Definition min_elt (s : t) : option elt := Raw.min_elt s.
Definition max_elt (s : t) : option elt := Raw.max_elt s.
Definition choose (s : t) : option elt := Raw.choose s.
Definition compare (s1 s2 : t) : comparison := Raw.compare s1 s2.
Definition fold {A : Type}(f : elt → A → A)(s : t) : A → A := Raw.fold f s.
Definition cardinal (s : t) := Raw.cardinal s.
Definition filter (f : elt → bool)(s : t) : t := Mkt (Raw.filter f s).
Definition for_all (f : elt → bool)(s : t) := Raw.for_all f s.
Definition exists_ (f : elt → bool)(s : t) := Raw.exists_ f s.
Definition partition (f : elt → bool)(s : t) : t × t :=
+   let p := Raw.partition f s in (Mkt (fst p), Mkt (snd p)).
+ +
+ #[local] Instance In_compat : Proper (E.eq==>eq==>iff) In.
Proof.
+   repeat red.
+   move ⇒ x y H_eq_xy x' y' →.
+   rewrite /In /Raw.In.
+   setoid_rewrite H_eq_xy.
+   done.
Qed.
+ +
Definition eq : t → t → Prop := Equal.
+ +
+ #[local] Instance eq_equiv : Equivalence eq.
Proof. firstorder. Qed.
+ +
Definition eq_dec : ∀ (s s':t), { eq s s' }+{ ¬eq s s' }.
Proof.
+  intros (s,Hs) (s',Hs').
+  change ({Raw.Equal s s'}+{¬Raw.Equal s s'}).
+  destruct (Raw.equal s s') eqn:H; [left|right];
+   rewrite <- Raw.equal_spec; congruence.
Defined.
+ +
Definition lt : t → t → Prop := Raw.lt.
+ +
+ #[local] Instance lt_strorder : StrictOrder lt.
Proof.
+   unfold lt.
+   constructor. {
+     move : Raw.lt_Irreflexive.
+     rewrite /Irreflexive /complement /Reflexive.
+     move ⇒ H x.
+     apply H.
+   } {
+     move : Raw.lt_Transitive.
+     rewrite /Transitive.
+     move ⇒ H x y z.
+     apply H.
+   }
Qed.
+ +
+ #[local] Instance lt_compat : Proper (eq==>eq==>iff) lt.
Proof.
+   repeat red.
+   move ⇒ [x1 H_x1_ok] [y1 H_y1_ok] H_eq.
+   move ⇒ [x2 H_x2_ok] [y2 H_y2_ok].
+   move : H_eq.
+   rewrite /eq /lt /Equal /In /=.
+   replace (∀ a : elt, Raw.In a x1 ↔ Raw.In a y1) with
+     (Raw.Equal x1 y1) by done.
+   replace (∀ a : elt, Raw.In a x2 ↔ Raw.In a y2) with
+     (Raw.Equal x2 y2) by done.
+   rewrite -!Raw.equal_spec !Raw.equal_alt_def.
+   move ⇒ → → //.
Qed.
+ +
Section Spec.
+  Variable s s' : t.
+  Variable x y : elt.
+  Variable f : elt → bool.
+  Notation compatb := (Proper (E.eq==>Logic.eq)) (only parsing).
+ +
+  Lemma mem_spec : mem x s = true ↔ In x s.
+  Proof. exact (Raw.mem_spec _ _ _). Qed.
+  Lemma equal_spec : equal s s' = true ↔ Equal s s'.
+  Proof. rewrite Raw.equal_spec //. Qed.
+  Lemma subset_spec : subset s s' = true ↔ Subset s s'.
+  Proof. exact (Raw.subset_spec _ _ _ _). Qed.
+  Lemma empty_spec : Empty empty.
+  Proof. exact Raw.empty_spec. Qed.
+  Lemma is_empty_spec : is_empty s = true ↔ Empty s.
+  Proof. rewrite Raw.is_empty_spec //. Qed.
+  Lemma add_spec : In y (add x s) ↔ E.eq y x ∨ In y s.
+  Proof. exact (Raw.add_spec _ _ _ _). Qed.
+  Lemma remove_spec : In y (remove x s) ↔ In y s ∧ ¬E.eq y x.
+  Proof. exact (Raw.remove_spec _ _ _ _). Qed.
+  Lemma singleton_spec : In y (singleton x) ↔ E.eq y x.
+  Proof. exact (Raw.singleton_spec _ _). Qed.
+  Lemma union_spec : In x (union s s') ↔ In x s ∨ In x s'.
+  Proof. exact (Raw.union_spec _ _ _ _ _). Qed.
+  Lemma inter_spec : In x (inter s s') ↔ In x s ∧ In x s'.
+  Proof. exact (Raw.inter_spec _ _ _ _ _). Qed.
+  Lemma diff_spec : In x (diff s s') ↔ In x s ∧ ¬In x s'.
+  Proof. exact (Raw.diff_spec _ _ _ _ _). Qed.
+  Lemma fold_spec : ∀ (A : Type) (i : A) (f : elt → A → A),
+      fold f s i = fold_left (fun a e ⇒ f e a) (elements s) i.
+  Proof. exact (@Raw.fold_spec _). Qed.
+  Lemma cardinal_spec : cardinal s = length (elements s).
+  Proof. exact (@Raw.cardinal_spec s). Qed.
+  Lemma filter_spec : compatb f →
+    (In x (filter f s) ↔ In x s ∧ f x = true).
+  Proof. move ⇒ _; exact (@Raw.filter_spec _ _ _ _). Qed.
+  Lemma for_all_spec : compatb f →
+    (for_all f s = true ↔ For_all (fun x ⇒ f x = true) s).
+  Proof. exact (@Raw.for_all_spec _ _ _). Qed.
+  Lemma exists_spec : compatb f →
+    (exists_ f s = true ↔ Exists (fun x ⇒ f x = true) s).
+  Proof. exact (@Raw.exists_spec _ _ _). Qed.
+  Lemma partition_spec1 : compatb f → Equal (fst (partition f s)) (filter f s).
+  Proof. move ⇒ _; exact (@Raw.partition_spec1 _ _). Qed.
+  Lemma partition_spec2 : compatb f →
+      Equal (snd (partition f s)) (filter (fun x ⇒ negb (f x)) s).
+  Proof. move ⇒ _; exact (@Raw.partition_spec2 _ _ _). Qed.
+  Lemma elements_spec1 : InA E.eq x (elements s) ↔ In x s.
+  Proof. rewrite /In /Raw.In /elements //. Qed.
+  Lemma elements_spec2w : NoDupA E.eq (elements s).
+  Proof. exact (Raw.elements_spec2w _ _). Qed.
+  Lemma elements_spec2 : sort E.lt (elements s).
+  Proof. exact (Raw.elements_sorted _ _). Qed.
+  Lemma choose_spec1 : choose s = Some x → In x s.
+  Proof. exact (Raw.choose_spec1 _ _ _). Qed.
+  Lemma choose_spec2 : choose s = None → Empty s.
+  Proof. exact (Raw.choose_spec2 _). Qed.
+  Lemma choose_spec3 : choose s = Some x → choose s' = Some y →
+    Equal s s' → E.eq x y.
+  Proof.
+    intros H1 H2 H3.
+    suff → : x = y. {
+      apply E.eq_equiv.
+    }
+    move : H1 H2 H3.
+    exact (Raw.choose_spec3 _ _ _ _ _ _).
+  Qed.
+ +
+  Lemma min_elt_spec1 : choose s = Some x → In x s.
+  Proof. exact (Raw.min_elt_spec1 _ _ _). Qed.
+  Lemma min_elt_spec2 : min_elt s = Some x → In y s → ¬ E.lt y x.
+  Proof. exact (Raw.min_elt_spec2 _ _ _ _). Qed.
+  Lemma min_elt_spec3 : choose s = None → Empty s.
+  Proof. exact (Raw.min_elt_spec3 _). Qed.
+ +
+  Lemma max_elt_spec1 : max_elt s = Some x → In x s.
+  Proof. exact (Raw.max_elt_spec1 _ _ _). Qed.
+  Lemma max_elt_spec2 : max_elt s = Some x → In y s → ¬ E.lt x y.
+  Proof. exact (Raw.max_elt_spec2 _ _ _ _). Qed.
+  Lemma max_elt_spec3 : max_elt s = None → Empty s.
+  Proof. exact (Raw.max_elt_spec3 _). Qed.
+ +
+  Lemma compare_spec : CompSpec eq lt s s' (compare s s').
+  Proof.
+    generalize s s'.
+    move ⇒ [s1 H_ok_s1] [s2 H_ok_s2].
+    move : (Raw.compare_spec s1 s2).
+    rewrite /CompSpec /eq /Equal /In /lt /compare /=.
+    replace (∀ a : elt, Raw.In a s1 ↔ Raw.In a s2) with
+    (Raw.Equal s1 s2) by done.
+    suff H_eq : (Raw.Equal s1 s2) ↔ (s1 = s2). {
+      move ⇒ [] H; constructor ⇒ //.
+      by rewrite H_eq.
+    }
+    rewrite -Raw.equal_spec Raw.equal_alt_def //.
+  Qed.
+ +
End Spec.
+ +
+End MSetIntervals.
+ +
+
+ +
+

Instantiations

+ + +
+ + It remains to provide instantiations for commonly used datatypes. +
+ +

Z

+ +
+
+ +
+Module ElementEncodeZ <: ElementEncode.
+  Module E := Z.
+ +
+  Definition encode (z : Z) := z.
+  Definition decode (z : Z) := z.
+ +
+  Lemma decode_encode_ok: ∀ (e : E.t),
+    decode (encode e) = e.
+  Proof. by []. Qed.
+ +
+  Lemma encode_eq : ∀ (e1 e2 : E.t),
+    (Z.eq (encode e1) (encode e2)) ↔ E.eq e1 e2.
+  Proof. by []. Qed.
+ +
+  Lemma encode_lt : ∀ (e1 e2 : E.t),
+    (Z.lt (encode e1) (encode e2)) ↔ E.lt e1 e2.
+  Proof. by []. Qed.
+ +
+End ElementEncodeZ.
+ +
+Module MSetIntervalsZ <: SetsOn Z := MSetIntervals ElementEncodeZ.
+ +
+
+ +
+

N

+ +
+
+ +
+Module ElementEncodeN <: ElementEncode.
+  Module E := N.
+ +
+  Definition encode (n : N) := Z.of_N n.
+  Definition decode (z : Z) := Z.to_N z.
+ +
+  Lemma decode_encode_ok: ∀ (e : E.t),
+    decode (encode e) = e.
+  Proof.
+    intros e.
+    rewrite /encode /decode N2Z.id //.
+  Qed.
+ +
+  Lemma encode_eq : ∀ (e1 e2 : E.t),
+    (Z.eq (encode e1) (encode e2)) ↔ E.eq e1 e2.
+  Proof.
+    intros e1 e2.
+    rewrite /encode /Z.eq N2Z.inj_iff /E.eq //.
+  Qed.
+ +
+  Lemma encode_lt : ∀ (e1 e2 : E.t),
+    (Z.lt (encode e1) (encode e2)) ↔ E.lt e1 e2.
+  Proof.
+    intros e1 e2.
+    rewrite /encode -N2Z.inj_lt //.
+  Qed.
+ +
+End ElementEncodeN.
+ +
+Module MSetIntervalsN <: SetsOn N := MSetIntervals ElementEncodeN.
+ +
+
+ +
+

nat

+ +
+
+Module ElementEncodeNat <: ElementEncode.
+  Module E := Nat.
+ +
+  Definition encode (n : nat) := Z.of_nat n.
+  Definition decode (z : Z) := Z.to_nat z.
+ +
+  Lemma decode_encode_ok: ∀ (e : E.t),
+    decode (encode e) = e.
+  Proof.
+    intros e.
+    rewrite /encode /decode Nat2Z.id //.
+  Qed.
+ +
+  Lemma encode_eq : ∀ (e1 e2 : E.t),
+    (Z.eq (encode e1) (encode e2)) ↔ E.eq e1 e2.
+  Proof.
+    intros e1 e2.
+    rewrite /encode /Z.eq Nat2Z.inj_iff /E.eq //.
+  Qed.
+ +
+  Lemma encode_lt : ∀ (e1 e2 : E.t),
+    (Z.lt (encode e1) (encode e2)) ↔ E.lt e1 e2.
+  Proof.
+    intros e1 e2.
+    rewrite /encode -Nat2Z.inj_lt //.
+  Qed.
+ +
+End ElementEncodeNat.
+ +
+Module MSetIntervalsNat <: SetsOn Nat := MSetIntervals ElementEncodeNat.
+ +
+
+
+ + + +
+ + + \ No newline at end of file diff --git a/html/MSetsExtra.MSetListWithDups.html b/html/MSetsExtra.MSetListWithDups.html new file mode 100644 index 0000000..4b0ff38 --- /dev/null +++ b/html/MSetsExtra.MSetListWithDups.html @@ -0,0 +1,972 @@ + + + + + +MSetsExtra.MSetListWithDups + + + + +
+ + + +
+ +

Library MSetsExtra.MSetListWithDups

+ +
+ +
+
+ +
+

Weak sets implemented as lists with duplicates

+ + +
+ + This file contains an implementation of the weak set interface + WSetsOnWithDupsExtra. As a datatype unsorted lists are used + that might contain duplicates. + +
+ + This implementation is useful, if one needs very efficient + insert and union operation, and can guarantee that one does not + add too many duplicates. The operation elements_dist is implemented + by sorting the list first. Therefore this instantiation can only + be used if the element type is ordered. + +
+
+ +
+Require Export MSetInterface.
+Require Import mathcomp.ssreflect.ssreflect.
+Require Import List OrdersFacts OrdersLists.
+Require Import Sorting Permutation.
+Require Import MSetWithDups.
+ +
+
+ +
+

Removing duplicates from sorted lists

+ + +
+ + The following module RemoveDupsFromSorted defines an operation + remove_dups_from_sortedA that removes duplicates from a sorted + list. In order to talk about sorted lists, the element type needs + to be ordered. + +
+ + This function is combined with a sort function to get a function + remove_dups_by_sortingA to sort unsorted lists and then remove + duplicates. +
+
+Module RemoveDupsFromSorted (Import X:OrderedType).
+ +
+
+ +
+First, we need some infrastructure for our ordered type +
+
+  Module Import MX := OrderedTypeFacts X.
+ +
+  Module Import XTotalLeBool <: TotalLeBool.
+    Definition t := X.t.
+    Definition leb x y :=
+      match X.compare x y with
+        | Lt ⇒ true
+        | Eq ⇒ true
+        | Gt ⇒ false
+      end.
+ +
+    Infix "<=?" := leb (at level 35).
+ +
+    Theorem leb_total : ∀ (a1 a2 : t), (a1 <=? a2 = true) ∨ (a2 <=? a1 = true).
+    Proof.
+      intros a1 a2.
+      unfold leb.
+      rewrite (compare_antisym a1 a2).
+      case (X.compare a1 a2); rewrite /=; tauto.
+    Qed.
+ +
+    Definition le x y := (leb x y = true).
+  End XTotalLeBool.
+ +
+  Lemma eqb_eq_alt : ∀ x y, eqb x y = true ↔ eq x y.
+  Proof.
+    intros x y.
+    rewrite eqb_alt -compare_eq_iff.
+    case (compare x y) ⇒ //.
+  Qed.
+ +
+
+ +
+Now we can define our main function +
+
+  Fixpoint remove_dups_from_sortedA_aux (acc : list t) (l : list t) : list t :=
+    match l with
+    | nil ⇒ List.rev' acc
+    | x :: xs ⇒
+       match xs with
+       | nil ⇒ List.rev' (x :: acc)
+       | y :: ys ⇒
+           if eqb x y then
+             remove_dups_from_sortedA_aux acc xs
+           else
+             remove_dups_from_sortedA_aux (x::acc) xs
+       end
+    end.
+ +
+  Definition remove_dups_from_sortedA := remove_dups_from_sortedA_aux (nil : list t).
+ +
+
+ +
+We can prove some technical lemmata +
+
+  Lemma remove_dups_from_sortedA_aux_alt : ∀ (l : list X.t) acc,
+    remove_dups_from_sortedA_aux acc l =
+    List.rev acc ++ (remove_dups_from_sortedA l).
+  Proof.
+    unfold remove_dups_from_sortedA.
+    induction l as [| x xs IH] ⇒ acc. {
+      rewrite /remove_dups_from_sortedA_aux /rev' -!rev_alt /= app_nil_r //.
+    } {
+      rewrite /=.
+      case_eq xs. {
+        rewrite /rev' -!rev_alt //.
+      } {
+        move ⇒ y ys H_xs_eq.
+        rewrite -!H_xs_eq !(IH acc) !(IH (x :: acc)) (IH (x::nil)).
+        case (eqb x y) ⇒ //.
+        rewrite /= -app_assoc //.
+      }
+    }
+  Qed.
+ +
+  Lemma remove_dups_from_sortedA_alt :
+    âˆ€ (l : list t),
+    remove_dups_from_sortedA l =
+    match l with
+    | nil ⇒ nil
+    | x :: xs ⇒
+       match xs with
+       | nil ⇒ l
+       | y :: ys ⇒
+           if eqb x y then
+             remove_dups_from_sortedA xs
+           else
+             x :: remove_dups_from_sortedA xs
+       end
+    end.
+  Proof.
+    case. {
+      done.
+    } {
+      intros x xs.
+      rewrite /remove_dups_from_sortedA /= /rev' /=.
+      case xs ⇒ //.
+      move ⇒ y ys.
+      rewrite !remove_dups_from_sortedA_aux_alt /= //.
+    }
+  Qed.
+ +
+  Lemma remove_dups_from_sortedA_hd :
+      âˆ€ x xs,
+      âˆƒ (x':t) xs',
+        remove_dups_from_sortedA (x :: xs) =
+        (x' :: xs') ∧ (eqb x x' = true).
+  Proof.
+    intros x xs.
+    move : x;
+    induction xs as [| y ys IH] ⇒ x. {
+      rewrite remove_dups_from_sortedA_alt.
+      âˆƒ x, nil.
+      split; first reflexivity.
+      rewrite eqb_alt compare_refl //.
+    } {
+      rewrite remove_dups_from_sortedA_alt.
+      case_eq (eqb x y); last first. {
+        move ⇒ _.
+        âˆƒ x, (remove_dups_from_sortedA (y :: ys)).
+        split; first reflexivity.
+        rewrite eqb_alt compare_refl //.
+      } {
+        move ⇒ H_eqb_xy.
+        move : (IH y) ⇒ {IH} [x'] [xs'] [->] H_eqb_yx'.
+        âˆƒ x', xs'.
+        split; first done.
+        move : H_eqb_xy H_eqb_yx'.
+        rewrite !eqb_eq_alt.
+        apply MX.eq_trans.
+      }
+    }
+  Qed.
+ +
+
+ +
+Finally we get our main result for removing duplicates from sorted lists +
+
+  Lemma remove_dups_from_sortedA_spec :
+    âˆ€ (l : list t),
+      Sorted le l →
+      let l' := remove_dups_from_sortedA l in (
+    
+      Sorted lt l' ∧
+      NoDupA eq l' ∧
+      (∀ x, InA eq x l ↔ InA eq x l')).
+  Proof.
+    simpl.
+    induction l as [| x xs IH]. {
+      rewrite remove_dups_from_sortedA_alt.
+      done.
+    } {
+      rewrite remove_dups_from_sortedA_alt.
+      move : IH.
+      case xs ⇒ {xs}. {
+        move ⇒ _.
+        split; last split. {
+          apply Sorted_cons ⇒ //.
+        } {
+          apply NoDupA_singleton.
+        } {
+          done.
+        }
+      } {
+        move ⇒ y ys IH H_sorted_x_y_ys.
+        apply Sorted_inv in H_sorted_x_y_ys as [H_sorted_y_ys H_hd_rel].
+        apply HdRel_inv in H_hd_rel.
+ +
+        have : ∃ y' ys',
+          remove_dups_from_sortedA (y :: ys) = y' :: ys' ∧
+          eqb y y' = true. {
+          apply remove_dups_from_sortedA_hd ⇒ //.
+        }
+        move ⇒ [y'] [ys'] [H_yys'_intro] /eqb_eq_alt H_eq_y_y'.
+ +
+        move : (IH H_sorted_y_ys).
+        rewrite !H_yys'_intro.
+        move ⇒ {IH} [IH1] [IH2] IH3.
+ +
+        case_eq (eqb x y). {
+          rewrite eqb_eq_alt ⇒ H_eq_x_y.
+          split ⇒ //.
+          split ⇒ //.
+          move ⇒ x'.
+          rewrite InA_cons IH3.
+          split; last tauto.
+          move ⇒ [] //.
+          move ⇒ H_eq_x'_x.
+          apply InA_cons_hd.
+          apply eq_trans with (y := x) ⇒ //.
+          apply eq_trans with (y := y) ⇒ //.
+        }
+        move ⇒ H_neqb_x_y.
+ +
+        have H_sorted : Sorted lt (x :: y' :: ys'). {
+          apply Sorted_cons ⇒ //.
+          apply HdRel_cons.
+          rewrite -compare_lt_iff.
+          suff : (compare x y = Lt). {
+            setoid_rewrite compare_compat; eauto;
+              apply eq_refl.
+          }
+          move : H_hd_rel H_neqb_x_y.
+          rewrite eqb_alt /le /leb.
+          case (compare x y) ⇒ //.
+        }
+        split; last split. {
+          assumption.
+        } {
+          apply NoDupA_cons ⇒ //.
+ +
+          move ⇒ /InA_alt [x'] [H_eq_xx'] H_in_x'.
+          have : Forall (lt x) (y' :: ys'). {
+            apply Sorted_extends ⇒ //.
+            rewrite /Relations_1.Transitive.
+            by apply lt_trans.
+          }
+          rewrite Forall_forall ⇒ H_forall.
+          move : (H_forall _ H_in_x') ⇒ {H_forall}.
+          move : H_eq_xx'.
+          rewrite -compare_lt_iff -compare_eq_iff.
+          move ⇒ → //.
+        } {
+          move ⇒ x0.
+          rewrite !(InA_cons eq x0 x) IH3 //.
+        }
+      }
+    }
+  Qed.
+ +
+
+ +
+Next, we combine it with sorting +
+
+  Module Import XSort := Sort XTotalLeBool.
+ +
+  Definition remove_dups_by_sortingA (l : list t) : list t :=
+    remove_dups_from_sortedA (XSort.sort l).
+ +
+  Lemma remove_dups_by_sortingA_spec :
+    âˆ€ (l : list t),
+      let l' := remove_dups_by_sortingA l in (
+    
+      Sorted lt l' ∧
+      NoDupA eq l' ∧
+      (∀ x, InA eq x l ↔ InA eq x l')).
+  Proof.
+    intro l.
+ +
+    suff : (∀ x : X.t, InA eq x (sort l) ↔ InA eq x l) ∧
+           Sorted le (sort l). {
+      
+      unfold remove_dups_by_sortingA.
+      move : (remove_dups_from_sortedA_spec (sort l)).
+      simpl.
+      move ⇒ H_spec [H_in_sort H_sorted_sort].
+      move : (H_spec H_sorted_sort).
+      move ⇒ [H1] [H2] H3.
+      split ⇒ //.
+      split ⇒ //.
+      move ⇒ x.
+      rewrite -H_in_sort H3 //.
+    }
+
+    split. {
+      have H_in_sort : ∀ x, List.In x (XSort.sort l) ↔ List.In x l. {
+        intros x.
+        have H_perm := (XSort.Permuted_sort l).
+        split; apply Permutation_in ⇒ //.
+        by apply Permutation_sym.
+      }
+
+      intros x.
+      rewrite !InA_alt.
+      setoid_rewrite H_in_sort ⇒ //.
+    } {
+      move : (Sorted_sort l).
+      rewrite /is_true /le /leb //.
+    }
+  Qed.
+ +
+End RemoveDupsFromSorted.
+ +
+
+ +
+

Operations Module

+ + +
+ +With removing duplicates defined, we can implement +the operations for our set implementation easily. + +
+
+ +
+Module Ops (X:OrderedType) <: WOps X.
+ +
+  Module RDFS := RemoveDupsFromSorted X.
+  Module Import MX := OrderedTypeFacts X.
+ +
+  Definition elt := X.t.
+  Definition t := list elt.
+ +
+  Definition empty : t := nil.
+ +
+  Definition is_empty (l : t) := match l with nil ⇒ true | _ ⇒ false end.
+  Fixpoint mem (x : elt) (s : t) : bool :=
+    match s with
+    | nil ⇒ false
+    | y :: l ⇒
+           match X.compare x y with
+               Eq ⇒ true
+             | _ ⇒ mem x l
+           end
+    end.
+ +
+  Definition add x (s : t) := x :: s.
+  Definition singleton (x : elt) := x :: nil.
+ +
+  Fixpoint rev_filter_aux acc (f : elt → bool) s :=
+    match s with
+       nil ⇒ acc
+     | (x :: xs) ⇒ rev_filter_aux (if (f x) then (x :: acc) else acc) f xs
+    end.
+  Definition rev_filter := rev_filter_aux nil.
+ +
+  Definition filter (f : elt → bool) (s : t) : t := rev_filter f s.
+ +
+  Definition remove x s :=
+    rev_filter (fun y ⇒ match X.compare x y with Eq ⇒ false | _ ⇒ true end) s.
+ +
+  Definition union (s1 s2 : t) : t :=
+    List.rev_append s2 s1.
+ +
+  Definition inter (s1 s2 : t) : t :=
+    rev_filter (fun y ⇒ mem y s2) s1.
+ +
+  Definition elements (x : t) : list elt := x.
+ +
+  Definition elements_dist (x : t) : list elt :=
+    RDFS.remove_dups_by_sortingA x.
+ +
+  Definition fold {B : Type} (f : elt → B → B) (s : t) (i : B) : B :=
+    fold_left (flip f) (elements s) i.
+ +
+  Definition diff (s s' : t) : t := fold remove s' s.
+ +
+  Definition subset (s s' : t) : bool :=
+    List.forallb (fun x ⇒ mem x s') s.
+ +
+  Definition equal (s s' : t) : bool := andb (subset s s') (subset s' s).
+ +
+  Fixpoint for_all (f : elt → bool) (s : t) : bool :=
+    match s with
+    | nil ⇒ true
+    | x :: l ⇒ if f x then for_all f l else false
+    end.
+ +
+  Fixpoint exists_ (f : elt → bool) (s : t) : bool :=
+    match s with
+    | nil ⇒ false
+    | x :: l ⇒ if f x then true else exists_ f l
+    end.
+ +
+  Fixpoint partition_aux (a1 a2 : t) (f : elt → bool) (s : t) : t × t :=
+    match s with
+    | nil ⇒ (a1, a2)
+    | x :: l ⇒
+        if f x then partition_aux (x :: a1) a2 f l else
+                    partition_aux a1 (x :: a2) f l
+    end.
+ +
+  Definition partition := partition_aux nil nil.
+ +
+  Definition cardinal (s : t) : nat := length (elements_dist s).
+ +
+  Definition choose (s : t) : option elt :=
+     match s with
+      | nil ⇒ None
+      | x::_ ⇒ Some x
+     end.
+ +
+End Ops.
+ +
+
+ +
+

Main Module

+ + +
+ + Using these operations, we can define the main functor. For this, + we need to prove that the provided operations do indeed satisfy + the weak set interface. This is mostly straightforward and + unsurprising. The only interesting part is that removing + duplicates from a sorted list behaves as expected. This has + however already been proved in module RemoveDupsFromSorted. + +
+
+Module Make (E:OrderedType) <: WSetsOnWithDupsExtra E.
+  Include Ops E.
+  Import MX.
+ +
+
+ +
+

Proofs of set operation specifications.

+ Logical predicates +
+
+  Definition In x (s : t) := SetoidList.InA E.eq x s.
+ +
+  #[local] Instance In_compat : Proper (E.eq==>eq==>iff) In.
+  Proof. repeat red. intros. rewrite H H0. auto. Qed.
+ +
+  Definition Equal s s' := ∀ a : elt, In a s ↔ In a s'.
+  Definition Subset s s' := ∀ a : elt, In a s → In a s'.
+  Definition Empty s := ∀ a : elt, ¬ In a s.
+  Definition For_all (P : elt → Prop) s := ∀ x, In x s → P x.
+  Definition Exists (P : elt → Prop) s := ∃ x, In x s ∧ P x.
+ +
+  Notation "s [=] t" := (Equal s t) (at level 70, no associativity).
+  Notation "s [<=] t" := (Subset s t) (at level 70, no associativity).
+ +
+  Definition eq : t → t → Prop := Equal.
+  Lemma eq_equiv : Equivalence eq.
+  Proof.
+    constructor. {
+      done.
+    } {
+      by constructor; rewrite H.
+    } {
+      by constructor; rewrite H H0.
+    }
+  Qed.
+ +
+ +
+
+ +
+Specifications of set operators +
+
+ +
+  Notation compatb := (Proper (E.eq==>Logic.eq)) (only parsing).
+ +
+  Lemma mem_spec : ∀ s x, mem x s = true ↔ In x s.
+  Proof.
+    induction s as [| y s' IH]. {
+      move ⇒ x.
+      rewrite /= /In InA_nil.
+      split ⇒ //.
+    } {
+      move ⇒ x.
+      rewrite /= /In InA_cons.
+      move : (MX.compare_eq_iff x y).
+      case (E.compare x y). {
+        tauto.
+      } {
+        rewrite IH; intuition; inversion H1.
+      } {
+        rewrite IH; intuition; inversion H1.
+      }
+    }
Qed.
+ +
+  Lemma subset_spec : ∀ s s', subset s s' = true ↔ s[<=]s'.
+  Proof.
+    intros s s'.
+    rewrite /subset forallb_forall /Subset /In.
+    split. {
+      move ⇒ H z /InA_alt [] x [H_z_eq] H_in.
+      move : (H _ H_in).
+      rewrite mem_spec.
+      setoid_replace z with x ⇒ //.
+    } {
+      move ⇒ H z H_in.
+      rewrite mem_spec.
+      apply H, In_InA ⇒ //.
+      apply E.eq_equiv.
+    }
+  Qed.
+ +
+  Lemma equal_spec : ∀ s s', equal s s' = true ↔ s[=]s'.
+  Proof.
+    intros s s'.
+    rewrite /Equal /equal Bool.andb_true_iff !subset_spec /Subset.
+    split. {
+      move ⇒ [H1 H2] a.
+      split.
+        - by apply H1.
+        - by apply H2.
+    } {
+      move ⇒ H.
+      split; move ⇒ a; rewrite H //.
+    }
+  Qed.
+ +
+  Lemma eq_dec : ∀ x y : t, {eq x y} + {¬ eq x y}.
+  Proof.
+    intros x y.
+    change ({Equal x y}+{¬Equal x y}).
+    destruct (equal x y) eqn:H; [left|right];
+     rewrite <- equal_spec; congruence.
+  Qed.
+ +
+  Lemma empty_spec : Empty empty.
+  Proof. rewrite /Empty /empty /In. move ⇒ a /InA_nil //. Qed.
+ +
+  Lemma is_empty_spec : ∀ s, is_empty s = true ↔ Empty s.
+  Proof.
+    rewrite /is_empty /Empty /In.
+    case; split ⇒ //. {
+      move ⇒ _ a.
+      rewrite InA_nil //.
+    } {
+      move ⇒ H; contradiction (H a).
+      apply InA_cons_hd.
+      apply Equivalence_Reflexive.
+    }
+  Qed.
+ +
+  Lemma add_spec : ∀ s x y, In y (add x s) ↔ E.eq y x ∨ In y s.
+  Proof.
+    intros s x y.
+    rewrite /add /In InA_cons //.
+  Qed.
+ +
+  Lemma singleton_spec : ∀ x y, In y (singleton x) ↔ E.eq y x.
+  Proof.
+    intros x y.
+    rewrite /singleton /In InA_cons.
+    split. {
+      move ⇒ [] // /InA_nil //.
+    } {
+      by left.
+    }
+  Qed.
+ +
+  Lemma rev_filter_aux_spec : ∀ s acc x f, compatb f →
+    (In x (rev_filter_aux acc f s) ↔ (In x s ∧ f x = true) ∨ (In x acc)).
+  Proof.
+    intros s acc x f H_compat.
+    move : x acc.
+    induction s as [| y s' IH]. {
+      intros x acc.
+      rewrite /rev_filter_aux /In InA_nil.
+      tauto.
+    } {
+      intros x acc.
+      rewrite /= IH /In.
+      case_eq (f y) ⇒ H_fy; rewrite !InA_cons; intuition. {
+        left.
+        split; first by left.
+        setoid_replace x with y ⇒ //.
+      } {
+        contradict H1.
+        setoid_replace x with y ⇒ //.
+        by rewrite H_fy.
+      }
+    }
+  Qed.
+ +
+  Lemma filter_spec : ∀ s x f, compatb f →
+    (In x (filter f s) ↔ In x s ∧ f x = true).
+  Proof.
+    intros s x f H_compat.
+    rewrite /filter /rev_filter rev_filter_aux_spec /In InA_nil.
+    tauto.
+  Qed.
+ +
+  Lemma remove_spec : ∀ s x y, In y (remove x s) ↔ In y s ∧ ¬E.eq y x.
+  Proof.
+    intros s x y.
+    rewrite /remove /rev_filter.
+    have H_compat : compatb ((fun y0 : elt ⇒
+         match E.compare x y0 with
+         | Eq ⇒ false
+         | _ ⇒ true
+         end)). {
+      repeat red; intros.
+      setoid_replace x0 with y0 ⇒ //.
+    }
+    rewrite rev_filter_aux_spec /In InA_nil.
+    have → : (E.eq y x ↔ E.eq x y). {
+      split; move ⇒ ?; by apply Equivalence_Symmetric.
+    }
+    rewrite -compare_eq_iff.
+    case (E.compare x y). {
+      intuition.
+    } {
+      intuition.
+      inversion H0.
+    } {
+      intuition.
+      inversion H0.
+    }
+  Qed.
+ +
+  Lemma union_spec : ∀ s s' x, In x (union s s') ↔ In x s ∨ In x s'.
+  Proof.
+    intros s s' x.
+    rewrite /union /In rev_append_rev InA_app_iff InA_rev; tauto.
+  Qed.
+ +
+  Lemma inter_spec : ∀ s s' x, In x (inter s s') ↔ In x s ∧ In x s'.
+  Proof.
+    intros s s' x.
+    have H_compat : compatb (fun y : elt ⇒ mem y s'). {
+      repeat red; intros.
+      suff : ( mem x0 s' = true ↔ mem y s' = true). {
+        case (mem y s'), (mem x0 s'); intuition.
+      }
+      rewrite !mem_spec /In.
+      setoid_replace x0 with y ⇒ //.
+    }
+    rewrite /inter rev_filter_aux_spec mem_spec /In InA_nil.
+    tauto.
+  Qed.
+ +
+  Lemma fold_spec : ∀ s (A : Type) (i : A) (f : elt → A → A),
+    fold f s i = fold_left (flip f) (elements s) i.
+  Proof. done. Qed.
+ +
+  Lemma elements_spec1 : ∀ s x, InA E.eq x (elements s) ↔ In x s.
+  Proof.
+    intros s x.
+    rewrite /elements /In //.
+  Qed.
+ +
+  Lemma diff_spec : ∀ s s' x, In x (diff s s') ↔ In x s ∧ ¬In x s'.
+  Proof.
+    intros s s' x.
+    rewrite /diff fold_spec -(elements_spec1 s').
+    move : s.
+    induction (elements s') as [| y ys IH] ⇒ s. {
+      rewrite InA_nil /=; tauto.
+    } {
+      rewrite /= IH InA_cons /flip remove_spec.
+      tauto.
+    }
+  Qed.
+ +
+  Lemma cardinal_spec : ∀ s, cardinal s = length (elements_dist s).
+  Proof. rewrite /cardinal //. Qed.
+ +
+  Lemma for_all_spec : ∀ s f, compatb f →
+    (for_all f s = true ↔ For_all (fun x ⇒ f x = true) s).
+  Proof.
+    intros s f H_compat.
+    rewrite /For_all.
+    induction s as [| x xs IH]. {
+      rewrite /= /In.
+      split ⇒ //.
+      move ⇒ _ x /InA_nil //.
+    } {
+      rewrite /=.
+      case_eq (f x) ⇒ H_fx. {
+        rewrite IH.
+        split. {
+          move ⇒ H x' /InA_cons []. {
+            move ⇒ → //.
+          } {
+            apply H.
+          }
+        } {
+          move ⇒ H x' H_in.
+          apply H.
+          apply InA_cons.
+          by right.
+        }
+      } {
+        split ⇒ //.
+        move ⇒ H.
+        suff : f x = true. {
+          rewrite H_fx //.
+        }
+        apply H.
+        apply InA_cons_hd.
+        apply (@Equivalence_Reflexive _ _ E.eq_equiv).
+      }
+    }
+  Qed.
+ +
+  Lemma exists_spec : ∀ s f, compatb f →
+    (exists_ f s = true ↔ Exists (fun x ⇒ f x = true) s).
+  Proof.
+    intros s f H_compat.
+    rewrite /Exists.
+    induction s as [| x xs IH]. {
+      rewrite /= /In.
+      split ⇒ //.
+      move ⇒ [x] [] /InA_nil //.
+    } {
+      rewrite /=.
+      case_eq (f x) ⇒ H_fx. {
+        split ⇒ // _.
+        âˆƒ x.
+        split ⇒ //.
+        apply InA_cons_hd.
+        apply (@Equivalence_Reflexive _ _ E.eq_equiv).
+      } {
+        rewrite IH.
+        split. {
+          move ⇒ [x'] [H_in] H_fx'.
+          âˆƒ x'.
+          split ⇒ //.
+          apply InA_cons.
+          by right.
+        } {
+          move ⇒ [x'] [] /InA_cons []. {
+            move ⇒ →.
+            rewrite H_fx //.
+          } {
+            by ∃ x'.
+          }
+        }
+      }
+    }
+  Qed.
+ +
+  Lemma partition_aux_spec : ∀ a1 a2 s f,
+    (partition_aux a1 a2 f s = (rev_filter_aux a1 f s, rev_filter_aux a2 (fun x ⇒ negb (f x)) s)).
+  Proof.
+    move ⇒ a1 a2 s f.
+    move : a1 a2.
+    induction s as [| x xs IH]. {
+      rewrite /partition_aux /rev_filter_aux //.
+    } {
+      intros a1 a2.
+      rewrite /= IH.
+      case (f x) ⇒ //.
+ +
+    }
+  Qed.
+ +
+  Lemma partition_spec1 : ∀ s f, compatb f →
+    fst (partition f s) [=] filter f s.
+  Proof.
+    move ⇒ s f _.
+    rewrite /partition partition_aux_spec /fst /filter /rev_filter //.
+  Qed.
+ +
+  Lemma partition_spec2 : ∀ s f, compatb f →
+    snd (partition f s) [=] filter (fun x ⇒ negb (f x)) s.
+  Proof.
+    move ⇒ s f _.
+    rewrite /partition partition_aux_spec /snd /filter /rev_filter //.
+  Qed.
+ +
+  Lemma choose_spec1 : ∀ s x, choose s = Some x → In x s.
+  Proof.
+   move ⇒ [] // y s' x [->].
+   rewrite /In.
+   apply InA_cons_hd.
+   apply Equivalence_Reflexive.
+  Qed.
+ +
+  Lemma choose_spec2 : ∀ s, choose s = None → Empty s.
+  Proof. move ⇒ [] // _ a. rewrite /In InA_nil //. Qed.
+ +
+  Lemma elements_dist_spec_full :
+    âˆ€ s,
+      Sorted E.lt (elements_dist s) ∧
+      NoDupA E.eq (elements_dist s) ∧
+      (∀ x, InA E.eq x (elements_dist s) ↔ InA E.eq x (elements s)).
+  Proof.
+    move ⇒ s.
+    rewrite /elements_dist /elements.
+    move : (RDFS.remove_dups_by_sortingA_spec s).
+    simpl.
+    firstorder.
+  Qed.
+ +
+  Lemma elements_dist_spec1 : ∀ x s, InA E.eq x (elements_dist s) ↔
+                                          InA E.eq x (elements s).
+  Proof. intros; apply elements_dist_spec_full. Qed.
+ +
+  Lemma elements_dist_spec2w : ∀ s, NoDupA E.eq (elements_dist s).
+  Proof. intros; apply elements_dist_spec_full. Qed.
+ +
+End Make.
+
+
+ + + +
+ + + \ No newline at end of file diff --git a/html/MSetsExtra.MSetWithDups.html b/html/MSetsExtra.MSetWithDups.html new file mode 100644 index 0000000..85666d1 --- /dev/null +++ b/html/MSetsExtra.MSetWithDups.html @@ -0,0 +1,254 @@ + + + + + +MSetsExtra.MSetWithDups + + + + +
+ + + +
+ +

Library MSetsExtra.MSetWithDups

+ +
+ +
+
+ +
+

Signature for weak sets which may contain duplicates

+ + +
+ + The interface WSetsOn demands that elements returns a list + without duplicates and that the fold function iterates over this + result. Another potential problem is that the function cardinal + is supposed to return the length of the elements list. + +
+ + Therefore, implementations that store duplicates internally and for + which the fold function would visit elements multiple times are + ruled out. Such implementations might be desirable for performance + reasons, though. One such (sometimes useful) example are unsorted + lists with duplicates. They have a very efficient insert and union + operation. If they are used in such a way that not too many + membership tests happen and that not too many duplicates + accumulate, it might be a very efficient datastructure. + +
+ + In order to allow efficient weak set implementations that use + duplicates internally, we provide new module types in this + file. There is WSetsOnWithDups, which is a proper subset of + WSetsOn. It just removes the problematic properties of elements + and cardinal. + +
+ + Since one is of course interested in specifying the cardinality + and in computing a list of elements without duplicates, there is + also an extension WSetsOnWithDupsExtra of WSetsOnWithDups. This + extension introduces a new operation elements_dist, which is a + version of elements without duplicates. This allows to + specify cardinality with respect to elements_dist. + +
+
+ +
+Require Import Coq.MSets.MSetInterface.
+Require Import mathcomp.ssreflect.ssreflect.
+ +
+
+ +
+

WSetsOnWithDups

+ + +
+ + The module type WSetOnWithDups is a proper subset of WSetsOn; + the problematic parameters cardinal_spec and elements_spec2w + are missing. + +
+ + We use this approach to be as noninvasive as possible. If we had the + liberty to modify the existing MSet library, it might be better to + define WSetsOnWithDups as below and define WSetOn by adding the two + extra parameters. + +
+
+Module Type WSetsOnWithDups (E : DecidableType).
+  Include WOps E.
+ +
+  Parameter In : elt → t → Prop.
+  #[local] Declare Instance In_compat : Proper (E.eq==>eq==>iff) In.
+ +
+  Definition Equal s s' := ∀ a : elt, In a s ↔ In a s'.
+  Definition Subset s s' := ∀ a : elt, In a s → In a s'.
+  Definition Empty s := ∀ a : elt, ¬ In a s.
+  Definition For_all (P : elt → Prop) s := ∀ x, In x s → P x.
+  Definition Exists (P : elt → Prop) s := ∃ x, In x s ∧ P x.
+ +
+  Notation "s [=] t" := (Equal s t) (at level 70, no associativity).
+  Notation "s [<=] t" := (Subset s t) (at level 70, no associativity).
+ +
+  Definition eq : t → t → Prop := Equal.
+  Include IsEq.
+ +
+eq is obviously an equivalence, for subtyping only +
+
+  Include HasEqDec.
+ +
+  Section Spec.
+  Variable s s': t.
+  Variable x y : elt.
+  Variable f : elt → bool.
+  Notation compatb := (Proper (E.eq==>Logic.eq)) (only parsing).
+ +
+  Parameter mem_spec : mem x s = true ↔ In x s.
+  Parameter equal_spec : equal s s' = true ↔ s[=]s'.
+  Parameter subset_spec : subset s s' = true ↔ s[<=]s'.
+  Parameter empty_spec : Empty empty.
+  Parameter is_empty_spec : is_empty s = true ↔ Empty s.
+  Parameter add_spec : In y (add x s) ↔ E.eq y x ∨ In y s.
+  Parameter remove_spec : In y (remove x s) ↔ In y s ∧ ¬E.eq y x.
+  Parameter singleton_spec : In y (singleton x) ↔ E.eq y x.
+  Parameter union_spec : In x (union s s') ↔ In x s ∨ In x s'.
+  Parameter inter_spec : In x (inter s s') ↔ In x s ∧ In x s'.
+  Parameter diff_spec : In x (diff s s') ↔ In x s ∧ ¬In x s'.
+  Parameter fold_spec : ∀ (A : Type) (i : A) (f : elt → A → A),
+    fold f s i = fold_left (flip f) (elements s) i.
+  Parameter filter_spec : compatb f →
+    (In x (filter f s) ↔ In x s ∧ f x = true).
+  Parameter for_all_spec : compatb f →
+    (for_all f s = true ↔ For_all (fun x ⇒ f x = true) s).
+  Parameter exists_spec : compatb f →
+    (exists_ f s = true ↔ Exists (fun x ⇒ f x = true) s).
+  Parameter partition_spec1 : compatb f →
+    fst (partition f s) [=] filter f s.
+  Parameter partition_spec2 : compatb f →
+    snd (partition f s) [=] filter (fun x ⇒ negb (f x)) s.
+  Parameter elements_spec1 : InA E.eq x (elements s) ↔ In x s.
+  Parameter choose_spec1 : choose s = Some x → In x s.
+  Parameter choose_spec2 : choose s = None → Empty s.
+ +
+  End Spec.
+ +
+End WSetsOnWithDups.
+ +
+
+ +
+

WSetsOnWithDupsExtra

+ + +
+ + WSetsOnWithDupsExtra introduces elements_dist in order to + specify cardinality and in order to get an operation similar to + the original behavior of elements. +
+
+Module Type WSetsOnWithDupsExtra (E : DecidableType).
+  Include WSetsOnWithDups E.
+ +
+
+ +
+An operation for getting an elements list without duplicates +
+
+  Parameter elements_dist : t → list elt.
+ +
+  Parameter elements_dist_spec1 : ∀ x s, InA E.eq x (elements_dist s) ↔
+                                              InA E.eq x (elements s).
+ +
+  Parameter elements_dist_spec2w : ∀ s, NoDupA E.eq (elements_dist s).
+ +
+
+ +
+Cardinality can then be specified with respect to elements_dist. +
+
+  Parameter cardinal_spec : ∀ s, cardinal s = length (elements_dist s).
+End WSetsOnWithDupsExtra.
+ +
+
+ +
+

WSetOn to WSetsOnWithDupsExtra

+ + +
+ + Since WSetsOnWithDupsExtra is morally a weaker version of WSetsOn + that allows the fold operation to visit elements multiple time, we can write then + following conversion. +
+
+ +
+Module WSetsOn_TO_WSetsOnWithDupsExtra (E : DecidableType) (W : WSetsOn E) <:
+  WSetsOnWithDupsExtra E.
+ +
+  Include W.
+ +
+  Definition elements_dist := W.elements.
+ +
+  Lemma elements_dist_spec1 : ∀ x s, InA E.eq x (elements_dist s) ↔
+                                          InA E.eq x (elements s).
+  Proof. done. Qed.
+ +
+  Lemma elements_dist_spec2w : ∀ s, NoDupA E.eq (elements_dist s).
+  Proof. apply elements_spec2w. Qed.
+ +
+End WSetsOn_TO_WSetsOnWithDupsExtra.
+ +
+
+
+ + + +
+ + + \ No newline at end of file diff --git a/coqdoc/coqdoc.css b/html/coqdoc.css similarity index 97% rename from coqdoc/coqdoc.css rename to html/coqdoc.css index dbc930f..48096e5 100644 --- a/coqdoc/coqdoc.css +++ b/html/coqdoc.css @@ -230,6 +230,10 @@ tr.infrulemiddle hr { color: rgb(40%,0%,40%); } +.id[title="binder"] { + color: rgb(40%,0%,40%); +} + .id[type="definition"] { color: rgb(0%,40%,0%); } @@ -327,3 +331,8 @@ ul.doclist { margin-top: 0em; margin-bottom: 0em; } + +.code :target { + border: 2px solid #D4D4D4; + background-color: #e5eecc; +} diff --git a/html/index.html b/html/index.html new file mode 100644 index 0000000..f5b604f --- /dev/null +++ b/html/index.html @@ -0,0 +1,5391 @@ + + + + + +Index + + + + +
+ + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Global IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(2110 entries)
Notation IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(5 entries)
Binder IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(1515 entries)
Module IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(43 entries)
Variable IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(10 entries)
Library IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(4 entries)
Lemma IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(257 entries)
Axiom IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(32 entries)
Constructor IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(10 entries)
Projection IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(7 entries)
Inductive IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(2 entries)
Section IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(3 entries)
Instance IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(17 entries)
Abbreviation IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(3 entries)
Definition IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(199 entries)
Record IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(3 entries)
+
+

Global Index

+

A

+ab:347 [binder, in MSetsExtra.MSetIntervals]
+ab:363 [binder, in MSetsExtra.MSetIntervals]
+acc_f:906 [binder, in MSetsExtra.MSetIntervals]
+acc_t:905 [binder, in MSetsExtra.MSetIntervals]
+acc_f:899 [binder, in MSetsExtra.MSetIntervals]
+acc_t:897 [binder, in MSetsExtra.MSetIntervals]
+acc_f:200 [binder, in MSetsExtra.MSetIntervals]
+acc_t:199 [binder, in MSetsExtra.MSetIntervals]
+acc_f:196 [binder, in MSetsExtra.MSetIntervals]
+acc_t:195 [binder, in MSetsExtra.MSetIntervals]
+acc':348 [binder, in MSetsExtra.MSetIntervals]
+acc':364 [binder, in MSetsExtra.MSetIntervals]
+acc:106 [binder, in MSetsExtra.MSetIntervals]
+acc:119 [binder, in MSetsExtra.MSetListWithDups]
+acc:125 [binder, in MSetsExtra.MSetIntervals]
+acc:141 [binder, in MSetsExtra.MSetIntervals]
+acc:147 [binder, in MSetsExtra.MSetIntervals]
+acc:15 [binder, in MSetsExtra.MSetListWithDups]
+acc:151 [binder, in MSetsExtra.MSetIntervals]
+acc:168 [binder, in MSetsExtra.MSetIntervals]
+acc:172 [binder, in MSetsExtra.MSetIntervals]
+acc:181 [binder, in MSetsExtra.MSetIntervals]
+acc:218 [binder, in MSetsExtra.MSetIntervals]
+acc:221 [binder, in MSetsExtra.MSetIntervals]
+acc:23 [binder, in MSetsExtra.MSetIntervals]
+acc:250 [binder, in MSetsExtra.MSetFoldWithAbort]
+acc:311 [binder, in MSetsExtra.MSetIntervals]
+acc:317 [binder, in MSetsExtra.MSetIntervals]
+acc:322 [binder, in MSetsExtra.MSetIntervals]
+acc:326 [binder, in MSetsExtra.MSetIntervals]
+acc:332 [binder, in MSetsExtra.MSetIntervals]
+acc:338 [binder, in MSetsExtra.MSetIntervals]
+acc:344 [binder, in MSetsExtra.MSetIntervals]
+acc:35 [binder, in MSetsExtra.MSetIntervals]
+acc:352 [binder, in MSetsExtra.MSetIntervals]
+acc:356 [binder, in MSetsExtra.MSetIntervals]
+acc:359 [binder, in MSetsExtra.MSetIntervals]
+acc:366 [binder, in MSetsExtra.MSetFoldWithAbort]
+acc:370 [binder, in MSetsExtra.MSetFoldWithAbort]
+acc:372 [binder, in MSetsExtra.MSetIntervals]
+acc:378 [binder, in MSetsExtra.MSetFoldWithAbort]
+acc:389 [binder, in MSetsExtra.MSetFoldWithAbort]
+acc:393 [binder, in MSetsExtra.MSetFoldWithAbort]
+acc:401 [binder, in MSetsExtra.MSetFoldWithAbort]
+acc:414 [binder, in MSetsExtra.MSetIntervals]
+acc:43 [binder, in MSetsExtra.MSetListWithDups]
+acc:558 [binder, in MSetsExtra.MSetIntervals]
+acc:56 [binder, in MSetsExtra.MSetIntervals]
+acc:561 [binder, in MSetsExtra.MSetIntervals]
+acc:584 [binder, in MSetsExtra.MSetIntervals]
+acc:588 [binder, in MSetsExtra.MSetIntervals]
+acc:600 [binder, in MSetsExtra.MSetIntervals]
+acc:606 [binder, in MSetsExtra.MSetIntervals]
+acc:633 [binder, in MSetsExtra.MSetIntervals]
+acc:637 [binder, in MSetsExtra.MSetIntervals]
+acc:649 [binder, in MSetsExtra.MSetIntervals]
+acc:65 [binder, in MSetsExtra.MSetIntervals]
+acc:657 [binder, in MSetsExtra.MSetIntervals]
+acc:684 [binder, in MSetsExtra.MSetIntervals]
+acc:70 [binder, in MSetsExtra.MSetIntervals]
+acc:832 [binder, in MSetsExtra.MSetIntervals]
+acc:837 [binder, in MSetsExtra.MSetIntervals]
+acc:840 [binder, in MSetsExtra.MSetIntervals]
+acc:852 [binder, in MSetsExtra.MSetIntervals]
+acc:857 [binder, in MSetsExtra.MSetIntervals]
+acc:864 [binder, in MSetsExtra.MSetIntervals]
+acc:869 [binder, in MSetsExtra.MSetIntervals]
+acc:9 [binder, in MSetsExtra.MSetListWithDups]
+add_add_sub_eq [lemma, in MSetsExtra.MSetIntervals]
+a1:152 [binder, in MSetsExtra.MSetListWithDups]
+a1:3 [binder, in MSetsExtra.MSetListWithDups]
+a1:79 [binder, in MSetsExtra.MSetListWithDups]
+a2:153 [binder, in MSetsExtra.MSetListWithDups]
+a2:4 [binder, in MSetsExtra.MSetListWithDups]
+a2:80 [binder, in MSetsExtra.MSetListWithDups]
+a:1002 [binder, in MSetsExtra.MSetIntervals]
+a:1003 [binder, in MSetsExtra.MSetIntervals]
+A:102 [binder, in MSetsExtra.MSetFoldWithAbort]
+A:11 [binder, in MSetsExtra.MSetFoldWithAbort]
+A:12 [binder, in MSetsExtra.MSetIntervals]
+A:126 [binder, in MSetsExtra.MSetFoldWithAbort]
+A:130 [binder, in MSetsExtra.MSetFoldWithAbort]
+A:137 [binder, in MSetsExtra.MSetListWithDups]
+A:140 [binder, in MSetsExtra.MSetFoldWithAbort]
+A:147 [binder, in MSetsExtra.MSetFoldWithAbort]
+A:158 [binder, in MSetsExtra.MSetFoldWithAbort]
+A:175 [binder, in MSetsExtra.MSetFoldWithAbort]
+A:190 [binder, in MSetsExtra.MSetFoldWithAbort]
+A:20 [binder, in MSetsExtra.MSetIntervals]
+A:201 [binder, in MSetsExtra.MSetFoldWithAbort]
+A:218 [binder, in MSetsExtra.MSetFoldWithAbort]
+A:27 [binder, in MSetsExtra.MSetIntervals]
+a:275 [binder, in MSetsExtra.MSetIntervals]
+a:278 [binder, in MSetsExtra.MSetIntervals]
+a:280 [binder, in MSetsExtra.MSetIntervals]
+A:3 [binder, in MSetsExtra.MSetFoldWithAbort]
+A:30 [binder, in MSetsExtra.MSetFoldWithAbort]
+A:302 [binder, in MSetsExtra.MSetFoldWithAbort]
+A:308 [binder, in MSetsExtra.MSetIntervals]
+A:31 [binder, in MSetsExtra.MSetIntervals]
+A:315 [binder, in MSetsExtra.MSetIntervals]
+A:316 [binder, in MSetsExtra.MSetFoldWithAbort]
+A:32 [binder, in MSetsExtra.MSetWithDups]
+A:320 [binder, in MSetsExtra.MSetIntervals]
+A:324 [binder, in MSetsExtra.MSetIntervals]
+A:329 [binder, in MSetsExtra.MSetIntervals]
+A:336 [binder, in MSetsExtra.MSetIntervals]
+A:341 [binder, in MSetsExtra.MSetIntervals]
+A:343 [binder, in MSetsExtra.MSetFoldWithAbort]
+A:349 [binder, in MSetsExtra.MSetIntervals]
+A:35 [binder, in MSetsExtra.MSetFoldWithAbort]
+A:351 [binder, in MSetsExtra.MSetFoldWithAbort]
+A:354 [binder, in MSetsExtra.MSetIntervals]
+A:357 [binder, in MSetsExtra.MSetIntervals]
+A:359 [binder, in MSetsExtra.MSetFoldWithAbort]
+A:36 [binder, in MSetsExtra.MSetIntervals]
+A:369 [binder, in MSetsExtra.MSetIntervals]
+A:37 [binder, in MSetsExtra.MSetFoldWithAbort]
+A:371 [binder, in MSetsExtra.MSetFoldWithAbort]
+A:382 [binder, in MSetsExtra.MSetFoldWithAbort]
+A:39 [binder, in MSetsExtra.MSetFoldWithAbort]
+A:394 [binder, in MSetsExtra.MSetFoldWithAbort]
+a:4 [binder, in MSetsExtra.MSetWithDups]
+A:54 [binder, in MSetsExtra.MSetIntervals]
+A:58 [binder, in MSetsExtra.MSetFoldWithAbort]
+A:63 [binder, in MSetsExtra.MSetFoldWithAbort]
+A:63 [binder, in MSetsExtra.MSetIntervals]
+A:65 [binder, in MSetsExtra.MSetFoldWithAbort]
+A:67 [binder, in MSetsExtra.MSetFoldWithAbort]
+A:68 [binder, in MSetsExtra.MSetIntervals]
+A:7 [binder, in MSetsExtra.MSetFoldWithAbort]
+a:7 [binder, in MSetsExtra.MSetWithDups]
+A:817 [binder, in MSetsExtra.MSetIntervals]
+A:9 [binder, in MSetsExtra.MSetFoldWithAbort]
+a:9 [binder, in MSetsExtra.MSetWithDups]
+A:91 [binder, in MSetsExtra.MSetFoldWithAbort]
+a:92 [binder, in MSetsExtra.MSetListWithDups]
+a:934 [binder, in MSetsExtra.MSetIntervals]
+a:937 [binder, in MSetsExtra.MSetIntervals]
+a:939 [binder, in MSetsExtra.MSetIntervals]
+a:95 [binder, in MSetsExtra.MSetListWithDups]
+A:97 [binder, in MSetsExtra.MSetFoldWithAbort]
+a:97 [binder, in MSetsExtra.MSetListWithDups]
+A:970 [binder, in MSetsExtra.MSetIntervals]
+a:985 [binder, in MSetsExtra.MSetIntervals]
+a:986 [binder, in MSetsExtra.MSetIntervals]
+a:987 [binder, in MSetsExtra.MSetIntervals]
+a:988 [binder, in MSetsExtra.MSetIntervals]
+A:99 [binder, in MSetsExtra.MSetFoldWithAbort]
+A:994 [binder, in MSetsExtra.MSetIntervals]
+a:997 [binder, in MSetsExtra.MSetIntervals]
+

B

+base:309 [binder, in MSetsExtra.MSetFoldWithAbort]
+base:350 [binder, in MSetsExtra.MSetFoldWithAbort]
+base:358 [binder, in MSetsExtra.MSetFoldWithAbort]
+base:366 [binder, in MSetsExtra.MSetIntervals]
+bs:333 [binder, in MSetsExtra.MSetIntervals]
+bs:337 [binder, in MSetsExtra.MSetIntervals]
+B:100 [binder, in MSetsExtra.MSetFoldWithAbort]
+B:103 [binder, in MSetsExtra.MSetFoldWithAbort]
+B:127 [binder, in MSetsExtra.MSetFoldWithAbort]
+B:13 [binder, in MSetsExtra.MSetIntervals]
+B:159 [binder, in MSetsExtra.MSetFoldWithAbort]
+B:21 [binder, in MSetsExtra.MSetIntervals]
+B:212 [binder, in MSetsExtra.MSetFoldWithAbort]
+B:227 [binder, in MSetsExtra.MSetFoldWithAbort]
+B:228 [binder, in MSetsExtra.MSetIntervals]
+b:232 [binder, in MSetsExtra.MSetIntervals]
+b:236 [binder, in MSetsExtra.MSetIntervals]
+B:237 [binder, in MSetsExtra.MSetFoldWithAbort]
+b:240 [binder, in MSetsExtra.MSetIntervals]
+B:253 [binder, in MSetsExtra.MSetFoldWithAbort]
+B:268 [binder, in MSetsExtra.MSetFoldWithAbort]
+B:28 [binder, in MSetsExtra.MSetIntervals]
+B:287 [binder, in MSetsExtra.MSetFoldWithAbort]
+B:290 [binder, in MSetsExtra.MSetFoldWithAbort]
+B:294 [binder, in MSetsExtra.MSetFoldWithAbort]
+B:297 [binder, in MSetsExtra.MSetFoldWithAbort]
+B:303 [binder, in MSetsExtra.MSetFoldWithAbort]
+B:317 [binder, in MSetsExtra.MSetFoldWithAbort]
+B:32 [binder, in MSetsExtra.MSetIntervals]
+B:330 [binder, in MSetsExtra.MSetIntervals]
+B:342 [binder, in MSetsExtra.MSetIntervals]
+B:344 [binder, in MSetsExtra.MSetFoldWithAbort]
+B:352 [binder, in MSetsExtra.MSetFoldWithAbort]
+B:360 [binder, in MSetsExtra.MSetFoldWithAbort]
+B:37 [binder, in MSetsExtra.MSetIntervals]
+B:372 [binder, in MSetsExtra.MSetFoldWithAbort]
+B:383 [binder, in MSetsExtra.MSetFoldWithAbort]
+B:395 [binder, in MSetsExtra.MSetFoldWithAbort]
+B:60 [binder, in MSetsExtra.MSetListWithDups]
+B:92 [binder, in MSetsExtra.MSetFoldWithAbort]
+

C

+cur:178 [binder, in MSetsExtra.MSetIntervals]
+cur:182 [binder, in MSetsExtra.MSetIntervals]
+cur:858 [binder, in MSetsExtra.MSetIntervals]
+cx:306 [binder, in MSetsExtra.MSetIntervals]
+c_f:900 [binder, in MSetsExtra.MSetIntervals]
+c_t:898 [binder, in MSetsExtra.MSetIntervals]
+c1:298 [binder, in MSetsExtra.MSetIntervals]
+c1:399 [binder, in MSetsExtra.MSetIntervals]
+c1:403 [binder, in MSetsExtra.MSetIntervals]
+c1:485 [binder, in MSetsExtra.MSetIntervals]
+c1:510 [binder, in MSetsExtra.MSetIntervals]
+c1:513 [binder, in MSetsExtra.MSetIntervals]
+c1:517 [binder, in MSetsExtra.MSetIntervals]
+c1:523 [binder, in MSetsExtra.MSetIntervals]
+c1:706 [binder, in MSetsExtra.MSetIntervals]
+c1:714 [binder, in MSetsExtra.MSetIntervals]
+c1:759 [binder, in MSetsExtra.MSetIntervals]
+c1:98 [binder, in MSetsExtra.MSetIntervals]
+c2:100 [binder, in MSetsExtra.MSetIntervals]
+c2:146 [binder, in MSetsExtra.MSetIntervals]
+c2:167 [binder, in MSetsExtra.MSetIntervals]
+c2:297 [binder, in MSetsExtra.MSetIntervals]
+c2:401 [binder, in MSetsExtra.MSetIntervals]
+c2:405 [binder, in MSetsExtra.MSetIntervals]
+c2:410 [binder, in MSetsExtra.MSetIntervals]
+c2:467 [binder, in MSetsExtra.MSetIntervals]
+c2:487 [binder, in MSetsExtra.MSetIntervals]
+c2:511 [binder, in MSetsExtra.MSetIntervals]
+c2:515 [binder, in MSetsExtra.MSetIntervals]
+c2:519 [binder, in MSetsExtra.MSetIntervals]
+c2:525 [binder, in MSetsExtra.MSetIntervals]
+c2:582 [binder, in MSetsExtra.MSetIntervals]
+c2:586 [binder, in MSetsExtra.MSetIntervals]
+c2:631 [binder, in MSetsExtra.MSetIntervals]
+c2:635 [binder, in MSetsExtra.MSetIntervals]
+c2:709 [binder, in MSetsExtra.MSetIntervals]
+c2:717 [binder, in MSetsExtra.MSetIntervals]
+c2:760 [binder, in MSetsExtra.MSetIntervals]
+c:102 [binder, in MSetsExtra.MSetIntervals]
+c:123 [binder, in MSetsExtra.MSetIntervals]
+c:191 [binder, in MSetsExtra.MSetIntervals]
+c:198 [binder, in MSetsExtra.MSetIntervals]
+c:214 [binder, in MSetsExtra.MSetIntervals]
+c:220 [binder, in MSetsExtra.MSetIntervals]
+c:242 [binder, in MSetsExtra.MSetIntervals]
+c:288 [binder, in MSetsExtra.MSetIntervals]
+c:292 [binder, in MSetsExtra.MSetIntervals]
+c:295 [binder, in MSetsExtra.MSetIntervals]
+c:300 [binder, in MSetsExtra.MSetIntervals]
+c:301 [binder, in MSetsExtra.MSetIntervals]
+c:310 [binder, in MSetsExtra.MSetIntervals]
+c:328 [binder, in MSetsExtra.MSetIntervals]
+c:351 [binder, in MSetsExtra.MSetIntervals]
+c:361 [binder, in MSetsExtra.MSetIntervals]
+c:374 [binder, in MSetsExtra.MSetIntervals]
+c:377 [binder, in MSetsExtra.MSetIntervals]
+c:384 [binder, in MSetsExtra.MSetIntervals]
+c:393 [binder, in MSetsExtra.MSetIntervals]
+c:396 [binder, in MSetsExtra.MSetIntervals]
+c:420 [binder, in MSetsExtra.MSetIntervals]
+c:429 [binder, in MSetsExtra.MSetIntervals]
+c:432 [binder, in MSetsExtra.MSetIntervals]
+c:434 [binder, in MSetsExtra.MSetIntervals]
+c:489 [binder, in MSetsExtra.MSetIntervals]
+c:492 [binder, in MSetsExtra.MSetIntervals]
+c:496 [binder, in MSetsExtra.MSetIntervals]
+c:500 [binder, in MSetsExtra.MSetIntervals]
+c:503 [binder, in MSetsExtra.MSetIntervals]
+c:507 [binder, in MSetsExtra.MSetIntervals]
+c:530 [binder, in MSetsExtra.MSetIntervals]
+c:58 [binder, in MSetsExtra.MSetIntervals]
+c:67 [binder, in MSetsExtra.MSetIntervals]
+c:7 [binder, in MSetsExtra.MSetIntervals]
+c:732 [binder, in MSetsExtra.MSetIntervals]
+c:767 [binder, in MSetsExtra.MSetIntervals]
+c:821 [binder, in MSetsExtra.MSetIntervals]
+c:833 [binder, in MSetsExtra.MSetIntervals]
+c:838 [binder, in MSetsExtra.MSetIntervals]
+c:841 [binder, in MSetsExtra.MSetIntervals]
+c:842 [binder, in MSetsExtra.MSetIntervals]
+c:846 [binder, in MSetsExtra.MSetIntervals]
+c:851 [binder, in MSetsExtra.MSetIntervals]
+c:855 [binder, in MSetsExtra.MSetIntervals]
+c:862 [binder, in MSetsExtra.MSetIntervals]
+c:895 [binder, in MSetsExtra.MSetIntervals]
+

E

+ElementEncode [module, in MSetsExtra.MSetIntervals]
+ElementEncodeN [module, in MSetsExtra.MSetIntervals]
+ElementEncodeNat [module, in MSetsExtra.MSetIntervals]
+ElementEncodeNat.decode [definition, in MSetsExtra.MSetIntervals]
+ElementEncodeNat.decode_encode_ok [lemma, in MSetsExtra.MSetIntervals]
+ElementEncodeNat.E [module, in MSetsExtra.MSetIntervals]
+ElementEncodeNat.encode [definition, in MSetsExtra.MSetIntervals]
+ElementEncodeNat.encode_lt [lemma, in MSetsExtra.MSetIntervals]
+ElementEncodeNat.encode_eq [lemma, in MSetsExtra.MSetIntervals]
+ElementEncodeN.decode [definition, in MSetsExtra.MSetIntervals]
+ElementEncodeN.decode_encode_ok [lemma, in MSetsExtra.MSetIntervals]
+ElementEncodeN.E [module, in MSetsExtra.MSetIntervals]
+ElementEncodeN.encode [definition, in MSetsExtra.MSetIntervals]
+ElementEncodeN.encode_lt [lemma, in MSetsExtra.MSetIntervals]
+ElementEncodeN.encode_eq [lemma, in MSetsExtra.MSetIntervals]
+ElementEncodeZ [module, in MSetsExtra.MSetIntervals]
+ElementEncodeZ.decode [definition, in MSetsExtra.MSetIntervals]
+ElementEncodeZ.decode_encode_ok [lemma, in MSetsExtra.MSetIntervals]
+ElementEncodeZ.E [module, in MSetsExtra.MSetIntervals]
+ElementEncodeZ.encode [definition, in MSetsExtra.MSetIntervals]
+ElementEncodeZ.encode_lt [lemma, in MSetsExtra.MSetIntervals]
+ElementEncodeZ.encode_eq [lemma, in MSetsExtra.MSetIntervals]
+ElementEncode.decode [axiom, in MSetsExtra.MSetIntervals]
+ElementEncode.decode_encode_ok [axiom, in MSetsExtra.MSetIntervals]
+ElementEncode.E [module, in MSetsExtra.MSetIntervals]
+ElementEncode.encode [axiom, in MSetsExtra.MSetIntervals]
+ElementEncode.encode_lt [axiom, in MSetsExtra.MSetIntervals]
+ElementEncode.encode_eq [axiom, in MSetsExtra.MSetIntervals]
+elt:1 [binder, in MSetsExtra.MSetFoldWithAbort]
+elt:28 [binder, in MSetsExtra.MSetFoldWithAbort]
+elt:31 [binder, in MSetsExtra.MSetFoldWithAbort]
+elt:4 [binder, in MSetsExtra.MSetFoldWithAbort]
+elt:56 [binder, in MSetsExtra.MSetFoldWithAbort]
+elt:59 [binder, in MSetsExtra.MSetFoldWithAbort]
+elt:89 [binder, in MSetsExtra.MSetFoldWithAbort]
+elt:93 [binder, in MSetsExtra.MSetFoldWithAbort]
+eqA:14 [binder, in MSetsExtra.MSetIntervals]
+eqB:15 [binder, in MSetsExtra.MSetIntervals]
+e_pre:261 [binder, in MSetsExtra.MSetFoldWithAbort]
+e_pre:244 [binder, in MSetsExtra.MSetFoldWithAbort]
+e_pre:233 [binder, in MSetsExtra.MSetFoldWithAbort]
+e0:251 [binder, in MSetsExtra.MSetFoldWithAbort]
+e0:341 [binder, in MSetsExtra.MSetFoldWithAbort]
+e0:342 [binder, in MSetsExtra.MSetFoldWithAbort]
+e1:1007 [binder, in MSetsExtra.MSetIntervals]
+e1:1009 [binder, in MSetsExtra.MSetIntervals]
+e1:1014 [binder, in MSetsExtra.MSetIntervals]
+e1:1016 [binder, in MSetsExtra.MSetIntervals]
+e1:1021 [binder, in MSetsExtra.MSetIntervals]
+e1:1023 [binder, in MSetsExtra.MSetIntervals]
+e1:118 [binder, in MSetsExtra.MSetFoldWithAbort]
+e1:122 [binder, in MSetsExtra.MSetFoldWithAbort]
+e1:156 [binder, in MSetsExtra.MSetFoldWithAbort]
+e1:169 [binder, in MSetsExtra.MSetFoldWithAbort]
+e1:172 [binder, in MSetsExtra.MSetFoldWithAbort]
+e1:184 [binder, in MSetsExtra.MSetFoldWithAbort]
+e1:187 [binder, in MSetsExtra.MSetFoldWithAbort]
+e1:198 [binder, in MSetsExtra.MSetFoldWithAbort]
+e1:209 [binder, in MSetsExtra.MSetFoldWithAbort]
+e1:223 [binder, in MSetsExtra.MSetFoldWithAbort]
+e1:225 [binder, in MSetsExtra.MSetFoldWithAbort]
+e1:24 [binder, in MSetsExtra.MSetFoldWithAbort]
+e1:332 [binder, in MSetsExtra.MSetFoldWithAbort]
+e1:336 [binder, in MSetsExtra.MSetFoldWithAbort]
+e1:44 [binder, in MSetsExtra.MSetIntervals]
+e1:47 [binder, in MSetsExtra.MSetIntervals]
+e1:52 [binder, in MSetsExtra.MSetFoldWithAbort]
+e1:81 [binder, in MSetsExtra.MSetFoldWithAbort]
+e1:85 [binder, in MSetsExtra.MSetFoldWithAbort]
+e2:1008 [binder, in MSetsExtra.MSetIntervals]
+e2:1010 [binder, in MSetsExtra.MSetIntervals]
+e2:1015 [binder, in MSetsExtra.MSetIntervals]
+e2:1017 [binder, in MSetsExtra.MSetIntervals]
+e2:1022 [binder, in MSetsExtra.MSetIntervals]
+e2:1024 [binder, in MSetsExtra.MSetIntervals]
+e2:121 [binder, in MSetsExtra.MSetFoldWithAbort]
+e2:125 [binder, in MSetsExtra.MSetFoldWithAbort]
+e2:157 [binder, in MSetsExtra.MSetFoldWithAbort]
+e2:171 [binder, in MSetsExtra.MSetFoldWithAbort]
+e2:174 [binder, in MSetsExtra.MSetFoldWithAbort]
+e2:186 [binder, in MSetsExtra.MSetFoldWithAbort]
+e2:189 [binder, in MSetsExtra.MSetFoldWithAbort]
+e2:200 [binder, in MSetsExtra.MSetFoldWithAbort]
+e2:211 [binder, in MSetsExtra.MSetFoldWithAbort]
+e2:224 [binder, in MSetsExtra.MSetFoldWithAbort]
+e2:226 [binder, in MSetsExtra.MSetFoldWithAbort]
+e2:27 [binder, in MSetsExtra.MSetFoldWithAbort]
+e2:335 [binder, in MSetsExtra.MSetFoldWithAbort]
+e2:339 [binder, in MSetsExtra.MSetFoldWithAbort]
+e2:45 [binder, in MSetsExtra.MSetIntervals]
+e2:48 [binder, in MSetsExtra.MSetIntervals]
+e2:55 [binder, in MSetsExtra.MSetFoldWithAbort]
+e2:84 [binder, in MSetsExtra.MSetFoldWithAbort]
+e2:88 [binder, in MSetsExtra.MSetFoldWithAbort]
+e:1006 [binder, in MSetsExtra.MSetIntervals]
+e:1013 [binder, in MSetsExtra.MSetIntervals]
+e:1020 [binder, in MSetsExtra.MSetIntervals]
+e:115 [binder, in MSetsExtra.MSetFoldWithAbort]
+e:116 [binder, in MSetsExtra.MSetFoldWithAbort]
+e:134 [binder, in MSetsExtra.MSetFoldWithAbort]
+e:136 [binder, in MSetsExtra.MSetFoldWithAbort]
+e:138 [binder, in MSetsExtra.MSetFoldWithAbort]
+e:143 [binder, in MSetsExtra.MSetFoldWithAbort]
+e:145 [binder, in MSetsExtra.MSetFoldWithAbort]
+e:150 [binder, in MSetsExtra.MSetFoldWithAbort]
+e:152 [binder, in MSetsExtra.MSetFoldWithAbort]
+e:154 [binder, in MSetsExtra.MSetFoldWithAbort]
+e:167 [binder, in MSetsExtra.MSetFoldWithAbort]
+e:182 [binder, in MSetsExtra.MSetFoldWithAbort]
+e:196 [binder, in MSetsExtra.MSetFoldWithAbort]
+e:207 [binder, in MSetsExtra.MSetFoldWithAbort]
+e:21 [binder, in MSetsExtra.MSetFoldWithAbort]
+e:22 [binder, in MSetsExtra.MSetFoldWithAbort]
+e:222 [binder, in MSetsExtra.MSetFoldWithAbort]
+e:230 [binder, in MSetsExtra.MSetFoldWithAbort]
+e:232 [binder, in MSetsExtra.MSetFoldWithAbort]
+e:235 [binder, in MSetsExtra.MSetFoldWithAbort]
+e:241 [binder, in MSetsExtra.MSetFoldWithAbort]
+e:243 [binder, in MSetsExtra.MSetFoldWithAbort]
+e:246 [binder, in MSetsExtra.MSetFoldWithAbort]
+e:248 [binder, in MSetsExtra.MSetFoldWithAbort]
+e:256 [binder, in MSetsExtra.MSetFoldWithAbort]
+e:256 [binder, in MSetsExtra.MSetIntervals]
+e:260 [binder, in MSetsExtra.MSetFoldWithAbort]
+e:264 [binder, in MSetsExtra.MSetFoldWithAbort]
+e:272 [binder, in MSetsExtra.MSetFoldWithAbort]
+e:273 [binder, in MSetsExtra.MSetFoldWithAbort]
+e:274 [binder, in MSetsExtra.MSetFoldWithAbort]
+e:301 [binder, in MSetsExtra.MSetFoldWithAbort]
+e:329 [binder, in MSetsExtra.MSetFoldWithAbort]
+e:330 [binder, in MSetsExtra.MSetFoldWithAbort]
+e:340 [binder, in MSetsExtra.MSetFoldWithAbort]
+e:379 [binder, in MSetsExtra.MSetFoldWithAbort]
+e:380 [binder, in MSetsExtra.MSetFoldWithAbort]
+e:402 [binder, in MSetsExtra.MSetFoldWithAbort]
+e:403 [binder, in MSetsExtra.MSetFoldWithAbort]
+e:405 [binder, in MSetsExtra.MSetFoldWithAbort]
+e:42 [binder, in MSetsExtra.MSetIntervals]
+e:49 [binder, in MSetsExtra.MSetFoldWithAbort]
+e:50 [binder, in MSetsExtra.MSetFoldWithAbort]
+e:772 [binder, in MSetsExtra.MSetIntervals]
+e:78 [binder, in MSetsExtra.MSetFoldWithAbort]
+e:79 [binder, in MSetsExtra.MSetFoldWithAbort]
+e:998 [binder, in MSetsExtra.MSetIntervals]
+

F

+foldWithAbortGtLtSpecPred [definition, in MSetsExtra.MSetFoldWithAbort]
+foldWithAbortGtLtType [definition, in MSetsExtra.MSetFoldWithAbort]
+foldWithAbortGtLt:66 [binder, in MSetsExtra.MSetFoldWithAbort]
+foldWithAbortGtSpecPred [definition, in MSetsExtra.MSetFoldWithAbort]
+foldWithAbortGtType [definition, in MSetsExtra.MSetFoldWithAbort]
+foldWithAbortGt:38 [binder, in MSetsExtra.MSetFoldWithAbort]
+foldWithAbortPrecomputeSpecPred [definition, in MSetsExtra.MSetFoldWithAbort]
+foldWithAbortPrecomputeType [definition, in MSetsExtra.MSetFoldWithAbort]
+foldWithAbortPrecompute:101 [binder, in MSetsExtra.MSetFoldWithAbort]
+foldWithAbortSpecPred [definition, in MSetsExtra.MSetFoldWithAbort]
+foldWithAbortType [definition, in MSetsExtra.MSetFoldWithAbort]
+foldWithAbort:10 [binder, in MSetsExtra.MSetFoldWithAbort]
+fold:36 [binder, in MSetsExtra.MSetFoldWithAbort]
+fold:64 [binder, in MSetsExtra.MSetFoldWithAbort]
+fold:8 [binder, in MSetsExtra.MSetFoldWithAbort]
+fold:98 [binder, in MSetsExtra.MSetFoldWithAbort]
+fwasa:221 [binder, in MSetsExtra.MSetFoldWithAbort]
+fwasa:228 [binder, in MSetsExtra.MSetFoldWithAbort]
+fwasa:238 [binder, in MSetsExtra.MSetFoldWithAbort]
+fwasa:254 [binder, in MSetsExtra.MSetFoldWithAbort]
+fwasa:269 [binder, in MSetsExtra.MSetFoldWithAbort]
+fwasa:288 [binder, in MSetsExtra.MSetFoldWithAbort]
+fwasa:291 [binder, in MSetsExtra.MSetFoldWithAbort]
+fwasa:295 [binder, in MSetsExtra.MSetFoldWithAbort]
+fwasa:298 [binder, in MSetsExtra.MSetFoldWithAbort]
+f_gt:399 [binder, in MSetsExtra.MSetFoldWithAbort]
+f_lt:397 [binder, in MSetsExtra.MSetFoldWithAbort]
+f_pre:396 [binder, in MSetsExtra.MSetFoldWithAbort]
+f_gt:387 [binder, in MSetsExtra.MSetFoldWithAbort]
+f_lt:385 [binder, in MSetsExtra.MSetFoldWithAbort]
+f_pre:384 [binder, in MSetsExtra.MSetFoldWithAbort]
+f_gt:376 [binder, in MSetsExtra.MSetFoldWithAbort]
+f_lt:374 [binder, in MSetsExtra.MSetFoldWithAbort]
+f_pre:373 [binder, in MSetsExtra.MSetFoldWithAbort]
+f_gt:364 [binder, in MSetsExtra.MSetFoldWithAbort]
+f_lt:362 [binder, in MSetsExtra.MSetFoldWithAbort]
+f_pre:361 [binder, in MSetsExtra.MSetFoldWithAbort]
+f_gt:356 [binder, in MSetsExtra.MSetFoldWithAbort]
+f_lt:354 [binder, in MSetsExtra.MSetFoldWithAbort]
+f_pre:353 [binder, in MSetsExtra.MSetFoldWithAbort]
+f_gt:348 [binder, in MSetsExtra.MSetFoldWithAbort]
+f_lt:346 [binder, in MSetsExtra.MSetFoldWithAbort]
+f_pre:345 [binder, in MSetsExtra.MSetFoldWithAbort]
+f_gt:324 [binder, in MSetsExtra.MSetFoldWithAbort]
+f_lt:323 [binder, in MSetsExtra.MSetFoldWithAbort]
+f_pre:320 [binder, in MSetsExtra.MSetFoldWithAbort]
+f_gt:307 [binder, in MSetsExtra.MSetFoldWithAbort]
+f_lt:305 [binder, in MSetsExtra.MSetFoldWithAbort]
+f_pre:304 [binder, in MSetsExtra.MSetFoldWithAbort]
+f_abort:205 [binder, in MSetsExtra.MSetFoldWithAbort]
+f_gt:194 [binder, in MSetsExtra.MSetFoldWithAbort]
+f_gt:180 [binder, in MSetsExtra.MSetFoldWithAbort]
+f_lt:179 [binder, in MSetsExtra.MSetFoldWithAbort]
+f_gt:165 [binder, in MSetsExtra.MSetFoldWithAbort]
+f_lt:164 [binder, in MSetsExtra.MSetFoldWithAbort]
+f_pre:161 [binder, in MSetsExtra.MSetFoldWithAbort]
+f_abort:149 [binder, in MSetsExtra.MSetFoldWithAbort]
+f_gt:142 [binder, in MSetsExtra.MSetFoldWithAbort]
+f_gt:133 [binder, in MSetsExtra.MSetFoldWithAbort]
+f_lt:131 [binder, in MSetsExtra.MSetFoldWithAbort]
+f_gt:110 [binder, in MSetsExtra.MSetFoldWithAbort]
+f_lt:109 [binder, in MSetsExtra.MSetFoldWithAbort]
+f_precompute:106 [binder, in MSetsExtra.MSetFoldWithAbort]
+f_gt:73 [binder, in MSetsExtra.MSetFoldWithAbort]
+f_lt:72 [binder, in MSetsExtra.MSetFoldWithAbort]
+f_gt:44 [binder, in MSetsExtra.MSetFoldWithAbort]
+f_abort:16 [binder, in MSetsExtra.MSetFoldWithAbort]
+f':108 [binder, in MSetsExtra.MSetFoldWithAbort]
+f':15 [binder, in MSetsExtra.MSetFoldWithAbort]
+f':163 [binder, in MSetsExtra.MSetFoldWithAbort]
+f':178 [binder, in MSetsExtra.MSetFoldWithAbort]
+f':193 [binder, in MSetsExtra.MSetFoldWithAbort]
+f':204 [binder, in MSetsExtra.MSetFoldWithAbort]
+f':322 [binder, in MSetsExtra.MSetFoldWithAbort]
+f':43 [binder, in MSetsExtra.MSetFoldWithAbort]
+f':71 [binder, in MSetsExtra.MSetFoldWithAbort]
+f:107 [binder, in MSetsExtra.MSetFoldWithAbort]
+f:121 [binder, in MSetsExtra.MSetListWithDups]
+f:124 [binder, in MSetsExtra.MSetListWithDups]
+f:132 [binder, in MSetsExtra.MSetFoldWithAbort]
+f:139 [binder, in MSetsExtra.MSetListWithDups]
+f:14 [binder, in MSetsExtra.MSetFoldWithAbort]
+f:141 [binder, in MSetsExtra.MSetFoldWithAbort]
+f:147 [binder, in MSetsExtra.MSetListWithDups]
+f:148 [binder, in MSetsExtra.MSetFoldWithAbort]
+f:150 [binder, in MSetsExtra.MSetListWithDups]
+f:155 [binder, in MSetsExtra.MSetListWithDups]
+f:158 [binder, in MSetsExtra.MSetListWithDups]
+f:16 [binder, in MSetsExtra.MSetIntervals]
+f:160 [binder, in MSetsExtra.MSetListWithDups]
+f:162 [binder, in MSetsExtra.MSetFoldWithAbort]
+f:177 [binder, in MSetsExtra.MSetFoldWithAbort]
+f:184 [binder, in MSetsExtra.MSetIntervals]
+f:188 [binder, in MSetsExtra.MSetIntervals]
+f:192 [binder, in MSetsExtra.MSetFoldWithAbort]
+f:194 [binder, in MSetsExtra.MSetIntervals]
+f:201 [binder, in MSetsExtra.MSetIntervals]
+f:203 [binder, in MSetsExtra.MSetFoldWithAbort]
+f:205 [binder, in MSetsExtra.MSetIntervals]
+f:207 [binder, in MSetsExtra.MSetIntervals]
+f:211 [binder, in MSetsExtra.MSetIntervals]
+f:217 [binder, in MSetsExtra.MSetIntervals]
+f:22 [binder, in MSetsExtra.MSetIntervals]
+f:222 [binder, in MSetsExtra.MSetIntervals]
+f:226 [binder, in MSetsExtra.MSetIntervals]
+f:229 [binder, in MSetsExtra.MSetIntervals]
+f:234 [binder, in MSetsExtra.MSetIntervals]
+f:238 [binder, in MSetsExtra.MSetIntervals]
+f:29 [binder, in MSetsExtra.MSetIntervals]
+f:306 [binder, in MSetsExtra.MSetFoldWithAbort]
+f:309 [binder, in MSetsExtra.MSetIntervals]
+f:316 [binder, in MSetsExtra.MSetIntervals]
+f:321 [binder, in MSetsExtra.MSetFoldWithAbort]
+f:321 [binder, in MSetsExtra.MSetIntervals]
+f:325 [binder, in MSetsExtra.MSetIntervals]
+f:33 [binder, in MSetsExtra.MSetIntervals]
+f:331 [binder, in MSetsExtra.MSetIntervals]
+f:34 [binder, in MSetsExtra.MSetWithDups]
+f:343 [binder, in MSetsExtra.MSetIntervals]
+f:347 [binder, in MSetsExtra.MSetFoldWithAbort]
+f:350 [binder, in MSetsExtra.MSetIntervals]
+f:355 [binder, in MSetsExtra.MSetFoldWithAbort]
+f:355 [binder, in MSetsExtra.MSetIntervals]
+f:358 [binder, in MSetsExtra.MSetIntervals]
+f:363 [binder, in MSetsExtra.MSetFoldWithAbort]
+f:370 [binder, in MSetsExtra.MSetIntervals]
+f:375 [binder, in MSetsExtra.MSetFoldWithAbort]
+f:38 [binder, in MSetsExtra.MSetIntervals]
+f:386 [binder, in MSetsExtra.MSetFoldWithAbort]
+f:398 [binder, in MSetsExtra.MSetFoldWithAbort]
+f:42 [binder, in MSetsExtra.MSetFoldWithAbort]
+f:44 [binder, in MSetsExtra.MSetListWithDups]
+f:48 [binder, in MSetsExtra.MSetListWithDups]
+f:55 [binder, in MSetsExtra.MSetIntervals]
+f:61 [binder, in MSetsExtra.MSetListWithDups]
+f:64 [binder, in MSetsExtra.MSetIntervals]
+f:69 [binder, in MSetsExtra.MSetIntervals]
+f:70 [binder, in MSetsExtra.MSetFoldWithAbort]
+f:71 [binder, in MSetsExtra.MSetListWithDups]
+f:75 [binder, in MSetsExtra.MSetListWithDups]
+f:81 [binder, in MSetsExtra.MSetListWithDups]
+f:819 [binder, in MSetsExtra.MSetIntervals]
+f:824 [binder, in MSetsExtra.MSetIntervals]
+f:828 [binder, in MSetsExtra.MSetIntervals]
+f:854 [binder, in MSetsExtra.MSetIntervals]
+f:861 [binder, in MSetsExtra.MSetIntervals]
+f:867 [binder, in MSetsExtra.MSetIntervals]
+f:876 [binder, in MSetsExtra.MSetIntervals]
+f:882 [binder, in MSetsExtra.MSetIntervals]
+f:889 [binder, in MSetsExtra.MSetIntervals]
+f:894 [binder, in MSetsExtra.MSetIntervals]
+f:903 [binder, in MSetsExtra.MSetIntervals]
+f:910 [binder, in MSetsExtra.MSetIntervals]
+f:913 [binder, in MSetsExtra.MSetIntervals]
+f:917 [binder, in MSetsExtra.MSetIntervals]
+f:920 [binder, in MSetsExtra.MSetIntervals]
+f:923 [binder, in MSetsExtra.MSetIntervals]
+f:925 [binder, in MSetsExtra.MSetIntervals]
+f:971 [binder, in MSetsExtra.MSetIntervals]
+f:974 [binder, in MSetsExtra.MSetIntervals]
+f:976 [binder, in MSetsExtra.MSetIntervals]
+f:978 [binder, in MSetsExtra.MSetIntervals]
+f:980 [binder, in MSetsExtra.MSetIntervals]
+f:996 [binder, in MSetsExtra.MSetIntervals]
+

H

+HasFoldWithAbort [module, in MSetsExtra.MSetFoldWithAbort]
+HasFoldWithAbortOps [module, in MSetsExtra.MSetFoldWithAbort]
+HasFoldWithAbortOps.choose_with_abort_spec [lemma, in MSetsExtra.MSetFoldWithAbort]
+HasFoldWithAbortOps.choose_with_abort [definition, in MSetsExtra.MSetFoldWithAbort]
+HasFoldWithAbortOps.exists_with_abort_spec [lemma, in MSetsExtra.MSetFoldWithAbort]
+HasFoldWithAbortOps.exists_with_abort [definition, in MSetsExtra.MSetFoldWithAbort]
+HasFoldWithAbortOps.filter_with_abort_spec [lemma, in MSetsExtra.MSetFoldWithAbort]
+HasFoldWithAbortOps.filter_with_abort [definition, in MSetsExtra.MSetFoldWithAbort]
+HasFoldWithAbortOps.foldWithAbort [definition, in MSetsExtra.MSetFoldWithAbort]
+HasFoldWithAbortOps.foldWithAbortGt [definition, in MSetsExtra.MSetFoldWithAbort]
+HasFoldWithAbortOps.foldWithAbortGtLt [definition, in MSetsExtra.MSetFoldWithAbort]
+HasFoldWithAbortOps.foldWithAbortGtLtSpec [lemma, in MSetsExtra.MSetFoldWithAbort]
+HasFoldWithAbortOps.foldWithAbortGtLtSpec_Equal [lemma, in MSetsExtra.MSetFoldWithAbort]
+HasFoldWithAbortOps.foldWithAbortGtSpec [lemma, in MSetsExtra.MSetFoldWithAbort]
+HasFoldWithAbortOps.foldWithAbortGtSpec_Equal [lemma, in MSetsExtra.MSetFoldWithAbort]
+HasFoldWithAbortOps.foldWithAbortPrecomputeSpec_Equal [lemma, in MSetsExtra.MSetFoldWithAbort]
+HasFoldWithAbortOps.foldWithAbortSpec [lemma, in MSetsExtra.MSetFoldWithAbort]
+HasFoldWithAbortOps.FoldWithAbortSpecArg [record, in MSetsExtra.MSetFoldWithAbort]
+HasFoldWithAbortOps.foldWithAbortSpecArgsForPred [definition, in MSetsExtra.MSetFoldWithAbort]
+HasFoldWithAbortOps.foldWithAbortSpec_Equal [lemma, in MSetsExtra.MSetFoldWithAbort]
+HasFoldWithAbortOps.forall_with_abort_spec [lemma, in MSetsExtra.MSetFoldWithAbort]
+HasFoldWithAbortOps.forall_with_abort [definition, in MSetsExtra.MSetFoldWithAbort]
+HasFoldWithAbortOps.fwasa_P' [projection, in MSetsExtra.MSetFoldWithAbort]
+HasFoldWithAbortOps.fwasa_f_gt [projection, in MSetsExtra.MSetFoldWithAbort]
+HasFoldWithAbortOps.fwasa_f_lt [projection, in MSetsExtra.MSetFoldWithAbort]
+HasFoldWithAbortOps.fwasa_f_pre [projection, in MSetsExtra.MSetFoldWithAbort]
+HasFoldWithAbort.foldWithAbortPrecompute [axiom, in MSetsExtra.MSetFoldWithAbort]
+HasFoldWithAbort.foldWithAbortPrecomputeSpec [axiom, in MSetsExtra.MSetFoldWithAbort]
+Heq:62 [binder, in MSetsExtra.MSetIntervals]
+Hs':580 [binder, in MSetsExtra.MSetIntervals]
+Hs':629 [binder, in MSetsExtra.MSetIntervals]
+Hs':681 [binder, in MSetsExtra.MSetIntervals]
+Hs':728 [binder, in MSetsExtra.MSetIntervals]
+Hs':743 [binder, in MSetsExtra.MSetIntervals]
+Hs':748 [binder, in MSetsExtra.MSetIntervals]
+Hs:268 [binder, in MSetsExtra.MSetIntervals]
+Hs:480 [binder, in MSetsExtra.MSetIntervals]
+Hs:483 [binder, in MSetsExtra.MSetIntervals]
+Hs:544 [binder, in MSetsExtra.MSetIntervals]
+Hs:547 [binder, in MSetsExtra.MSetIntervals]
+Hs:579 [binder, in MSetsExtra.MSetIntervals]
+Hs:628 [binder, in MSetsExtra.MSetIntervals]
+Hs:680 [binder, in MSetsExtra.MSetIntervals]
+Hs:690 [binder, in MSetsExtra.MSetIntervals]
+Hs:697 [binder, in MSetsExtra.MSetIntervals]
+Hs:727 [binder, in MSetsExtra.MSetIntervals]
+Hs:731 [binder, in MSetsExtra.MSetIntervals]
+Hs:735 [binder, in MSetsExtra.MSetIntervals]
+Hs:737 [binder, in MSetsExtra.MSetIntervals]
+Hs:742 [binder, in MSetsExtra.MSetIntervals]
+Hs:747 [binder, in MSetsExtra.MSetIntervals]
+Hs:780 [binder, in MSetsExtra.MSetIntervals]
+Hs:785 [binder, in MSetsExtra.MSetIntervals]
+Hs:789 [binder, in MSetsExtra.MSetIntervals]
+Hs:793 [binder, in MSetsExtra.MSetIntervals]
+Hs:810 [binder, in MSetsExtra.MSetIntervals]
+Hs:814 [binder, in MSetsExtra.MSetIntervals]
+Hs:825 [binder, in MSetsExtra.MSetIntervals]
+Hs:829 [binder, in MSetsExtra.MSetIntervals]
+H0:575 [binder, in MSetsExtra.MSetIntervals]
+H0:624 [binder, in MSetsExtra.MSetIntervals]
+H0:676 [binder, in MSetsExtra.MSetIntervals]
+H1:313 [binder, in MSetsExtra.MSetIntervals]
+H2:314 [binder, in MSetsExtra.MSetIntervals]
+H:540 [binder, in MSetsExtra.MSetIntervals]
+H:574 [binder, in MSetsExtra.MSetIntervals]
+H:59 [binder, in MSetsExtra.MSetIntervals]
+H:623 [binder, in MSetsExtra.MSetIntervals]
+H:675 [binder, in MSetsExtra.MSetIntervals]
+H:693 [binder, in MSetsExtra.MSetIntervals]
+H:883 [binder, in MSetsExtra.MSetIntervals]
+H:918 [binder, in MSetsExtra.MSetIntervals]
+H:921 [binder, in MSetsExtra.MSetIntervals]
+

I

+In:34 [binder, in MSetsExtra.MSetFoldWithAbort]
+In:6 [binder, in MSetsExtra.MSetFoldWithAbort]
+In:62 [binder, in MSetsExtra.MSetFoldWithAbort]
+In:96 [binder, in MSetsExtra.MSetFoldWithAbort]
+i':105 [binder, in MSetsExtra.MSetFoldWithAbort]
+i':13 [binder, in MSetsExtra.MSetFoldWithAbort]
+i':319 [binder, in MSetsExtra.MSetFoldWithAbort]
+i':41 [binder, in MSetsExtra.MSetFoldWithAbort]
+i':69 [binder, in MSetsExtra.MSetFoldWithAbort]
+i1:86 [binder, in MSetsExtra.MSetIntervals]
+i2:87 [binder, in MSetsExtra.MSetIntervals]
+i:104 [binder, in MSetsExtra.MSetFoldWithAbort]
+i:12 [binder, in MSetsExtra.MSetFoldWithAbort]
+i:138 [binder, in MSetsExtra.MSetListWithDups]
+i:160 [binder, in MSetsExtra.MSetFoldWithAbort]
+i:176 [binder, in MSetsExtra.MSetFoldWithAbort]
+i:191 [binder, in MSetsExtra.MSetFoldWithAbort]
+i:202 [binder, in MSetsExtra.MSetFoldWithAbort]
+i:231 [binder, in MSetsExtra.MSetIntervals]
+i:318 [binder, in MSetsExtra.MSetFoldWithAbort]
+i:33 [binder, in MSetsExtra.MSetWithDups]
+i:40 [binder, in MSetsExtra.MSetFoldWithAbort]
+i:407 [binder, in MSetsExtra.MSetIntervals]
+i:63 [binder, in MSetsExtra.MSetListWithDups]
+i:68 [binder, in MSetsExtra.MSetFoldWithAbort]
+i:818 [binder, in MSetsExtra.MSetIntervals]
+i:91 [binder, in MSetsExtra.MSetIntervals]
+i:995 [binder, in MSetsExtra.MSetIntervals]
+

L

+ls:290 [binder, in MSetsExtra.MSetIntervals]
+lt:33 [binder, in MSetsExtra.MSetFoldWithAbort]
+lt:61 [binder, in MSetsExtra.MSetFoldWithAbort]
+lt:95 [binder, in MSetsExtra.MSetFoldWithAbort]
+l':24 [binder, in MSetsExtra.MSetListWithDups]
+l':30 [binder, in MSetsExtra.MSetListWithDups]
+l1:345 [binder, in MSetsExtra.MSetIntervals]
+l1:425 [binder, in MSetsExtra.MSetIntervals]
+l1:707 [binder, in MSetsExtra.MSetIntervals]
+l1:715 [binder, in MSetsExtra.MSetIntervals]
+l2:346 [binder, in MSetsExtra.MSetIntervals]
+l2:426 [binder, in MSetsExtra.MSetIntervals]
+l2:710 [binder, in MSetsExtra.MSetIntervals]
+l2:718 [binder, in MSetsExtra.MSetIntervals]
+l:10 [binder, in MSetsExtra.MSetListWithDups]
+l:103 [binder, in MSetsExtra.MSetIntervals]
+l:115 [binder, in MSetsExtra.MSetIntervals]
+l:119 [binder, in MSetsExtra.MSetIntervals]
+l:134 [binder, in MSetsExtra.MSetIntervals]
+l:14 [binder, in MSetsExtra.MSetListWithDups]
+l:16 [binder, in MSetsExtra.MSetListWithDups]
+l:17 [binder, in MSetsExtra.MSetIntervals]
+l:23 [binder, in MSetsExtra.MSetListWithDups]
+l:24 [binder, in MSetsExtra.MSetIntervals]
+l:254 [binder, in MSetsExtra.MSetIntervals]
+l:258 [binder, in MSetsExtra.MSetIntervals]
+l:260 [binder, in MSetsExtra.MSetIntervals]
+l:28 [binder, in MSetsExtra.MSetListWithDups]
+l:29 [binder, in MSetsExtra.MSetListWithDups]
+l:30 [binder, in MSetsExtra.MSetIntervals]
+l:339 [binder, in MSetsExtra.MSetIntervals]
+l:34 [binder, in MSetsExtra.MSetListWithDups]
+l:34 [binder, in MSetsExtra.MSetIntervals]
+l:367 [binder, in MSetsExtra.MSetIntervals]
+l:39 [binder, in MSetsExtra.MSetIntervals]
+l:427 [binder, in MSetsExtra.MSetIntervals]
+l:50 [binder, in MSetsExtra.MSetIntervals]
+l:551 [binder, in MSetsExtra.MSetIntervals]
+l:554 [binder, in MSetsExtra.MSetIntervals]
+l:698 [binder, in MSetsExtra.MSetIntervals]
+l:701 [binder, in MSetsExtra.MSetIntervals]
+l:75 [binder, in MSetsExtra.MSetIntervals]
+l:849 [binder, in MSetsExtra.MSetIntervals]
+

M

+Make [module, in MSetsExtra.MSetListWithDups]
+MakeAVLSetsWithFoldA [module, in MSetsExtra.MSetFoldWithAbort]
+MakeAVLSetsWithFoldA.foldWithAbortPrecompute [definition, in MSetsExtra.MSetFoldWithAbort]
+MakeAVLSetsWithFoldA.foldWithAbortPrecomputeSpec [lemma, in MSetsExtra.MSetFoldWithAbort]
+MakeGenTreeFoldA [module, in MSetsExtra.MSetFoldWithAbort]
+MakeGenTreeFoldA.foldWithAbort_RawSpec [lemma, in MSetsExtra.MSetFoldWithAbort]
+MakeGenTreeFoldA.foldWithAbort_Raw [definition, in MSetsExtra.MSetFoldWithAbort]
+MakeListSetsWithFoldA [module, in MSetsExtra.MSetFoldWithAbort]
+MakeListSetsWithFoldA.foldWithAbortPrecompute [definition, in MSetsExtra.MSetFoldWithAbort]
+MakeListSetsWithFoldA.foldWithAbortPrecomputeSpec [lemma, in MSetsExtra.MSetFoldWithAbort]
+MakeListSetsWithFoldA.foldWithAbortRaw [definition, in MSetsExtra.MSetFoldWithAbort]
+MakeRBTSetsWithFoldA [module, in MSetsExtra.MSetFoldWithAbort]
+MakeRBTSetsWithFoldA.foldWithAbortPrecompute [definition, in MSetsExtra.MSetFoldWithAbort]
+MakeRBTSetsWithFoldA.foldWithAbortPrecomputeSpec [lemma, in MSetsExtra.MSetFoldWithAbort]
+MakeWeakListSetsWithFoldA [module, in MSetsExtra.MSetFoldWithAbort]
+MakeWeakListSetsWithFoldA.E [module, in MSetsExtra.MSetFoldWithAbort]
+MakeWeakListSetsWithFoldA.foldWithAbortPrecompute [definition, in MSetsExtra.MSetFoldWithAbort]
+MakeWeakListSetsWithFoldA.foldWithAbortPrecomputeSpec [lemma, in MSetsExtra.MSetFoldWithAbort]
+MakeWeakListSetsWithFoldA.foldWithAbortRaw [definition, in MSetsExtra.MSetFoldWithAbort]
+MakeWeakListSetsWithFoldA.Raw [module, in MSetsExtra.MSetFoldWithAbort]
+Make.add_spec [lemma, in MSetsExtra.MSetListWithDups]
+Make.cardinal_spec [lemma, in MSetsExtra.MSetListWithDups]
+Make.choose_spec2 [lemma, in MSetsExtra.MSetListWithDups]
+Make.choose_spec1 [lemma, in MSetsExtra.MSetListWithDups]
+Make.compatb [abbreviation, in MSetsExtra.MSetListWithDups]
+Make.diff_spec [lemma, in MSetsExtra.MSetListWithDups]
+Make.elements_dist_spec2w [lemma, in MSetsExtra.MSetListWithDups]
+Make.elements_dist_spec1 [lemma, in MSetsExtra.MSetListWithDups]
+Make.elements_dist_spec_full [lemma, in MSetsExtra.MSetListWithDups]
+Make.elements_spec1 [lemma, in MSetsExtra.MSetListWithDups]
+Make.Empty [definition, in MSetsExtra.MSetListWithDups]
+Make.empty_spec [lemma, in MSetsExtra.MSetListWithDups]
+Make.eq [definition, in MSetsExtra.MSetListWithDups]
+Make.Equal [definition, in MSetsExtra.MSetListWithDups]
+Make.equal_spec [lemma, in MSetsExtra.MSetListWithDups]
+Make.eq_dec [lemma, in MSetsExtra.MSetListWithDups]
+Make.eq_equiv [lemma, in MSetsExtra.MSetListWithDups]
+Make.Exists [definition, in MSetsExtra.MSetListWithDups]
+Make.exists_spec [lemma, in MSetsExtra.MSetListWithDups]
+Make.filter_spec [lemma, in MSetsExtra.MSetListWithDups]
+Make.fold_spec [lemma, in MSetsExtra.MSetListWithDups]
+Make.for_all_spec [lemma, in MSetsExtra.MSetListWithDups]
+Make.For_all [definition, in MSetsExtra.MSetListWithDups]
+Make.In [definition, in MSetsExtra.MSetListWithDups]
+Make.inter_spec [lemma, in MSetsExtra.MSetListWithDups]
+Make.In_compat [instance, in MSetsExtra.MSetListWithDups]
+Make.is_empty_spec [lemma, in MSetsExtra.MSetListWithDups]
+Make.mem_spec [lemma, in MSetsExtra.MSetListWithDups]
+Make.partition_spec2 [lemma, in MSetsExtra.MSetListWithDups]
+Make.partition_spec1 [lemma, in MSetsExtra.MSetListWithDups]
+Make.partition_aux_spec [lemma, in MSetsExtra.MSetListWithDups]
+Make.remove_spec [lemma, in MSetsExtra.MSetListWithDups]
+Make.rev_filter_aux_spec [lemma, in MSetsExtra.MSetListWithDups]
+Make.singleton_spec [lemma, in MSetsExtra.MSetListWithDups]
+Make.Subset [definition, in MSetsExtra.MSetListWithDups]
+Make.subset_spec [lemma, in MSetsExtra.MSetListWithDups]
+Make.union_spec [lemma, in MSetsExtra.MSetListWithDups]
+_ [<=] _ [notation, in MSetsExtra.MSetListWithDups]
+_ [=] _ [notation, in MSetsExtra.MSetListWithDups]
+MSetFoldWithAbort [library]
+MSetIntervals [module, in MSetsExtra.MSetIntervals]
+MSetIntervals [library]
+MSetIntervalsN [module, in MSetsExtra.MSetIntervals]
+MSetIntervalsNat [module, in MSetsExtra.MSetIntervals]
+MSetIntervalsZ [module, in MSetsExtra.MSetIntervals]
+MSetIntervals.add [definition, in MSetsExtra.MSetIntervals]
+MSetIntervals.add_spec [lemma, in MSetsExtra.MSetIntervals]
+MSetIntervals.cardinal [definition, in MSetsExtra.MSetIntervals]
+MSetIntervals.cardinal_spec [lemma, in MSetsExtra.MSetIntervals]
+MSetIntervals.choose [definition, in MSetsExtra.MSetIntervals]
+MSetIntervals.choose_spec3 [lemma, in MSetsExtra.MSetIntervals]
+MSetIntervals.choose_spec2 [lemma, in MSetsExtra.MSetIntervals]
+MSetIntervals.choose_spec1 [lemma, in MSetsExtra.MSetIntervals]
+MSetIntervals.compare [definition, in MSetsExtra.MSetIntervals]
+MSetIntervals.compare_spec [lemma, in MSetsExtra.MSetIntervals]
+MSetIntervals.compatb [abbreviation, in MSetsExtra.MSetIntervals]
+MSetIntervals.diff [definition, in MSetsExtra.MSetIntervals]
+MSetIntervals.diff_spec [lemma, in MSetsExtra.MSetIntervals]
+MSetIntervals.E [module, in MSetsExtra.MSetIntervals]
+MSetIntervals.elements [definition, in MSetsExtra.MSetIntervals]
+MSetIntervals.elements_spec2 [lemma, in MSetsExtra.MSetIntervals]
+MSetIntervals.elements_spec2w [lemma, in MSetsExtra.MSetIntervals]
+MSetIntervals.elements_spec1 [lemma, in MSetsExtra.MSetIntervals]
+MSetIntervals.elt [definition, in MSetsExtra.MSetIntervals]
+MSetIntervals.empty [definition, in MSetsExtra.MSetIntervals]
+MSetIntervals.Empty [definition, in MSetsExtra.MSetIntervals]
+MSetIntervals.empty_spec [lemma, in MSetsExtra.MSetIntervals]
+MSetIntervals.eq [definition, in MSetsExtra.MSetIntervals]
+MSetIntervals.equal [definition, in MSetsExtra.MSetIntervals]
+MSetIntervals.Equal [definition, in MSetsExtra.MSetIntervals]
+MSetIntervals.equal_spec [lemma, in MSetsExtra.MSetIntervals]
+MSetIntervals.eq_dec [definition, in MSetsExtra.MSetIntervals]
+MSetIntervals.eq_equiv [instance, in MSetsExtra.MSetIntervals]
+MSetIntervals.Exists [definition, in MSetsExtra.MSetIntervals]
+MSetIntervals.exists_spec [lemma, in MSetsExtra.MSetIntervals]
+MSetIntervals.exists_ [definition, in MSetsExtra.MSetIntervals]
+MSetIntervals.filter [definition, in MSetsExtra.MSetIntervals]
+MSetIntervals.filter_spec [lemma, in MSetsExtra.MSetIntervals]
+MSetIntervals.fold [definition, in MSetsExtra.MSetIntervals]
+MSetIntervals.fold_spec [lemma, in MSetsExtra.MSetIntervals]
+MSetIntervals.for_all_spec [lemma, in MSetsExtra.MSetIntervals]
+MSetIntervals.for_all [definition, in MSetsExtra.MSetIntervals]
+MSetIntervals.For_all [definition, in MSetsExtra.MSetIntervals]
+MSetIntervals.In [definition, in MSetsExtra.MSetIntervals]
+MSetIntervals.inter [definition, in MSetsExtra.MSetIntervals]
+MSetIntervals.inter_spec [lemma, in MSetsExtra.MSetIntervals]
+MSetIntervals.In_compat [instance, in MSetsExtra.MSetIntervals]
+MSetIntervals.is_empty_spec [lemma, in MSetsExtra.MSetIntervals]
+MSetIntervals.is_empty [definition, in MSetsExtra.MSetIntervals]
+MSetIntervals.is_ok [projection, in MSetsExtra.MSetIntervals]
+MSetIntervals.lt [definition, in MSetsExtra.MSetIntervals]
+MSetIntervals.lt_compat [instance, in MSetsExtra.MSetIntervals]
+MSetIntervals.lt_strorder [instance, in MSetsExtra.MSetIntervals]
+MSetIntervals.max_elt_spec3 [lemma, in MSetsExtra.MSetIntervals]
+MSetIntervals.max_elt_spec2 [lemma, in MSetsExtra.MSetIntervals]
+MSetIntervals.max_elt_spec1 [lemma, in MSetsExtra.MSetIntervals]
+MSetIntervals.max_elt [definition, in MSetsExtra.MSetIntervals]
+MSetIntervals.mem [definition, in MSetsExtra.MSetIntervals]
+MSetIntervals.mem_spec [lemma, in MSetsExtra.MSetIntervals]
+MSetIntervals.min_elt_spec3 [lemma, in MSetsExtra.MSetIntervals]
+MSetIntervals.min_elt_spec2 [lemma, in MSetsExtra.MSetIntervals]
+MSetIntervals.min_elt_spec1 [lemma, in MSetsExtra.MSetIntervals]
+MSetIntervals.min_elt [definition, in MSetsExtra.MSetIntervals]
+MSetIntervals.partition [definition, in MSetsExtra.MSetIntervals]
+MSetIntervals.partition_spec2 [lemma, in MSetsExtra.MSetIntervals]
+MSetIntervals.partition_spec1 [lemma, in MSetsExtra.MSetIntervals]
+MSetIntervals.Raw [module, in MSetsExtra.MSetIntervals]
+MSetIntervals.remove [definition, in MSetsExtra.MSetIntervals]
+MSetIntervals.remove_spec [lemma, in MSetsExtra.MSetIntervals]
+MSetIntervals.singleton [definition, in MSetsExtra.MSetIntervals]
+MSetIntervals.singleton_spec [lemma, in MSetsExtra.MSetIntervals]
+MSetIntervals.Spec [section, in MSetsExtra.MSetIntervals]
+MSetIntervals.Spec.f [variable, in MSetsExtra.MSetIntervals]
+MSetIntervals.Spec.s [variable, in MSetsExtra.MSetIntervals]
+MSetIntervals.Spec.s' [variable, in MSetsExtra.MSetIntervals]
+MSetIntervals.Spec.x [variable, in MSetsExtra.MSetIntervals]
+MSetIntervals.Spec.y [variable, in MSetsExtra.MSetIntervals]
+MSetIntervals.subset [definition, in MSetsExtra.MSetIntervals]
+MSetIntervals.Subset [definition, in MSetsExtra.MSetIntervals]
+MSetIntervals.subset_spec [lemma, in MSetsExtra.MSetIntervals]
+MSetIntervals.t [definition, in MSetsExtra.MSetIntervals]
+MSetIntervals.this [projection, in MSetsExtra.MSetIntervals]
+MSetIntervals.t_ [record, in MSetsExtra.MSetIntervals]
+MSetIntervals.union [definition, in MSetsExtra.MSetIntervals]
+MSetIntervals.union_spec [lemma, in MSetsExtra.MSetIntervals]
+MSetListWithDups [library]
+MSetWithDups [library]
+

N

+NoDupA_map [lemma, in MSetsExtra.MSetIntervals]
+NOP [module, in MSetsExtra.MSetIntervals]
+n:1011 [binder, in MSetsExtra.MSetIntervals]
+n:1018 [binder, in MSetsExtra.MSetIntervals]
+n:2 [binder, in MSetsExtra.MSetIntervals]
+n:289 [binder, in MSetsExtra.MSetIntervals]
+n:4 [binder, in MSetsExtra.MSetIntervals]
+n:52 [binder, in MSetsExtra.MSetIntervals]
+

O

+Ops [module, in MSetsExtra.MSetListWithDups]
+Ops [module, in MSetsExtra.MSetIntervals]
+Ops.acc_pred [lemma, in MSetsExtra.MSetIntervals]
+Ops.add [definition, in MSetsExtra.MSetListWithDups]
+Ops.add [definition, in MSetsExtra.MSetIntervals]
+Ops.addZ [definition, in MSetsExtra.MSetIntervals]
+Ops.addZ_aux [definition, in MSetsExtra.MSetIntervals]
+Ops.add_list [definition, in MSetsExtra.MSetIntervals]
+Ops.cardinal [definition, in MSetsExtra.MSetListWithDups]
+Ops.cardinal [definition, in MSetsExtra.MSetIntervals]
+Ops.cardinalN [definition, in MSetsExtra.MSetIntervals]
+Ops.choose [definition, in MSetsExtra.MSetListWithDups]
+Ops.choose [definition, in MSetsExtra.MSetIntervals]
+Ops.compare [definition, in MSetsExtra.MSetIntervals]
+Ops.diff [definition, in MSetsExtra.MSetListWithDups]
+Ops.diff [definition, in MSetsExtra.MSetIntervals]
+Ops.diff_aux2 [definition, in MSetsExtra.MSetIntervals]
+Ops.diff_aux [definition, in MSetsExtra.MSetIntervals]
+Ops.elements [definition, in MSetsExtra.MSetListWithDups]
+Ops.elements [definition, in MSetsExtra.MSetIntervals]
+Ops.elementsZ [definition, in MSetsExtra.MSetIntervals]
+Ops.elements_dist [definition, in MSetsExtra.MSetListWithDups]
+Ops.elt [definition, in MSetsExtra.MSetListWithDups]
+Ops.elt [definition, in MSetsExtra.MSetIntervals]
+Ops.empty [definition, in MSetsExtra.MSetListWithDups]
+Ops.empty [definition, in MSetsExtra.MSetIntervals]
+Ops.equal [definition, in MSetsExtra.MSetListWithDups]
+Ops.equal [definition, in MSetsExtra.MSetIntervals]
+Ops.exists_ [definition, in MSetsExtra.MSetListWithDups]
+Ops.exists_ [definition, in MSetsExtra.MSetIntervals]
+Ops.filter [definition, in MSetsExtra.MSetListWithDups]
+Ops.filter [definition, in MSetsExtra.MSetIntervals]
+Ops.filterZ [definition, in MSetsExtra.MSetIntervals]
+Ops.filterZ_aux [definition, in MSetsExtra.MSetIntervals]
+Ops.filterZ_single [definition, in MSetsExtra.MSetIntervals]
+Ops.filterZ_single_aux [definition, in MSetsExtra.MSetIntervals]
+Ops.filterZ_fold_fun [definition, in MSetsExtra.MSetIntervals]
+Ops.fold [definition, in MSetsExtra.MSetListWithDups]
+Ops.fold [definition, in MSetsExtra.MSetIntervals]
+Ops.fold_elementsZ [definition, in MSetsExtra.MSetIntervals]
+Ops.fold_elementsZ_single [definition, in MSetsExtra.MSetIntervals]
+Ops.fold_elementsZ_aux [definition, in MSetsExtra.MSetIntervals]
+Ops.for_all [definition, in MSetsExtra.MSetListWithDups]
+Ops.for_all [definition, in MSetsExtra.MSetIntervals]
+Ops.from_elements [definition, in MSetsExtra.MSetIntervals]
+Ops.ICR_after_touch [constructor, in MSetsExtra.MSetIntervals]
+Ops.ICR_after [constructor, in MSetsExtra.MSetIntervals]
+Ops.ICR_subsume_2 [constructor, in MSetsExtra.MSetIntervals]
+Ops.ICR_subsume_1 [constructor, in MSetsExtra.MSetIntervals]
+Ops.ICR_equal [constructor, in MSetsExtra.MSetIntervals]
+Ops.ICR_overlap_after [constructor, in MSetsExtra.MSetIntervals]
+Ops.ICR_overlap_before [constructor, in MSetsExtra.MSetIntervals]
+Ops.ICR_before_touch [constructor, in MSetsExtra.MSetIntervals]
+Ops.ICR_before [constructor, in MSetsExtra.MSetIntervals]
+Ops.insert_intervalZ_guarded [definition, in MSetsExtra.MSetIntervals]
+Ops.insert_interval_begin [definition, in MSetsExtra.MSetIntervals]
+Ops.inter [definition, in MSetsExtra.MSetListWithDups]
+Ops.inter [definition, in MSetsExtra.MSetIntervals]
+Ops.interval_1_compare [definition, in MSetsExtra.MSetIntervals]
+Ops.interval_compare [definition, in MSetsExtra.MSetIntervals]
+Ops.interval_compare_result [inductive, in MSetsExtra.MSetIntervals]
+Ops.inter_aux2 [definition, in MSetsExtra.MSetIntervals]
+Ops.inter_aux [definition, in MSetsExtra.MSetIntervals]
+Ops.is_empty [definition, in MSetsExtra.MSetListWithDups]
+Ops.is_empty [definition, in MSetsExtra.MSetIntervals]
+Ops.max_elt [definition, in MSetsExtra.MSetIntervals]
+Ops.max_eltZ [definition, in MSetsExtra.MSetIntervals]
+Ops.mem [definition, in MSetsExtra.MSetListWithDups]
+Ops.mem [definition, in MSetsExtra.MSetIntervals]
+Ops.memZ [definition, in MSetsExtra.MSetIntervals]
+Ops.merge_interval_size [definition, in MSetsExtra.MSetIntervals]
+Ops.min_elt [definition, in MSetsExtra.MSetIntervals]
+Ops.min_eltZ [definition, in MSetsExtra.MSetIntervals]
+Ops.MX [module, in MSetsExtra.MSetListWithDups]
+Ops.partition [definition, in MSetsExtra.MSetListWithDups]
+Ops.partition [definition, in MSetsExtra.MSetIntervals]
+Ops.partitionZ [definition, in MSetsExtra.MSetIntervals]
+Ops.partitionZ_aux [definition, in MSetsExtra.MSetIntervals]
+Ops.partitionZ_single [definition, in MSetsExtra.MSetIntervals]
+Ops.partitionZ_single_aux [definition, in MSetsExtra.MSetIntervals]
+Ops.partitionZ_fold_fun [definition, in MSetsExtra.MSetIntervals]
+Ops.partitionZ_fold_skip [definition, in MSetsExtra.MSetIntervals]
+Ops.partitionZ_fold_insert [definition, in MSetsExtra.MSetIntervals]
+Ops.partition_aux [definition, in MSetsExtra.MSetListWithDups]
+Ops.RDFS [module, in MSetsExtra.MSetListWithDups]
+Ops.remove [definition, in MSetsExtra.MSetListWithDups]
+Ops.remove [definition, in MSetsExtra.MSetIntervals]
+Ops.removeZ [definition, in MSetsExtra.MSetIntervals]
+Ops.removeZ_aux [definition, in MSetsExtra.MSetIntervals]
+Ops.remove_list [definition, in MSetsExtra.MSetIntervals]
+Ops.rev_filter [definition, in MSetsExtra.MSetListWithDups]
+Ops.rev_filter_aux [definition, in MSetsExtra.MSetListWithDups]
+Ops.singleton [definition, in MSetsExtra.MSetListWithDups]
+Ops.singleton [definition, in MSetsExtra.MSetIntervals]
+Ops.singleton_alt_def [lemma, in MSetsExtra.MSetIntervals]
+Ops.subset [definition, in MSetsExtra.MSetListWithDups]
+Ops.subset [definition, in MSetsExtra.MSetIntervals]
+Ops.t [definition, in MSetsExtra.MSetListWithDups]
+Ops.t [definition, in MSetsExtra.MSetIntervals]
+Ops.union [definition, in MSetsExtra.MSetListWithDups]
+Ops.union [definition, in MSetsExtra.MSetIntervals]
+Ops.union_aux [definition, in MSetsExtra.MSetIntervals]
+

P

+pre_x:392 [binder, in MSetsExtra.MSetFoldWithAbort]
+pre_x:369 [binder, in MSetsExtra.MSetFoldWithAbort]
+P:10 [binder, in MSetsExtra.MSetWithDups]
+P:101 [binder, in MSetsExtra.MSetListWithDups]
+P:112 [binder, in MSetsExtra.MSetFoldWithAbort]
+P:13 [binder, in MSetsExtra.MSetWithDups]
+P:18 [binder, in MSetsExtra.MSetFoldWithAbort]
+P:220 [binder, in MSetsExtra.MSetFoldWithAbort]
+p:231 [binder, in MSetsExtra.MSetFoldWithAbort]
+p:236 [binder, in MSetsExtra.MSetFoldWithAbort]
+P:239 [binder, in MSetsExtra.MSetFoldWithAbort]
+p:242 [binder, in MSetsExtra.MSetFoldWithAbort]
+p:247 [binder, in MSetsExtra.MSetFoldWithAbort]
+p:257 [binder, in MSetsExtra.MSetFoldWithAbort]
+p:265 [binder, in MSetsExtra.MSetFoldWithAbort]
+P:270 [binder, in MSetsExtra.MSetFoldWithAbort]
+P:281 [binder, in MSetsExtra.MSetIntervals]
+P:284 [binder, in MSetsExtra.MSetIntervals]
+P:292 [binder, in MSetsExtra.MSetFoldWithAbort]
+P:300 [binder, in MSetsExtra.MSetFoldWithAbort]
+p:319 [binder, in MSetsExtra.MSetIntervals]
+P:326 [binder, in MSetsExtra.MSetFoldWithAbort]
+P:46 [binder, in MSetsExtra.MSetFoldWithAbort]
+p:53 [binder, in MSetsExtra.MSetIntervals]
+P:75 [binder, in MSetsExtra.MSetFoldWithAbort]
+P:940 [binder, in MSetsExtra.MSetIntervals]
+P:943 [binder, in MSetsExtra.MSetIntervals]
+P:98 [binder, in MSetsExtra.MSetListWithDups]
+p:982 [binder, in MSetsExtra.MSetIntervals]
+

R

+Raw [module, in MSetsExtra.MSetIntervals]
+Raw.addZ_invariant [lemma, in MSetsExtra.MSetIntervals]
+Raw.addZ_InZ [lemma, in MSetsExtra.MSetIntervals]
+Raw.addZ_alt_def [lemma, in MSetsExtra.MSetIntervals]
+Raw.addZ_aux_alt_def [lemma, in MSetsExtra.MSetIntervals]
+Raw.add_list_spec [lemma, in MSetsExtra.MSetIntervals]
+Raw.add_list_ok [lemma, in MSetsExtra.MSetIntervals]
+Raw.add_spec [lemma, in MSetsExtra.MSetIntervals]
+Raw.add_ok [instance, in MSetsExtra.MSetIntervals]
+Raw.cardinalN_spec [lemma, in MSetsExtra.MSetIntervals]
+Raw.cardinal_spec [lemma, in MSetsExtra.MSetIntervals]
+Raw.choose_spec3 [lemma, in MSetsExtra.MSetIntervals]
+Raw.choose_spec2 [definition, in MSetsExtra.MSetIntervals]
+Raw.choose_spec1 [definition, in MSetsExtra.MSetIntervals]
+Raw.compare_spec [lemma, in MSetsExtra.MSetIntervals]
+Raw.compare_antisym [lemma, in MSetsExtra.MSetIntervals]
+Raw.compare_eq_Lt_cons [lemma, in MSetsExtra.MSetIntervals]
+Raw.compare_eq_Lt_nil_r [lemma, in MSetsExtra.MSetIntervals]
+Raw.compare_eq_Lt_nil_l [lemma, in MSetsExtra.MSetIntervals]
+Raw.compare_eq_Eq [lemma, in MSetsExtra.MSetIntervals]
+Raw.diff_spec [lemma, in MSetsExtra.MSetIntervals]
+Raw.diff_ok [instance, in MSetsExtra.MSetIntervals]
+Raw.diff_invariant [lemma, in MSetsExtra.MSetIntervals]
+Raw.diff_InZ [lemma, in MSetsExtra.MSetIntervals]
+Raw.diff_aux2_props [lemma, in MSetsExtra.MSetIntervals]
+Raw.diff_aux_props [lemma, in MSetsExtra.MSetIntervals]
+Raw.diff_aux_alt_def [lemma, in MSetsExtra.MSetIntervals]
+Raw.elementsZ_sorted [lemma, in MSetsExtra.MSetIntervals]
+Raw.elementsZ_single_sorted [lemma, in MSetsExtra.MSetIntervals]
+Raw.elementsZ_spec2w [lemma, in MSetsExtra.MSetIntervals]
+Raw.elementsZ_insert_intervalZ_guarded [lemma, in MSetsExtra.MSetIntervals]
+Raw.elementsZ_app [lemma, in MSetsExtra.MSetIntervals]
+Raw.elementsZ_cons [lemma, in MSetsExtra.MSetIntervals]
+Raw.elementsZ_single_succ_front [lemma, in MSetsExtra.MSetIntervals]
+Raw.elementsZ_single_add [lemma, in MSetsExtra.MSetIntervals]
+Raw.elementsZ_single_succ [lemma, in MSetsExtra.MSetIntervals]
+Raw.elementsZ_single_base [lemma, in MSetsExtra.MSetIntervals]
+Raw.elementsZ_single [definition, in MSetsExtra.MSetIntervals]
+Raw.elementsZ_nil [lemma, in MSetsExtra.MSetIntervals]
+Raw.elements_sorted [lemma, in MSetsExtra.MSetIntervals]
+Raw.elements_spec2w [lemma, in MSetsExtra.MSetIntervals]
+Raw.elements_spec1 [lemma, in MSetsExtra.MSetIntervals]
+Raw.elements_cons [lemma, in MSetsExtra.MSetIntervals]
+Raw.elements_single [definition, in MSetsExtra.MSetIntervals]
+Raw.elements_nil [lemma, in MSetsExtra.MSetIntervals]
+Raw.Empty [definition, in MSetsExtra.MSetIntervals]
+Raw.empty_spec [lemma, in MSetsExtra.MSetIntervals]
+Raw.empty_spec' [lemma, in MSetsExtra.MSetIntervals]
+Raw.empty_ok [instance, in MSetsExtra.MSetIntervals]
+Raw.encode_decode_eq [lemma, in MSetsExtra.MSetIntervals]
+Raw.Equal [definition, in MSetsExtra.MSetIntervals]
+Raw.equal_spec [lemma, in MSetsExtra.MSetIntervals]
+Raw.equal_elementsZ [lemma, in MSetsExtra.MSetIntervals]
+Raw.equal_alt_def [lemma, in MSetsExtra.MSetIntervals]
+Raw.Exists [definition, in MSetsExtra.MSetIntervals]
+Raw.exists_spec [lemma, in MSetsExtra.MSetIntervals]
+Raw.filterZ_props [lemma, in MSetsExtra.MSetIntervals]
+Raw.filterZ_aux_props [lemma, in MSetsExtra.MSetIntervals]
+Raw.filterZ_single_props [lemma, in MSetsExtra.MSetIntervals]
+Raw.filterZ_single_aux_props [lemma, in MSetsExtra.MSetIntervals]
+Raw.filter_spec [lemma, in MSetsExtra.MSetIntervals]
+Raw.filter_ok [instance, in MSetsExtra.MSetIntervals]
+Raw.fold_spec [lemma, in MSetsExtra.MSetIntervals]
+Raw.fold_elementsZ_alt_def [lemma, in MSetsExtra.MSetIntervals]
+Raw.fold_elementsZ_alt_def_aux [lemma, in MSetsExtra.MSetIntervals]
+Raw.fold_elementsZ_cons [lemma, in MSetsExtra.MSetIntervals]
+Raw.fold_elementsZ_nil [lemma, in MSetsExtra.MSetIntervals]
+Raw.fold_elementsZ_single_alt_def [lemma, in MSetsExtra.MSetIntervals]
+Raw.fold_opt_app [lemma, in MSetsExtra.MSetIntervals]
+Raw.fold_opt_list_cons [lemma, in MSetsExtra.MSetIntervals]
+Raw.fold_opt [definition, in MSetsExtra.MSetIntervals]
+Raw.fold_elementsZ_single_succ [lemma, in MSetsExtra.MSetIntervals]
+Raw.fold_elementsZ_single_zero [lemma, in MSetsExtra.MSetIntervals]
+Raw.fold_elementsZ_single_pos [lemma, in MSetsExtra.MSetIntervals]
+Raw.fold_elementsZ_aux_irrel [lemma, in MSetsExtra.MSetIntervals]
+Raw.ForNotations [section, in MSetsExtra.MSetIntervals]
+Raw.for_all_spec [lemma, in MSetsExtra.MSetIntervals]
+Raw.For_all [definition, in MSetsExtra.MSetIntervals]
+Raw.In [definition, in MSetsExtra.MSetIntervals]
+Raw.insert_interval_begin_spec [lemma, in MSetsExtra.MSetIntervals]
+Raw.insert_intervalZ_guarded_rev_nil_app [lemma, in MSetsExtra.MSetIntervals]
+Raw.insert_intervalZ_guarded_app [lemma, in MSetsExtra.MSetIntervals]
+Raw.interval_list_elements_greater_insert_intervalZ_guarded [lemma, in MSetsExtra.MSetIntervals]
+Raw.interval_list_invariant_insert_intervalZ_guarded [lemma, in MSetsExtra.MSetIntervals]
+Raw.interval_list_invariant_snoc_intro [lemma, in MSetsExtra.MSetIntervals]
+Raw.interval_list_invariant_app_iff [lemma, in MSetsExtra.MSetIntervals]
+Raw.interval_list_invariant_app_elim [lemma, in MSetsExtra.MSetIntervals]
+Raw.interval_list_invariant_app_intro [lemma, in MSetsExtra.MSetIntervals]
+Raw.interval_list_elements_greater_app_elim_1 [lemma, in MSetsExtra.MSetIntervals]
+Raw.interval_list_elements_greater_intro [lemma, in MSetsExtra.MSetIntervals]
+Raw.interval_list_elements_greater_alt2_def [lemma, in MSetsExtra.MSetIntervals]
+Raw.interval_list_elements_greater_alt_def [lemma, in MSetsExtra.MSetIntervals]
+Raw.interval_list_invariant_sing [lemma, in MSetsExtra.MSetIntervals]
+Raw.interval_list_invariant_cons [lemma, in MSetsExtra.MSetIntervals]
+Raw.interval_list_invariant_nil [lemma, in MSetsExtra.MSetIntervals]
+Raw.interval_list_elements_greater_impl [lemma, in MSetsExtra.MSetIntervals]
+Raw.interval_list_elements_greater_cons [lemma, in MSetsExtra.MSetIntervals]
+Raw.interval_1_compare_elim [lemma, in MSetsExtra.MSetIntervals]
+Raw.interval_1_compare_alt_def [lemma, in MSetsExtra.MSetIntervals]
+Raw.interval_compare_swap [lemma, in MSetsExtra.MSetIntervals]
+Raw.interval_compare_elim [lemma, in MSetsExtra.MSetIntervals]
+Raw.interval_list_invariant [definition, in MSetsExtra.MSetIntervals]
+Raw.interval_list_elements_greater [definition, in MSetsExtra.MSetIntervals]
+Raw.inter_spec [lemma, in MSetsExtra.MSetIntervals]
+Raw.inter_ok [instance, in MSetsExtra.MSetIntervals]
+Raw.inter_invariant [lemma, in MSetsExtra.MSetIntervals]
+Raw.inter_InZ [lemma, in MSetsExtra.MSetIntervals]
+Raw.inter_aux2_props [lemma, in MSetsExtra.MSetIntervals]
+Raw.inter_aux_props [lemma, in MSetsExtra.MSetIntervals]
+Raw.inter_aux_alt_def [lemma, in MSetsExtra.MSetIntervals]
+Raw.InZ [definition, in MSetsExtra.MSetIntervals]
+Raw.InZ_partitionZ_fold_skip [lemma, in MSetsExtra.MSetIntervals]
+Raw.InZ_partitionZ_fold_insert [lemma, in MSetsExtra.MSetIntervals]
+Raw.InZ_partitionZ_fold_current_Some [lemma, in MSetsExtra.MSetIntervals]
+Raw.InZ_insert_intervalZ_guarded [lemma, in MSetsExtra.MSetIntervals]
+Raw.InZ_In [lemma, in MSetsExtra.MSetIntervals]
+Raw.InZ_dec [lemma, in MSetsExtra.MSetIntervals]
+Raw.InZ_rev [lemma, in MSetsExtra.MSetIntervals]
+Raw.InZ_app [lemma, in MSetsExtra.MSetIntervals]
+Raw.InZ_cons [lemma, in MSetsExtra.MSetIntervals]
+Raw.InZ_nil [lemma, in MSetsExtra.MSetIntervals]
+Raw.In_merge_interval [lemma, in MSetsExtra.MSetIntervals]
+Raw.In_InZ [lemma, in MSetsExtra.MSetIntervals]
+Raw.In_alt_def [lemma, in MSetsExtra.MSetIntervals]
+Raw.In_elementsZ_single_hd [lemma, in MSetsExtra.MSetIntervals]
+Raw.In_elementsZ_single_dec [lemma, in MSetsExtra.MSetIntervals]
+Raw.In_elementsZ_single1 [lemma, in MSetsExtra.MSetIntervals]
+Raw.In_elementsZ_single [lemma, in MSetsExtra.MSetIntervals]
+Raw.IsOk [definition, in MSetsExtra.MSetIntervals]
+Raw.IsOk_Ok [instance, in MSetsExtra.MSetIntervals]
+Raw.is_empty_spec [lemma, in MSetsExtra.MSetIntervals]
+Raw.is_encoded_elems_list_rev [lemma, in MSetsExtra.MSetIntervals]
+Raw.is_encoded_elems_list_app [lemma, in MSetsExtra.MSetIntervals]
+Raw.is_encoded_elems_list [definition, in MSetsExtra.MSetIntervals]
+Raw.length_elementsZ_single [lemma, in MSetsExtra.MSetIntervals]
+Raw.lt [definition, in MSetsExtra.MSetIntervals]
+Raw.lt_Transitive [lemma, in MSetsExtra.MSetIntervals]
+Raw.lt_Irreflexive [lemma, in MSetsExtra.MSetIntervals]
+Raw.max_elt_spec3 [definition, in MSetsExtra.MSetIntervals]
+Raw.max_elt_spec2 [definition, in MSetsExtra.MSetIntervals]
+Raw.max_elt_spec1 [definition, in MSetsExtra.MSetIntervals]
+Raw.max_eltZ_spec3 [definition, in MSetsExtra.MSetIntervals]
+Raw.max_eltZ_eq_None [lemma, in MSetsExtra.MSetIntervals]
+Raw.max_eltZ_spec2 [lemma, in MSetsExtra.MSetIntervals]
+Raw.max_eltZ_spec1 [definition, in MSetsExtra.MSetIntervals]
+Raw.memZ_spec [lemma, in MSetsExtra.MSetIntervals]
+Raw.mem_spec [lemma, in MSetsExtra.MSetIntervals]
+Raw.merge_interval_size_invariant [lemma, in MSetsExtra.MSetIntervals]
+Raw.merge_interval_size_eq_max [lemma, in MSetsExtra.MSetIntervals]
+Raw.merge_interval_size_add [lemma, in MSetsExtra.MSetIntervals]
+Raw.merge_interval_size_neq_0 [lemma, in MSetsExtra.MSetIntervals]
+Raw.min_elt_spec3 [definition, in MSetsExtra.MSetIntervals]
+Raw.min_elt_spec2 [definition, in MSetsExtra.MSetIntervals]
+Raw.min_elt_spec1 [definition, in MSetsExtra.MSetIntervals]
+Raw.min_eltZ_spec3 [definition, in MSetsExtra.MSetIntervals]
+Raw.min_eltZ_spec2 [lemma, in MSetsExtra.MSetIntervals]
+Raw.min_eltZ_spec1 [definition, in MSetsExtra.MSetIntervals]
+Raw.Nin_elements_greater_equal [lemma, in MSetsExtra.MSetIntervals]
+Raw.Nin_elements_greater [lemma, in MSetsExtra.MSetIntervals]
+Raw.NoDupA_elementsZ_single [lemma, in MSetsExtra.MSetIntervals]
+Raw.ok [projection, in MSetsExtra.MSetIntervals]
+Raw.Ok [record, in MSetsExtra.MSetIntervals]
+Raw.ok [constructor, in MSetsExtra.MSetIntervals]
+Raw.Ok [inductive, in MSetsExtra.MSetIntervals]
+Raw.Ok_cons [lemma, in MSetsExtra.MSetIntervals]
+Raw.Ok_nil [lemma, in MSetsExtra.MSetIntervals]
+Raw.partitionZ_alt_def [lemma, in MSetsExtra.MSetIntervals]
+Raw.partitionZ_aux_alt_def [lemma, in MSetsExtra.MSetIntervals]
+Raw.partitionZ_single_aux_alt_def [lemma, in MSetsExtra.MSetIntervals]
+Raw.partitionZ_fold_current [definition, in MSetsExtra.MSetIntervals]
+Raw.partitionZ_aux_invariant_skip [lemma, in MSetsExtra.MSetIntervals]
+Raw.partitionZ_aux_invariant_insert [lemma, in MSetsExtra.MSetIntervals]
+Raw.partitionZ_aux_invariant [definition, in MSetsExtra.MSetIntervals]
+Raw.partition_spec2 [lemma, in MSetsExtra.MSetIntervals]
+Raw.partition_spec1 [lemma, in MSetsExtra.MSetIntervals]
+Raw.partition_ok2 [instance, in MSetsExtra.MSetIntervals]
+Raw.partition_ok1 [instance, in MSetsExtra.MSetIntervals]
+Raw.partition_alt_def [lemma, in MSetsExtra.MSetIntervals]
+Raw.removeZ_spec [lemma, in MSetsExtra.MSetIntervals]
+Raw.removeZ_interval_list_invariant [lemma, in MSetsExtra.MSetIntervals]
+Raw.removeZ_alt_def [lemma, in MSetsExtra.MSetIntervals]
+Raw.remove_list_spec [lemma, in MSetsExtra.MSetIntervals]
+Raw.remove_list_ok [lemma, in MSetsExtra.MSetIntervals]
+Raw.remove_spec [lemma, in MSetsExtra.MSetIntervals]
+Raw.remove_ok [instance, in MSetsExtra.MSetIntervals]
+Raw.singleton_spec [lemma, in MSetsExtra.MSetIntervals]
+Raw.singleton_ok [instance, in MSetsExtra.MSetIntervals]
+Raw.Subset [definition, in MSetsExtra.MSetIntervals]
+Raw.subset_spec [lemma, in MSetsExtra.MSetIntervals]
+Raw.subset_props [lemma, in MSetsExtra.MSetIntervals]
+Raw.subset_props_aux_before [lemma, in MSetsExtra.MSetIntervals]
+Raw.subset_props_aux [lemma, in MSetsExtra.MSetIntervals]
+Raw.subset_flatten_alt_def [lemma, in MSetsExtra.MSetIntervals]
+Raw.union_spec [lemma, in MSetsExtra.MSetIntervals]
+Raw.union_ok [instance, in MSetsExtra.MSetIntervals]
+Raw.union_invariant [lemma, in MSetsExtra.MSetIntervals]
+Raw.union_InZ [lemma, in MSetsExtra.MSetIntervals]
+Raw.union_alt_def [lemma, in MSetsExtra.MSetIntervals]
+Raw.union_aux_alt_def [lemma, in MSetsExtra.MSetIntervals]
+Raw.union_aux_flatten_alt_def [lemma, in MSetsExtra.MSetIntervals]
+RemoveDupsFromSorted [module, in MSetsExtra.MSetListWithDups]
+RemoveDupsFromSorted.eqb_eq_alt [lemma, in MSetsExtra.MSetListWithDups]
+RemoveDupsFromSorted.MX [module, in MSetsExtra.MSetListWithDups]
+RemoveDupsFromSorted.remove_dups_by_sortingA_spec [lemma, in MSetsExtra.MSetListWithDups]
+RemoveDupsFromSorted.remove_dups_by_sortingA [definition, in MSetsExtra.MSetListWithDups]
+RemoveDupsFromSorted.remove_dups_from_sortedA_spec [lemma, in MSetsExtra.MSetListWithDups]
+RemoveDupsFromSorted.remove_dups_from_sortedA_hd [lemma, in MSetsExtra.MSetListWithDups]
+RemoveDupsFromSorted.remove_dups_from_sortedA_alt [lemma, in MSetsExtra.MSetListWithDups]
+RemoveDupsFromSorted.remove_dups_from_sortedA_aux_alt [lemma, in MSetsExtra.MSetListWithDups]
+RemoveDupsFromSorted.remove_dups_from_sortedA [definition, in MSetsExtra.MSetListWithDups]
+RemoveDupsFromSorted.remove_dups_from_sortedA_aux [definition, in MSetsExtra.MSetListWithDups]
+RemoveDupsFromSorted.XSort [module, in MSetsExtra.MSetListWithDups]
+RemoveDupsFromSorted.XTotalLeBool [module, in MSetsExtra.MSetListWithDups]
+RemoveDupsFromSorted.XTotalLeBool.le [definition, in MSetsExtra.MSetListWithDups]
+RemoveDupsFromSorted.XTotalLeBool.leb [definition, in MSetsExtra.MSetListWithDups]
+RemoveDupsFromSorted.XTotalLeBool.leb_total [lemma, in MSetsExtra.MSetListWithDups]
+RemoveDupsFromSorted.XTotalLeBool.t [definition, in MSetsExtra.MSetListWithDups]
+_ <=? _ [notation, in MSetsExtra.MSetListWithDups]
+rev_map_alt_def [lemma, in MSetsExtra.MSetIntervals]
+rev_map_aux_alt_def [lemma, in MSetsExtra.MSetIntervals]
+rev_map [definition, in MSetsExtra.MSetIntervals]
+rev_map_aux [definition, in MSetsExtra.MSetIntervals]
+r:859 [binder, in MSetsExtra.MSetIntervals]
+

S

+SetsWithFoldA [module, in MSetsExtra.MSetFoldWithAbort]
+SetsWithFoldA.E [module, in MSetsExtra.MSetFoldWithAbort]
+st':114 [binder, in MSetsExtra.MSetFoldWithAbort]
+st':120 [binder, in MSetsExtra.MSetFoldWithAbort]
+st':124 [binder, in MSetsExtra.MSetFoldWithAbort]
+st':20 [binder, in MSetsExtra.MSetFoldWithAbort]
+st':26 [binder, in MSetsExtra.MSetFoldWithAbort]
+st':328 [binder, in MSetsExtra.MSetFoldWithAbort]
+st':334 [binder, in MSetsExtra.MSetFoldWithAbort]
+st':338 [binder, in MSetsExtra.MSetFoldWithAbort]
+st':48 [binder, in MSetsExtra.MSetFoldWithAbort]
+st':54 [binder, in MSetsExtra.MSetFoldWithAbort]
+st':77 [binder, in MSetsExtra.MSetFoldWithAbort]
+st':83 [binder, in MSetsExtra.MSetFoldWithAbort]
+st':87 [binder, in MSetsExtra.MSetFoldWithAbort]
+st0:313 [binder, in MSetsExtra.MSetFoldWithAbort]
+st1:314 [binder, in MSetsExtra.MSetFoldWithAbort]
+st2:315 [binder, in MSetsExtra.MSetFoldWithAbort]
+st:113 [binder, in MSetsExtra.MSetFoldWithAbort]
+st:117 [binder, in MSetsExtra.MSetFoldWithAbort]
+st:119 [binder, in MSetsExtra.MSetFoldWithAbort]
+st:123 [binder, in MSetsExtra.MSetFoldWithAbort]
+st:135 [binder, in MSetsExtra.MSetFoldWithAbort]
+st:137 [binder, in MSetsExtra.MSetFoldWithAbort]
+st:139 [binder, in MSetsExtra.MSetFoldWithAbort]
+st:144 [binder, in MSetsExtra.MSetFoldWithAbort]
+st:146 [binder, in MSetsExtra.MSetFoldWithAbort]
+st:151 [binder, in MSetsExtra.MSetFoldWithAbort]
+st:153 [binder, in MSetsExtra.MSetFoldWithAbort]
+st:155 [binder, in MSetsExtra.MSetFoldWithAbort]
+st:168 [binder, in MSetsExtra.MSetFoldWithAbort]
+st:170 [binder, in MSetsExtra.MSetFoldWithAbort]
+st:173 [binder, in MSetsExtra.MSetFoldWithAbort]
+st:183 [binder, in MSetsExtra.MSetFoldWithAbort]
+st:185 [binder, in MSetsExtra.MSetFoldWithAbort]
+st:185 [binder, in MSetsExtra.MSetIntervals]
+st:188 [binder, in MSetsExtra.MSetFoldWithAbort]
+st:189 [binder, in MSetsExtra.MSetIntervals]
+st:19 [binder, in MSetsExtra.MSetFoldWithAbort]
+st:192 [binder, in MSetsExtra.MSetIntervals]
+st:197 [binder, in MSetsExtra.MSetFoldWithAbort]
+st:199 [binder, in MSetsExtra.MSetFoldWithAbort]
+st:208 [binder, in MSetsExtra.MSetFoldWithAbort]
+st:208 [binder, in MSetsExtra.MSetIntervals]
+st:210 [binder, in MSetsExtra.MSetFoldWithAbort]
+st:212 [binder, in MSetsExtra.MSetIntervals]
+st:215 [binder, in MSetsExtra.MSetIntervals]
+st:23 [binder, in MSetsExtra.MSetFoldWithAbort]
+st:25 [binder, in MSetsExtra.MSetFoldWithAbort]
+st:258 [binder, in MSetsExtra.MSetFoldWithAbort]
+st:262 [binder, in MSetsExtra.MSetFoldWithAbort]
+st:266 [binder, in MSetsExtra.MSetFoldWithAbort]
+st:275 [binder, in MSetsExtra.MSetFoldWithAbort]
+st:327 [binder, in MSetsExtra.MSetFoldWithAbort]
+st:331 [binder, in MSetsExtra.MSetFoldWithAbort]
+st:333 [binder, in MSetsExtra.MSetFoldWithAbort]
+st:337 [binder, in MSetsExtra.MSetFoldWithAbort]
+st:381 [binder, in MSetsExtra.MSetFoldWithAbort]
+st:404 [binder, in MSetsExtra.MSetFoldWithAbort]
+st:47 [binder, in MSetsExtra.MSetFoldWithAbort]
+st:51 [binder, in MSetsExtra.MSetFoldWithAbort]
+st:53 [binder, in MSetsExtra.MSetFoldWithAbort]
+st:76 [binder, in MSetsExtra.MSetFoldWithAbort]
+st:80 [binder, in MSetsExtra.MSetFoldWithAbort]
+st:82 [binder, in MSetsExtra.MSetFoldWithAbort]
+st:86 [binder, in MSetsExtra.MSetFoldWithAbort]
+s'':749 [binder, in MSetsExtra.MSetIntervals]
+s':107 [binder, in MSetsExtra.MSetListWithDups]
+s':109 [binder, in MSetsExtra.MSetListWithDups]
+s':130 [binder, in MSetsExtra.MSetListWithDups]
+s':133 [binder, in MSetsExtra.MSetListWithDups]
+s':143 [binder, in MSetsExtra.MSetListWithDups]
+s':162 [binder, in MSetsExtra.MSetIntervals]
+s':274 [binder, in MSetsExtra.MSetIntervals]
+s':277 [binder, in MSetsExtra.MSetIntervals]
+s':3 [binder, in MSetsExtra.MSetWithDups]
+s':430 [binder, in MSetsExtra.MSetIntervals]
+s':435 [binder, in MSetsExtra.MSetIntervals]
+s':577 [binder, in MSetsExtra.MSetIntervals]
+s':6 [binder, in MSetsExtra.MSetWithDups]
+s':626 [binder, in MSetsExtra.MSetIntervals]
+s':65 [binder, in MSetsExtra.MSetListWithDups]
+s':67 [binder, in MSetsExtra.MSetListWithDups]
+s':678 [binder, in MSetsExtra.MSetIntervals]
+s':70 [binder, in MSetsExtra.MSetListWithDups]
+s':726 [binder, in MSetsExtra.MSetIntervals]
+s':741 [binder, in MSetsExtra.MSetIntervals]
+s':746 [binder, in MSetsExtra.MSetIntervals]
+s':796 [binder, in MSetsExtra.MSetIntervals]
+s':91 [binder, in MSetsExtra.MSetListWithDups]
+s':933 [binder, in MSetsExtra.MSetIntervals]
+s':936 [binder, in MSetsExtra.MSetIntervals]
+s':94 [binder, in MSetsExtra.MSetListWithDups]
+s':954 [binder, in MSetsExtra.MSetIntervals]
+s':956 [binder, in MSetsExtra.MSetIntervals]
+s':958 [binder, in MSetsExtra.MSetIntervals]
+s':960 [binder, in MSetsExtra.MSetIntervals]
+s':962 [binder, in MSetsExtra.MSetIntervals]
+s':984 [binder, in MSetsExtra.MSetIntervals]
+s0:245 [binder, in MSetsExtra.MSetFoldWithAbort]
+s0:249 [binder, in MSetsExtra.MSetFoldWithAbort]
+s0:252 [binder, in MSetsExtra.MSetFoldWithAbort]
+s1:138 [binder, in MSetsExtra.MSetIntervals]
+s1:143 [binder, in MSetsExtra.MSetIntervals]
+s1:152 [binder, in MSetsExtra.MSetIntervals]
+s1:155 [binder, in MSetsExtra.MSetIntervals]
+s1:157 [binder, in MSetsExtra.MSetIntervals]
+s1:173 [binder, in MSetsExtra.MSetIntervals]
+s1:176 [binder, in MSetsExtra.MSetIntervals]
+s1:379 [binder, in MSetsExtra.MSetIntervals]
+s1:386 [binder, in MSetsExtra.MSetIntervals]
+s1:450 [binder, in MSetsExtra.MSetIntervals]
+s1:453 [binder, in MSetsExtra.MSetIntervals]
+s1:457 [binder, in MSetsExtra.MSetIntervals]
+s1:461 [binder, in MSetsExtra.MSetIntervals]
+s1:465 [binder, in MSetsExtra.MSetIntervals]
+s1:497 [binder, in MSetsExtra.MSetIntervals]
+s1:53 [binder, in MSetsExtra.MSetListWithDups]
+s1:55 [binder, in MSetsExtra.MSetListWithDups]
+s1:556 [binder, in MSetsExtra.MSetIntervals]
+s1:559 [binder, in MSetsExtra.MSetIntervals]
+s1:562 [binder, in MSetsExtra.MSetIntervals]
+s1:564 [binder, in MSetsExtra.MSetIntervals]
+s1:569 [binder, in MSetsExtra.MSetIntervals]
+s1:572 [binder, in MSetsExtra.MSetIntervals]
+s1:605 [binder, in MSetsExtra.MSetIntervals]
+s1:616 [binder, in MSetsExtra.MSetIntervals]
+s1:619 [binder, in MSetsExtra.MSetIntervals]
+s1:621 [binder, in MSetsExtra.MSetIntervals]
+s1:656 [binder, in MSetsExtra.MSetIntervals]
+s1:668 [binder, in MSetsExtra.MSetIntervals]
+s1:671 [binder, in MSetsExtra.MSetIntervals]
+s1:673 [binder, in MSetsExtra.MSetIntervals]
+s1:703 [binder, in MSetsExtra.MSetIntervals]
+s1:720 [binder, in MSetsExtra.MSetIntervals]
+s1:738 [binder, in MSetsExtra.MSetIntervals]
+s1:751 [binder, in MSetsExtra.MSetIntervals]
+s1:753 [binder, in MSetsExtra.MSetIntervals]
+s1:761 [binder, in MSetsExtra.MSetIntervals]
+s1:763 [binder, in MSetsExtra.MSetIntervals]
+s1:765 [binder, in MSetsExtra.MSetIntervals]
+s1:94 [binder, in MSetsExtra.MSetIntervals]
+s1:968 [binder, in MSetsExtra.MSetIntervals]
+s2:140 [binder, in MSetsExtra.MSetIntervals]
+s2:144 [binder, in MSetsExtra.MSetIntervals]
+s2:153 [binder, in MSetsExtra.MSetIntervals]
+s2:156 [binder, in MSetsExtra.MSetIntervals]
+s2:159 [binder, in MSetsExtra.MSetIntervals]
+s2:174 [binder, in MSetsExtra.MSetIntervals]
+s2:177 [binder, in MSetsExtra.MSetIntervals]
+s2:380 [binder, in MSetsExtra.MSetIntervals]
+s2:387 [binder, in MSetsExtra.MSetIntervals]
+s2:451 [binder, in MSetsExtra.MSetIntervals]
+s2:454 [binder, in MSetsExtra.MSetIntervals]
+s2:458 [binder, in MSetsExtra.MSetIntervals]
+s2:462 [binder, in MSetsExtra.MSetIntervals]
+s2:498 [binder, in MSetsExtra.MSetIntervals]
+s2:54 [binder, in MSetsExtra.MSetListWithDups]
+s2:557 [binder, in MSetsExtra.MSetIntervals]
+s2:56 [binder, in MSetsExtra.MSetListWithDups]
+s2:560 [binder, in MSetsExtra.MSetIntervals]
+s2:563 [binder, in MSetsExtra.MSetIntervals]
+s2:565 [binder, in MSetsExtra.MSetIntervals]
+s2:567 [binder, in MSetsExtra.MSetIntervals]
+s2:570 [binder, in MSetsExtra.MSetIntervals]
+s2:571 [binder, in MSetsExtra.MSetIntervals]
+s2:573 [binder, in MSetsExtra.MSetIntervals]
+s2:604 [binder, in MSetsExtra.MSetIntervals]
+s2:617 [binder, in MSetsExtra.MSetIntervals]
+s2:620 [binder, in MSetsExtra.MSetIntervals]
+s2:622 [binder, in MSetsExtra.MSetIntervals]
+s2:655 [binder, in MSetsExtra.MSetIntervals]
+s2:669 [binder, in MSetsExtra.MSetIntervals]
+s2:672 [binder, in MSetsExtra.MSetIntervals]
+s2:674 [binder, in MSetsExtra.MSetIntervals]
+s2:704 [binder, in MSetsExtra.MSetIntervals]
+s2:721 [binder, in MSetsExtra.MSetIntervals]
+s2:723 [binder, in MSetsExtra.MSetIntervals]
+s2:739 [binder, in MSetsExtra.MSetIntervals]
+s2:752 [binder, in MSetsExtra.MSetIntervals]
+s2:754 [binder, in MSetsExtra.MSetIntervals]
+s2:762 [binder, in MSetsExtra.MSetIntervals]
+s2:764 [binder, in MSetsExtra.MSetIntervals]
+s2:766 [binder, in MSetsExtra.MSetIntervals]
+s2:95 [binder, in MSetsExtra.MSetIntervals]
+s2:969 [binder, in MSetsExtra.MSetIntervals]
+s:102 [binder, in MSetsExtra.MSetListWithDups]
+s:104 [binder, in MSetsExtra.MSetListWithDups]
+s:106 [binder, in MSetsExtra.MSetListWithDups]
+s:108 [binder, in MSetsExtra.MSetListWithDups]
+s:108 [binder, in MSetsExtra.MSetIntervals]
+s:11 [binder, in MSetsExtra.MSetWithDups]
+s:111 [binder, in MSetsExtra.MSetFoldWithAbort]
+s:112 [binder, in MSetsExtra.MSetListWithDups]
+s:112 [binder, in MSetsExtra.MSetIntervals]
+s:113 [binder, in MSetsExtra.MSetListWithDups]
+s:114 [binder, in MSetsExtra.MSetIntervals]
+s:116 [binder, in MSetsExtra.MSetIntervals]
+s:117 [binder, in MSetsExtra.MSetIntervals]
+s:118 [binder, in MSetsExtra.MSetListWithDups]
+s:122 [binder, in MSetsExtra.MSetListWithDups]
+s:124 [binder, in MSetsExtra.MSetIntervals]
+s:125 [binder, in MSetsExtra.MSetListWithDups]
+s:127 [binder, in MSetsExtra.MSetIntervals]
+s:129 [binder, in MSetsExtra.MSetListWithDups]
+s:131 [binder, in MSetsExtra.MSetIntervals]
+s:132 [binder, in MSetsExtra.MSetListWithDups]
+s:133 [binder, in MSetsExtra.MSetIntervals]
+s:135 [binder, in MSetsExtra.MSetIntervals]
+s:136 [binder, in MSetsExtra.MSetListWithDups]
+s:136 [binder, in MSetsExtra.MSetIntervals]
+s:14 [binder, in MSetsExtra.MSetWithDups]
+s:140 [binder, in MSetsExtra.MSetListWithDups]
+s:142 [binder, in MSetsExtra.MSetListWithDups]
+s:145 [binder, in MSetsExtra.MSetListWithDups]
+s:146 [binder, in MSetsExtra.MSetListWithDups]
+s:148 [binder, in MSetsExtra.MSetIntervals]
+s:149 [binder, in MSetsExtra.MSetListWithDups]
+s:154 [binder, in MSetsExtra.MSetListWithDups]
+s:157 [binder, in MSetsExtra.MSetListWithDups]
+s:159 [binder, in MSetsExtra.MSetListWithDups]
+s:161 [binder, in MSetsExtra.MSetIntervals]
+s:162 [binder, in MSetsExtra.MSetListWithDups]
+s:164 [binder, in MSetsExtra.MSetListWithDups]
+s:165 [binder, in MSetsExtra.MSetListWithDups]
+s:166 [binder, in MSetsExtra.MSetFoldWithAbort]
+s:168 [binder, in MSetsExtra.MSetListWithDups]
+s:169 [binder, in MSetsExtra.MSetListWithDups]
+s:169 [binder, in MSetsExtra.MSetIntervals]
+s:17 [binder, in MSetsExtra.MSetFoldWithAbort]
+s:181 [binder, in MSetsExtra.MSetFoldWithAbort]
+s:195 [binder, in MSetsExtra.MSetFoldWithAbort]
+s:2 [binder, in MSetsExtra.MSetWithDups]
+s:202 [binder, in MSetsExtra.MSetIntervals]
+s:206 [binder, in MSetsExtra.MSetFoldWithAbort]
+s:219 [binder, in MSetsExtra.MSetFoldWithAbort]
+s:223 [binder, in MSetsExtra.MSetIntervals]
+s:229 [binder, in MSetsExtra.MSetFoldWithAbort]
+s:230 [binder, in MSetsExtra.MSetIntervals]
+s:234 [binder, in MSetsExtra.MSetFoldWithAbort]
+s:235 [binder, in MSetsExtra.MSetIntervals]
+s:239 [binder, in MSetsExtra.MSetIntervals]
+s:240 [binder, in MSetsExtra.MSetFoldWithAbort]
+s:243 [binder, in MSetsExtra.MSetIntervals]
+s:246 [binder, in MSetsExtra.MSetIntervals]
+s:247 [binder, in MSetsExtra.MSetIntervals]
+s:249 [binder, in MSetsExtra.MSetIntervals]
+s:250 [binder, in MSetsExtra.MSetIntervals]
+s:253 [binder, in MSetsExtra.MSetIntervals]
+s:255 [binder, in MSetsExtra.MSetFoldWithAbort]
+s:263 [binder, in MSetsExtra.MSetIntervals]
+s:264 [binder, in MSetsExtra.MSetIntervals]
+s:267 [binder, in MSetsExtra.MSetIntervals]
+s:270 [binder, in MSetsExtra.MSetIntervals]
+s:271 [binder, in MSetsExtra.MSetFoldWithAbort]
+s:272 [binder, in MSetsExtra.MSetIntervals]
+s:273 [binder, in MSetsExtra.MSetIntervals]
+s:276 [binder, in MSetsExtra.MSetIntervals]
+s:279 [binder, in MSetsExtra.MSetIntervals]
+s:282 [binder, in MSetsExtra.MSetIntervals]
+s:285 [binder, in MSetsExtra.MSetIntervals]
+s:289 [binder, in MSetsExtra.MSetFoldWithAbort]
+s:293 [binder, in MSetsExtra.MSetFoldWithAbort]
+s:296 [binder, in MSetsExtra.MSetFoldWithAbort]
+s:299 [binder, in MSetsExtra.MSetFoldWithAbort]
+s:325 [binder, in MSetsExtra.MSetFoldWithAbort]
+s:362 [binder, in MSetsExtra.MSetIntervals]
+s:365 [binder, in MSetsExtra.MSetIntervals]
+s:37 [binder, in MSetsExtra.MSetListWithDups]
+s:371 [binder, in MSetsExtra.MSetIntervals]
+s:375 [binder, in MSetsExtra.MSetIntervals]
+s:378 [binder, in MSetsExtra.MSetIntervals]
+s:385 [binder, in MSetsExtra.MSetIntervals]
+s:389 [binder, in MSetsExtra.MSetIntervals]
+s:395 [binder, in MSetsExtra.MSetIntervals]
+s:41 [binder, in MSetsExtra.MSetListWithDups]
+s:413 [binder, in MSetsExtra.MSetIntervals]
+s:416 [binder, in MSetsExtra.MSetIntervals]
+s:421 [binder, in MSetsExtra.MSetIntervals]
+s:424 [binder, in MSetsExtra.MSetIntervals]
+s:436 [binder, in MSetsExtra.MSetIntervals]
+s:440 [binder, in MSetsExtra.MSetIntervals]
+s:441 [binder, in MSetsExtra.MSetIntervals]
+s:444 [binder, in MSetsExtra.MSetIntervals]
+s:447 [binder, in MSetsExtra.MSetIntervals]
+s:45 [binder, in MSetsExtra.MSetFoldWithAbort]
+s:45 [binder, in MSetsExtra.MSetListWithDups]
+s:470 [binder, in MSetsExtra.MSetIntervals]
+s:472 [binder, in MSetsExtra.MSetIntervals]
+s:474 [binder, in MSetsExtra.MSetIntervals]
+s:477 [binder, in MSetsExtra.MSetIntervals]
+s:478 [binder, in MSetsExtra.MSetIntervals]
+s:481 [binder, in MSetsExtra.MSetIntervals]
+s:49 [binder, in MSetsExtra.MSetWithDups]
+s:49 [binder, in MSetsExtra.MSetListWithDups]
+s:490 [binder, in MSetsExtra.MSetIntervals]
+s:494 [binder, in MSetsExtra.MSetIntervals]
+s:5 [binder, in MSetsExtra.MSetWithDups]
+s:501 [binder, in MSetsExtra.MSetIntervals]
+s:504 [binder, in MSetsExtra.MSetIntervals]
+s:508 [binder, in MSetsExtra.MSetIntervals]
+s:51 [binder, in MSetsExtra.MSetWithDups]
+s:51 [binder, in MSetsExtra.MSetListWithDups]
+s:521 [binder, in MSetsExtra.MSetIntervals]
+s:528 [binder, in MSetsExtra.MSetIntervals]
+s:53 [binder, in MSetsExtra.MSetWithDups]
+s:531 [binder, in MSetsExtra.MSetIntervals]
+s:535 [binder, in MSetsExtra.MSetIntervals]
+s:538 [binder, in MSetsExtra.MSetIntervals]
+s:541 [binder, in MSetsExtra.MSetIntervals]
+s:546 [binder, in MSetsExtra.MSetIntervals]
+s:552 [binder, in MSetsExtra.MSetIntervals]
+s:555 [binder, in MSetsExtra.MSetIntervals]
+s:56 [binder, in MSetsExtra.MSetWithDups]
+s:57 [binder, in MSetsExtra.MSetWithDups]
+s:576 [binder, in MSetsExtra.MSetIntervals]
+s:583 [binder, in MSetsExtra.MSetIntervals]
+s:587 [binder, in MSetsExtra.MSetIntervals]
+s:62 [binder, in MSetsExtra.MSetListWithDups]
+s:625 [binder, in MSetsExtra.MSetIntervals]
+s:632 [binder, in MSetsExtra.MSetIntervals]
+s:636 [binder, in MSetsExtra.MSetIntervals]
+s:64 [binder, in MSetsExtra.MSetListWithDups]
+s:66 [binder, in MSetsExtra.MSetListWithDups]
+s:677 [binder, in MSetsExtra.MSetIntervals]
+s:683 [binder, in MSetsExtra.MSetIntervals]
+s:685 [binder, in MSetsExtra.MSetIntervals]
+s:687 [binder, in MSetsExtra.MSetIntervals]
+s:69 [binder, in MSetsExtra.MSetListWithDups]
+s:691 [binder, in MSetsExtra.MSetIntervals]
+s:694 [binder, in MSetsExtra.MSetIntervals]
+s:699 [binder, in MSetsExtra.MSetIntervals]
+s:702 [binder, in MSetsExtra.MSetIntervals]
+s:71 [binder, in MSetsExtra.MSetIntervals]
+s:72 [binder, in MSetsExtra.MSetListWithDups]
+s:725 [binder, in MSetsExtra.MSetIntervals]
+s:729 [binder, in MSetsExtra.MSetIntervals]
+s:734 [binder, in MSetsExtra.MSetIntervals]
+s:736 [binder, in MSetsExtra.MSetIntervals]
+s:74 [binder, in MSetsExtra.MSetFoldWithAbort]
+s:74 [binder, in MSetsExtra.MSetIntervals]
+s:740 [binder, in MSetsExtra.MSetIntervals]
+s:745 [binder, in MSetsExtra.MSetIntervals]
+s:755 [binder, in MSetsExtra.MSetIntervals]
+s:756 [binder, in MSetsExtra.MSetIntervals]
+s:76 [binder, in MSetsExtra.MSetListWithDups]
+s:769 [binder, in MSetsExtra.MSetIntervals]
+s:77 [binder, in MSetsExtra.MSetIntervals]
+s:770 [binder, in MSetsExtra.MSetIntervals]
+s:775 [binder, in MSetsExtra.MSetIntervals]
+s:777 [binder, in MSetsExtra.MSetIntervals]
+s:781 [binder, in MSetsExtra.MSetIntervals]
+s:783 [binder, in MSetsExtra.MSetIntervals]
+s:786 [binder, in MSetsExtra.MSetIntervals]
+s:79 [binder, in MSetsExtra.MSetIntervals]
+s:790 [binder, in MSetsExtra.MSetIntervals]
+s:791 [binder, in MSetsExtra.MSetIntervals]
+s:794 [binder, in MSetsExtra.MSetIntervals]
+s:795 [binder, in MSetsExtra.MSetIntervals]
+s:799 [binder, in MSetsExtra.MSetIntervals]
+s:8 [binder, in MSetsExtra.MSetWithDups]
+s:801 [binder, in MSetsExtra.MSetIntervals]
+s:805 [binder, in MSetsExtra.MSetIntervals]
+s:806 [binder, in MSetsExtra.MSetIntervals]
+s:808 [binder, in MSetsExtra.MSetIntervals]
+s:811 [binder, in MSetsExtra.MSetIntervals]
+s:815 [binder, in MSetsExtra.MSetIntervals]
+s:816 [binder, in MSetsExtra.MSetIntervals]
+s:82 [binder, in MSetsExtra.MSetListWithDups]
+s:820 [binder, in MSetsExtra.MSetIntervals]
+s:822 [binder, in MSetsExtra.MSetIntervals]
+s:823 [binder, in MSetsExtra.MSetIntervals]
+s:827 [binder, in MSetsExtra.MSetIntervals]
+s:83 [binder, in MSetsExtra.MSetIntervals]
+s:85 [binder, in MSetsExtra.MSetListWithDups]
+s:86 [binder, in MSetsExtra.MSetListWithDups]
+s:868 [binder, in MSetsExtra.MSetIntervals]
+s:877 [binder, in MSetsExtra.MSetIntervals]
+s:881 [binder, in MSetsExtra.MSetIntervals]
+s:887 [binder, in MSetsExtra.MSetIntervals]
+s:89 [binder, in MSetsExtra.MSetListWithDups]
+s:90 [binder, in MSetsExtra.MSetListWithDups]
+s:904 [binder, in MSetsExtra.MSetIntervals]
+s:911 [binder, in MSetsExtra.MSetIntervals]
+s:914 [binder, in MSetsExtra.MSetIntervals]
+s:916 [binder, in MSetsExtra.MSetIntervals]
+s:919 [binder, in MSetsExtra.MSetIntervals]
+s:922 [binder, in MSetsExtra.MSetIntervals]
+s:924 [binder, in MSetsExtra.MSetIntervals]
+s:93 [binder, in MSetsExtra.MSetListWithDups]
+s:931 [binder, in MSetsExtra.MSetIntervals]
+s:932 [binder, in MSetsExtra.MSetIntervals]
+s:935 [binder, in MSetsExtra.MSetIntervals]
+s:938 [binder, in MSetsExtra.MSetIntervals]
+s:941 [binder, in MSetsExtra.MSetIntervals]
+s:944 [binder, in MSetsExtra.MSetIntervals]
+s:947 [binder, in MSetsExtra.MSetIntervals]
+s:949 [binder, in MSetsExtra.MSetIntervals]
+s:951 [binder, in MSetsExtra.MSetIntervals]
+s:953 [binder, in MSetsExtra.MSetIntervals]
+s:955 [binder, in MSetsExtra.MSetIntervals]
+s:957 [binder, in MSetsExtra.MSetIntervals]
+s:959 [binder, in MSetsExtra.MSetIntervals]
+s:96 [binder, in MSetsExtra.MSetListWithDups]
+s:961 [binder, in MSetsExtra.MSetIntervals]
+s:963 [binder, in MSetsExtra.MSetIntervals]
+s:964 [binder, in MSetsExtra.MSetIntervals]
+s:965 [binder, in MSetsExtra.MSetIntervals]
+s:966 [binder, in MSetsExtra.MSetIntervals]
+s:967 [binder, in MSetsExtra.MSetIntervals]
+s:972 [binder, in MSetsExtra.MSetIntervals]
+s:973 [binder, in MSetsExtra.MSetIntervals]
+s:975 [binder, in MSetsExtra.MSetIntervals]
+s:977 [binder, in MSetsExtra.MSetIntervals]
+s:979 [binder, in MSetsExtra.MSetIntervals]
+s:981 [binder, in MSetsExtra.MSetIntervals]
+s:983 [binder, in MSetsExtra.MSetIntervals]
+s:99 [binder, in MSetsExtra.MSetListWithDups]
+

T

+t:2 [binder, in MSetsExtra.MSetFoldWithAbort]
+t:29 [binder, in MSetsExtra.MSetFoldWithAbort]
+t:308 [binder, in MSetsExtra.MSetFoldWithAbort]
+t:32 [binder, in MSetsExtra.MSetFoldWithAbort]
+t:349 [binder, in MSetsExtra.MSetFoldWithAbort]
+t:357 [binder, in MSetsExtra.MSetFoldWithAbort]
+t:365 [binder, in MSetsExtra.MSetFoldWithAbort]
+t:377 [binder, in MSetsExtra.MSetFoldWithAbort]
+t:388 [binder, in MSetsExtra.MSetFoldWithAbort]
+t:400 [binder, in MSetsExtra.MSetFoldWithAbort]
+t:5 [binder, in MSetsExtra.MSetFoldWithAbort]
+t:57 [binder, in MSetsExtra.MSetFoldWithAbort]
+t:60 [binder, in MSetsExtra.MSetFoldWithAbort]
+t:90 [binder, in MSetsExtra.MSetFoldWithAbort]
+t:94 [binder, in MSetsExtra.MSetFoldWithAbort]
+

W

+WSetsOnWithDups [module, in MSetsExtra.MSetWithDups]
+WSetsOnWithDupsExtra [module, in MSetsExtra.MSetWithDups]
+WSetsOnWithDupsExtra.cardinal_spec [axiom, in MSetsExtra.MSetWithDups]
+WSetsOnWithDupsExtra.elements_dist_spec2w [axiom, in MSetsExtra.MSetWithDups]
+WSetsOnWithDupsExtra.elements_dist_spec1 [axiom, in MSetsExtra.MSetWithDups]
+WSetsOnWithDupsExtra.elements_dist [axiom, in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.add_spec [axiom, in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.choose_spec2 [axiom, in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.choose_spec1 [axiom, in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.compatb [abbreviation, in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.diff_spec [axiom, in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.elements_spec1 [axiom, in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.Empty [definition, in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.empty_spec [axiom, in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.eq [definition, in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.Equal [definition, in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.equal_spec [axiom, in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.Exists [definition, in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.exists_spec [axiom, in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.filter_spec [axiom, in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.fold_spec [axiom, in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.for_all_spec [axiom, in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.For_all [definition, in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.In [axiom, in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.inter_spec [axiom, in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.In_compat [instance, in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.is_empty_spec [axiom, in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.mem_spec [axiom, in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.partition_spec2 [axiom, in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.partition_spec1 [axiom, in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.remove_spec [axiom, in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.singleton_spec [axiom, in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.Spec [section, in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.Spec.f [variable, in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.Spec.s [variable, in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.Spec.s' [variable, in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.Spec.x [variable, in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.Spec.y [variable, in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.Subset [definition, in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.subset_spec [axiom, in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.union_spec [axiom, in MSetsExtra.MSetWithDups]
+_ [<=] _ [notation, in MSetsExtra.MSetWithDups]
+_ [=] _ [notation, in MSetsExtra.MSetWithDups]
+WSetsOn_TO_WSetsOnWithDupsExtra.elements_dist_spec2w [lemma, in MSetsExtra.MSetWithDups]
+WSetsOn_TO_WSetsOnWithDupsExtra.elements_dist_spec1 [lemma, in MSetsExtra.MSetWithDups]
+WSetsOn_TO_WSetsOnWithDupsExtra.elements_dist [definition, in MSetsExtra.MSetWithDups]
+WSetsOn_TO_WSetsOnWithDupsExtra [module, in MSetsExtra.MSetWithDups]
+WSetsWithDupsFoldA [module, in MSetsExtra.MSetFoldWithAbort]
+WSetsWithDupsFoldA.E [module, in MSetsExtra.MSetFoldWithAbort]
+WSetsWithFoldA [module, in MSetsExtra.MSetFoldWithAbort]
+WSetsWithFoldA.E [module, in MSetsExtra.MSetFoldWithAbort]
+

X

+xs':22 [binder, in MSetsExtra.MSetListWithDups]
+xs:20 [binder, in MSetsExtra.MSetListWithDups]
+xs:277 [binder, in MSetsExtra.MSetFoldWithAbort]
+xx:804 [binder, in MSetsExtra.MSetIntervals]
+x_pre:312 [binder, in MSetsExtra.MSetFoldWithAbort]
+x':21 [binder, in MSetsExtra.MSetListWithDups]
+x':798 [binder, in MSetsExtra.MSetIntervals]
+x0:278 [binder, in MSetsExtra.MSetFoldWithAbort]
+x0:281 [binder, in MSetsExtra.MSetFoldWithAbort]
+x0:284 [binder, in MSetsExtra.MSetFoldWithAbort]
+x1:18 [binder, in MSetsExtra.MSetIntervals]
+x1:455 [binder, in MSetsExtra.MSetIntervals]
+x1:459 [binder, in MSetsExtra.MSetIntervals]
+x1:463 [binder, in MSetsExtra.MSetIntervals]
+x1:484 [binder, in MSetsExtra.MSetIntervals]
+x1:522 [binder, in MSetsExtra.MSetIntervals]
+x1:589 [binder, in MSetsExtra.MSetIntervals]
+x1:602 [binder, in MSetsExtra.MSetIntervals]
+x1:607 [binder, in MSetsExtra.MSetIntervals]
+x1:612 [binder, in MSetsExtra.MSetIntervals]
+x1:614 [binder, in MSetsExtra.MSetIntervals]
+x1:638 [binder, in MSetsExtra.MSetIntervals]
+x1:651 [binder, in MSetsExtra.MSetIntervals]
+x1:658 [binder, in MSetsExtra.MSetIntervals]
+x1:664 [binder, in MSetsExtra.MSetIntervals]
+x1:666 [binder, in MSetsExtra.MSetIntervals]
+x1:870 [binder, in MSetsExtra.MSetIntervals]
+x1:874 [binder, in MSetsExtra.MSetIntervals]
+x1:879 [binder, in MSetsExtra.MSetIntervals]
+x1:97 [binder, in MSetsExtra.MSetIntervals]
+x2:19 [binder, in MSetsExtra.MSetIntervals]
+x2:456 [binder, in MSetsExtra.MSetIntervals]
+x2:460 [binder, in MSetsExtra.MSetIntervals]
+x2:464 [binder, in MSetsExtra.MSetIntervals]
+x2:486 [binder, in MSetsExtra.MSetIntervals]
+x2:524 [binder, in MSetsExtra.MSetIntervals]
+x2:590 [binder, in MSetsExtra.MSetIntervals]
+x2:603 [binder, in MSetsExtra.MSetIntervals]
+x2:608 [binder, in MSetsExtra.MSetIntervals]
+x2:613 [binder, in MSetsExtra.MSetIntervals]
+x2:615 [binder, in MSetsExtra.MSetIntervals]
+x2:639 [binder, in MSetsExtra.MSetIntervals]
+x2:652 [binder, in MSetsExtra.MSetIntervals]
+x2:659 [binder, in MSetsExtra.MSetIntervals]
+x2:665 [binder, in MSetsExtra.MSetIntervals]
+x2:667 [binder, in MSetsExtra.MSetIntervals]
+x2:871 [binder, in MSetsExtra.MSetIntervals]
+x2:875 [binder, in MSetsExtra.MSetIntervals]
+x2:880 [binder, in MSetsExtra.MSetIntervals]
+x2:99 [binder, in MSetsExtra.MSetIntervals]
+x:1 [binder, in MSetsExtra.MSetListWithDups]
+x:10 [binder, in MSetsExtra.MSetIntervals]
+x:100 [binder, in MSetsExtra.MSetListWithDups]
+x:1000 [binder, in MSetsExtra.MSetIntervals]
+x:1001 [binder, in MSetsExtra.MSetIntervals]
+x:101 [binder, in MSetsExtra.MSetIntervals]
+x:103 [binder, in MSetsExtra.MSetListWithDups]
+x:105 [binder, in MSetsExtra.MSetListWithDups]
+x:107 [binder, in MSetsExtra.MSetIntervals]
+x:110 [binder, in MSetsExtra.MSetListWithDups]
+x:111 [binder, in MSetsExtra.MSetIntervals]
+x:113 [binder, in MSetsExtra.MSetIntervals]
+x:114 [binder, in MSetsExtra.MSetListWithDups]
+x:116 [binder, in MSetsExtra.MSetListWithDups]
+x:118 [binder, in MSetsExtra.MSetIntervals]
+x:12 [binder, in MSetsExtra.MSetWithDups]
+x:120 [binder, in MSetsExtra.MSetListWithDups]
+x:120 [binder, in MSetsExtra.MSetIntervals]
+x:121 [binder, in MSetsExtra.MSetIntervals]
+x:122 [binder, in MSetsExtra.MSetIntervals]
+x:123 [binder, in MSetsExtra.MSetListWithDups]
+x:126 [binder, in MSetsExtra.MSetListWithDups]
+x:126 [binder, in MSetsExtra.MSetIntervals]
+x:130 [binder, in MSetsExtra.MSetIntervals]
+x:131 [binder, in MSetsExtra.MSetListWithDups]
+x:132 [binder, in MSetsExtra.MSetIntervals]
+x:134 [binder, in MSetsExtra.MSetListWithDups]
+x:137 [binder, in MSetsExtra.MSetIntervals]
+x:141 [binder, in MSetsExtra.MSetListWithDups]
+x:144 [binder, in MSetsExtra.MSetListWithDups]
+x:148 [binder, in MSetsExtra.MSetListWithDups]
+x:15 [binder, in MSetsExtra.MSetWithDups]
+x:151 [binder, in MSetsExtra.MSetListWithDups]
+x:156 [binder, in MSetsExtra.MSetListWithDups]
+x:161 [binder, in MSetsExtra.MSetListWithDups]
+x:163 [binder, in MSetsExtra.MSetListWithDups]
+x:166 [binder, in MSetsExtra.MSetListWithDups]
+x:167 [binder, in MSetsExtra.MSetListWithDups]
+x:179 [binder, in MSetsExtra.MSetIntervals]
+x:186 [binder, in MSetsExtra.MSetIntervals]
+x:19 [binder, in MSetsExtra.MSetListWithDups]
+x:190 [binder, in MSetsExtra.MSetIntervals]
+x:193 [binder, in MSetsExtra.MSetIntervals]
+x:197 [binder, in MSetsExtra.MSetIntervals]
+x:209 [binder, in MSetsExtra.MSetIntervals]
+x:213 [binder, in MSetsExtra.MSetIntervals]
+x:216 [binder, in MSetsExtra.MSetIntervals]
+x:219 [binder, in MSetsExtra.MSetIntervals]
+x:25 [binder, in MSetsExtra.MSetListWithDups]
+x:255 [binder, in MSetsExtra.MSetIntervals]
+x:257 [binder, in MSetsExtra.MSetIntervals]
+x:269 [binder, in MSetsExtra.MSetIntervals]
+x:271 [binder, in MSetsExtra.MSetIntervals]
+x:283 [binder, in MSetsExtra.MSetIntervals]
+x:286 [binder, in MSetsExtra.MSetIntervals]
+x:287 [binder, in MSetsExtra.MSetIntervals]
+x:291 [binder, in MSetsExtra.MSetIntervals]
+x:293 [binder, in MSetsExtra.MSetIntervals]
+x:294 [binder, in MSetsExtra.MSetIntervals]
+x:296 [binder, in MSetsExtra.MSetIntervals]
+x:299 [binder, in MSetsExtra.MSetIntervals]
+x:303 [binder, in MSetsExtra.MSetIntervals]
+x:305 [binder, in MSetsExtra.MSetIntervals]
+x:307 [binder, in MSetsExtra.MSetIntervals]
+x:31 [binder, in MSetsExtra.MSetListWithDups]
+x:312 [binder, in MSetsExtra.MSetIntervals]
+x:318 [binder, in MSetsExtra.MSetIntervals]
+x:32 [binder, in MSetsExtra.MSetListWithDups]
+x:323 [binder, in MSetsExtra.MSetIntervals]
+x:327 [binder, in MSetsExtra.MSetIntervals]
+x:33 [binder, in MSetsExtra.MSetListWithDups]
+x:340 [binder, in MSetsExtra.MSetIntervals]
+x:353 [binder, in MSetsExtra.MSetIntervals]
+x:36 [binder, in MSetsExtra.MSetListWithDups]
+x:368 [binder, in MSetsExtra.MSetIntervals]
+x:37 [binder, in MSetsExtra.MSetWithDups]
+x:373 [binder, in MSetsExtra.MSetIntervals]
+x:376 [binder, in MSetsExtra.MSetIntervals]
+x:383 [binder, in MSetsExtra.MSetIntervals]
+x:39 [binder, in MSetsExtra.MSetWithDups]
+x:392 [binder, in MSetsExtra.MSetIntervals]
+x:397 [binder, in MSetsExtra.MSetIntervals]
+x:40 [binder, in MSetsExtra.MSetListWithDups]
+x:412 [binder, in MSetsExtra.MSetIntervals]
+x:415 [binder, in MSetsExtra.MSetIntervals]
+x:419 [binder, in MSetsExtra.MSetIntervals]
+x:42 [binder, in MSetsExtra.MSetWithDups]
+x:42 [binder, in MSetsExtra.MSetListWithDups]
+x:422 [binder, in MSetsExtra.MSetIntervals]
+x:431 [binder, in MSetsExtra.MSetIntervals]
+x:438 [binder, in MSetsExtra.MSetIntervals]
+x:439 [binder, in MSetsExtra.MSetIntervals]
+x:443 [binder, in MSetsExtra.MSetIntervals]
+x:446 [binder, in MSetsExtra.MSetIntervals]
+x:449 [binder, in MSetsExtra.MSetIntervals]
+x:468 [binder, in MSetsExtra.MSetIntervals]
+x:469 [binder, in MSetsExtra.MSetIntervals]
+x:471 [binder, in MSetsExtra.MSetIntervals]
+x:473 [binder, in MSetsExtra.MSetIntervals]
+x:476 [binder, in MSetsExtra.MSetIntervals]
+x:479 [binder, in MSetsExtra.MSetIntervals]
+x:48 [binder, in MSetsExtra.MSetWithDups]
+x:482 [binder, in MSetsExtra.MSetIntervals]
+x:488 [binder, in MSetsExtra.MSetIntervals]
+x:491 [binder, in MSetsExtra.MSetIntervals]
+x:495 [binder, in MSetsExtra.MSetIntervals]
+x:499 [binder, in MSetsExtra.MSetIntervals]
+x:5 [binder, in MSetsExtra.MSetListWithDups]
+x:50 [binder, in MSetsExtra.MSetListWithDups]
+x:502 [binder, in MSetsExtra.MSetIntervals]
+x:506 [binder, in MSetsExtra.MSetIntervals]
+x:509 [binder, in MSetsExtra.MSetIntervals]
+x:529 [binder, in MSetsExtra.MSetIntervals]
+x:532 [binder, in MSetsExtra.MSetIntervals]
+x:536 [binder, in MSetsExtra.MSetIntervals]
+x:539 [binder, in MSetsExtra.MSetIntervals]
+x:542 [binder, in MSetsExtra.MSetIntervals]
+x:545 [binder, in MSetsExtra.MSetIntervals]
+x:548 [binder, in MSetsExtra.MSetIntervals]
+x:549 [binder, in MSetsExtra.MSetIntervals]
+x:55 [binder, in MSetsExtra.MSetWithDups]
+x:553 [binder, in MSetsExtra.MSetIntervals]
+x:57 [binder, in MSetsExtra.MSetIntervals]
+x:578 [binder, in MSetsExtra.MSetIntervals]
+x:58 [binder, in MSetsExtra.MSetListWithDups]
+x:59 [binder, in MSetsExtra.MSetListWithDups]
+x:627 [binder, in MSetsExtra.MSetIntervals]
+x:640 [binder, in MSetsExtra.MSetIntervals]
+x:642 [binder, in MSetsExtra.MSetIntervals]
+x:646 [binder, in MSetsExtra.MSetIntervals]
+x:647 [binder, in MSetsExtra.MSetIntervals]
+x:648 [binder, in MSetsExtra.MSetIntervals]
+x:650 [binder, in MSetsExtra.MSetIntervals]
+x:653 [binder, in MSetsExtra.MSetIntervals]
+x:66 [binder, in MSetsExtra.MSetIntervals]
+x:663 [binder, in MSetsExtra.MSetIntervals]
+x:679 [binder, in MSetsExtra.MSetIntervals]
+x:68 [binder, in MSetsExtra.MSetListWithDups]
+x:682 [binder, in MSetsExtra.MSetIntervals]
+x:686 [binder, in MSetsExtra.MSetIntervals]
+x:688 [binder, in MSetsExtra.MSetIntervals]
+x:692 [binder, in MSetsExtra.MSetIntervals]
+x:695 [binder, in MSetsExtra.MSetIntervals]
+x:7 [binder, in MSetsExtra.MSetListWithDups]
+x:700 [binder, in MSetsExtra.MSetIntervals]
+x:730 [binder, in MSetsExtra.MSetIntervals]
+x:733 [binder, in MSetsExtra.MSetIntervals]
+x:744 [binder, in MSetsExtra.MSetIntervals]
+x:76 [binder, in MSetsExtra.MSetIntervals]
+x:768 [binder, in MSetsExtra.MSetIntervals]
+x:771 [binder, in MSetsExtra.MSetIntervals]
+x:776 [binder, in MSetsExtra.MSetIntervals]
+x:778 [binder, in MSetsExtra.MSetIntervals]
+x:78 [binder, in MSetsExtra.MSetIntervals]
+x:782 [binder, in MSetsExtra.MSetIntervals]
+x:784 [binder, in MSetsExtra.MSetIntervals]
+x:787 [binder, in MSetsExtra.MSetIntervals]
+x:792 [binder, in MSetsExtra.MSetIntervals]
+x:797 [binder, in MSetsExtra.MSetIntervals]
+x:8 [binder, in MSetsExtra.MSetIntervals]
+x:800 [binder, in MSetsExtra.MSetIntervals]
+x:802 [binder, in MSetsExtra.MSetIntervals]
+x:807 [binder, in MSetsExtra.MSetIntervals]
+x:809 [binder, in MSetsExtra.MSetIntervals]
+x:812 [binder, in MSetsExtra.MSetIntervals]
+x:82 [binder, in MSetsExtra.MSetIntervals]
+x:826 [binder, in MSetsExtra.MSetIntervals]
+x:830 [binder, in MSetsExtra.MSetIntervals]
+x:831 [binder, in MSetsExtra.MSetIntervals]
+x:836 [binder, in MSetsExtra.MSetIntervals]
+x:839 [binder, in MSetsExtra.MSetIntervals]
+x:847 [binder, in MSetsExtra.MSetIntervals]
+x:856 [binder, in MSetsExtra.MSetIntervals]
+x:863 [binder, in MSetsExtra.MSetIntervals]
+x:88 [binder, in MSetsExtra.MSetListWithDups]
+x:888 [binder, in MSetsExtra.MSetIntervals]
+x:890 [binder, in MSetsExtra.MSetIntervals]
+x:901 [binder, in MSetsExtra.MSetIntervals]
+x:902 [binder, in MSetsExtra.MSetIntervals]
+x:907 [binder, in MSetsExtra.MSetIntervals]
+x:908 [binder, in MSetsExtra.MSetIntervals]
+x:909 [binder, in MSetsExtra.MSetIntervals]
+x:912 [binder, in MSetsExtra.MSetIntervals]
+x:915 [binder, in MSetsExtra.MSetIntervals]
+x:926 [binder, in MSetsExtra.MSetIntervals]
+x:930 [binder, in MSetsExtra.MSetIntervals]
+x:942 [binder, in MSetsExtra.MSetIntervals]
+x:945 [binder, in MSetsExtra.MSetIntervals]
+x:946 [binder, in MSetsExtra.MSetIntervals]
+x:948 [binder, in MSetsExtra.MSetIntervals]
+x:950 [binder, in MSetsExtra.MSetIntervals]
+x:952 [binder, in MSetsExtra.MSetIntervals]
+x:999 [binder, in MSetsExtra.MSetIntervals]
+

Y

+yc1:89 [binder, in MSetsExtra.MSetIntervals]
+yc2:88 [binder, in MSetsExtra.MSetIntervals]
+yc2:93 [binder, in MSetsExtra.MSetIntervals]
+yc:844 [binder, in MSetsExtra.MSetIntervals]
+ys':27 [binder, in MSetsExtra.MSetListWithDups]
+y':26 [binder, in MSetsExtra.MSetListWithDups]
+y':774 [binder, in MSetsExtra.MSetIntervals]
+y':835 [binder, in MSetsExtra.MSetIntervals]
+y':860 [binder, in MSetsExtra.MSetIntervals]
+y':865 [binder, in MSetsExtra.MSetIntervals]
+y':866 [binder, in MSetsExtra.MSetIntervals]
+y':872 [binder, in MSetsExtra.MSetIntervals]
+y':873 [binder, in MSetsExtra.MSetIntervals]
+y':878 [binder, in MSetsExtra.MSetIntervals]
+y0:128 [binder, in MSetsExtra.MSetListWithDups]
+y1:398 [binder, in MSetsExtra.MSetIntervals]
+y1:402 [binder, in MSetsExtra.MSetIntervals]
+y1:408 [binder, in MSetsExtra.MSetIntervals]
+y1:5 [binder, in MSetsExtra.MSetIntervals]
+y1:512 [binder, in MSetsExtra.MSetIntervals]
+y1:516 [binder, in MSetsExtra.MSetIntervals]
+y1:705 [binder, in MSetsExtra.MSetIntervals]
+y1:713 [binder, in MSetsExtra.MSetIntervals]
+y1:757 [binder, in MSetsExtra.MSetIntervals]
+y1:90 [binder, in MSetsExtra.MSetIntervals]
+y2:145 [binder, in MSetsExtra.MSetIntervals]
+y2:166 [binder, in MSetsExtra.MSetIntervals]
+y2:400 [binder, in MSetsExtra.MSetIntervals]
+y2:404 [binder, in MSetsExtra.MSetIntervals]
+y2:409 [binder, in MSetsExtra.MSetIntervals]
+y2:466 [binder, in MSetsExtra.MSetIntervals]
+y2:514 [binder, in MSetsExtra.MSetIntervals]
+y2:518 [binder, in MSetsExtra.MSetIntervals]
+y2:581 [binder, in MSetsExtra.MSetIntervals]
+y2:585 [binder, in MSetsExtra.MSetIntervals]
+y2:6 [binder, in MSetsExtra.MSetIntervals]
+y2:630 [binder, in MSetsExtra.MSetIntervals]
+y2:634 [binder, in MSetsExtra.MSetIntervals]
+y2:708 [binder, in MSetsExtra.MSetIntervals]
+y2:716 [binder, in MSetsExtra.MSetIntervals]
+y2:758 [binder, in MSetsExtra.MSetIntervals]
+y:11 [binder, in MSetsExtra.MSetIntervals]
+y:111 [binder, in MSetsExtra.MSetListWithDups]
+y:115 [binder, in MSetsExtra.MSetListWithDups]
+y:117 [binder, in MSetsExtra.MSetListWithDups]
+y:127 [binder, in MSetsExtra.MSetListWithDups]
+y:135 [binder, in MSetsExtra.MSetListWithDups]
+y:2 [binder, in MSetsExtra.MSetListWithDups]
+y:279 [binder, in MSetsExtra.MSetFoldWithAbort]
+y:282 [binder, in MSetsExtra.MSetFoldWithAbort]
+y:285 [binder, in MSetsExtra.MSetFoldWithAbort]
+y:302 [binder, in MSetsExtra.MSetIntervals]
+y:304 [binder, in MSetsExtra.MSetIntervals]
+y:360 [binder, in MSetsExtra.MSetIntervals]
+y:381 [binder, in MSetsExtra.MSetIntervals]
+y:382 [binder, in MSetsExtra.MSetIntervals]
+y:388 [binder, in MSetsExtra.MSetIntervals]
+y:390 [binder, in MSetsExtra.MSetIntervals]
+y:391 [binder, in MSetsExtra.MSetIntervals]
+y:394 [binder, in MSetsExtra.MSetIntervals]
+y:406 [binder, in MSetsExtra.MSetIntervals]
+y:423 [binder, in MSetsExtra.MSetIntervals]
+y:428 [binder, in MSetsExtra.MSetIntervals]
+y:433 [binder, in MSetsExtra.MSetIntervals]
+y:437 [binder, in MSetsExtra.MSetIntervals]
+y:442 [binder, in MSetsExtra.MSetIntervals]
+y:445 [binder, in MSetsExtra.MSetIntervals]
+y:448 [binder, in MSetsExtra.MSetIntervals]
+y:452 [binder, in MSetsExtra.MSetIntervals]
+y:493 [binder, in MSetsExtra.MSetIntervals]
+y:505 [binder, in MSetsExtra.MSetIntervals]
+y:52 [binder, in MSetsExtra.MSetListWithDups]
+y:526 [binder, in MSetsExtra.MSetIntervals]
+y:527 [binder, in MSetsExtra.MSetIntervals]
+y:533 [binder, in MSetsExtra.MSetIntervals]
+y:543 [binder, in MSetsExtra.MSetIntervals]
+y:550 [binder, in MSetsExtra.MSetIntervals]
+y:566 [binder, in MSetsExtra.MSetIntervals]
+y:568 [binder, in MSetsExtra.MSetIntervals]
+y:57 [binder, in MSetsExtra.MSetListWithDups]
+y:591 [binder, in MSetsExtra.MSetIntervals]
+y:592 [binder, in MSetsExtra.MSetIntervals]
+y:593 [binder, in MSetsExtra.MSetIntervals]
+y:594 [binder, in MSetsExtra.MSetIntervals]
+y:595 [binder, in MSetsExtra.MSetIntervals]
+y:596 [binder, in MSetsExtra.MSetIntervals]
+y:597 [binder, in MSetsExtra.MSetIntervals]
+y:598 [binder, in MSetsExtra.MSetIntervals]
+y:599 [binder, in MSetsExtra.MSetIntervals]
+y:6 [binder, in MSetsExtra.MSetListWithDups]
+y:601 [binder, in MSetsExtra.MSetIntervals]
+y:609 [binder, in MSetsExtra.MSetIntervals]
+y:618 [binder, in MSetsExtra.MSetIntervals]
+y:641 [binder, in MSetsExtra.MSetIntervals]
+y:643 [binder, in MSetsExtra.MSetIntervals]
+y:644 [binder, in MSetsExtra.MSetIntervals]
+y:645 [binder, in MSetsExtra.MSetIntervals]
+y:654 [binder, in MSetsExtra.MSetIntervals]
+y:660 [binder, in MSetsExtra.MSetIntervals]
+y:670 [binder, in MSetsExtra.MSetIntervals]
+y:689 [binder, in MSetsExtra.MSetIntervals]
+y:696 [binder, in MSetsExtra.MSetIntervals]
+y:711 [binder, in MSetsExtra.MSetIntervals]
+y:712 [binder, in MSetsExtra.MSetIntervals]
+y:719 [binder, in MSetsExtra.MSetIntervals]
+y:722 [binder, in MSetsExtra.MSetIntervals]
+y:724 [binder, in MSetsExtra.MSetIntervals]
+y:773 [binder, in MSetsExtra.MSetIntervals]
+y:779 [binder, in MSetsExtra.MSetIntervals]
+y:788 [binder, in MSetsExtra.MSetIntervals]
+y:8 [binder, in MSetsExtra.MSetListWithDups]
+y:803 [binder, in MSetsExtra.MSetIntervals]
+y:813 [binder, in MSetsExtra.MSetIntervals]
+y:845 [binder, in MSetsExtra.MSetIntervals]
+y:848 [binder, in MSetsExtra.MSetIntervals]
+y:853 [binder, in MSetsExtra.MSetIntervals]
+y:896 [binder, in MSetsExtra.MSetIntervals]
+y:9 [binder, in MSetsExtra.MSetIntervals]
+

Z

+Z_to_N_minus_neq_0 [lemma, in MSetsExtra.MSetIntervals]
+Z_lt_le_add_r [lemma, in MSetsExtra.MSetIntervals]
+Z_lt_add_r [lemma, in MSetsExtra.MSetIntervals]
+Z_le_add_r [lemma, in MSetsExtra.MSetIntervals]
+z:1 [binder, in MSetsExtra.MSetIntervals]
+z:1004 [binder, in MSetsExtra.MSetIntervals]
+z:1005 [binder, in MSetsExtra.MSetIntervals]
+z:1012 [binder, in MSetsExtra.MSetIntervals]
+z:1019 [binder, in MSetsExtra.MSetIntervals]
+z:206 [binder, in MSetsExtra.MSetIntervals]
+z:227 [binder, in MSetsExtra.MSetIntervals]
+z:233 [binder, in MSetsExtra.MSetIntervals]
+z:237 [binder, in MSetsExtra.MSetIntervals]
+z:241 [binder, in MSetsExtra.MSetIntervals]
+z:3 [binder, in MSetsExtra.MSetIntervals]
+z:411 [binder, in MSetsExtra.MSetIntervals]
+z:418 [binder, in MSetsExtra.MSetIntervals]
+z:475 [binder, in MSetsExtra.MSetIntervals]
+z:520 [binder, in MSetsExtra.MSetIntervals]
+z:534 [binder, in MSetsExtra.MSetIntervals]
+z:537 [binder, in MSetsExtra.MSetIntervals]
+z:750 [binder, in MSetsExtra.MSetIntervals]
+z:884 [binder, in MSetsExtra.MSetIntervals]
+z:885 [binder, in MSetsExtra.MSetIntervals]
+z:886 [binder, in MSetsExtra.MSetIntervals]
+z:891 [binder, in MSetsExtra.MSetIntervals]
+z:892 [binder, in MSetsExtra.MSetIntervals]
+z:893 [binder, in MSetsExtra.MSetIntervals]
+

+

Notation Index

+

M

+_ [<=] _ [in MSetsExtra.MSetListWithDups]
+_ [=] _ [in MSetsExtra.MSetListWithDups]
+

R

+_ <=? _ [in MSetsExtra.MSetListWithDups]
+

W

+_ [<=] _ [in MSetsExtra.MSetWithDups]
+_ [=] _ [in MSetsExtra.MSetWithDups]
+

+

Binder Index

+

A

+ab:347 [in MSetsExtra.MSetIntervals]
+ab:363 [in MSetsExtra.MSetIntervals]
+acc_f:906 [in MSetsExtra.MSetIntervals]
+acc_t:905 [in MSetsExtra.MSetIntervals]
+acc_f:899 [in MSetsExtra.MSetIntervals]
+acc_t:897 [in MSetsExtra.MSetIntervals]
+acc_f:200 [in MSetsExtra.MSetIntervals]
+acc_t:199 [in MSetsExtra.MSetIntervals]
+acc_f:196 [in MSetsExtra.MSetIntervals]
+acc_t:195 [in MSetsExtra.MSetIntervals]
+acc':348 [in MSetsExtra.MSetIntervals]
+acc':364 [in MSetsExtra.MSetIntervals]
+acc:106 [in MSetsExtra.MSetIntervals]
+acc:119 [in MSetsExtra.MSetListWithDups]
+acc:125 [in MSetsExtra.MSetIntervals]
+acc:141 [in MSetsExtra.MSetIntervals]
+acc:147 [in MSetsExtra.MSetIntervals]
+acc:15 [in MSetsExtra.MSetListWithDups]
+acc:151 [in MSetsExtra.MSetIntervals]
+acc:168 [in MSetsExtra.MSetIntervals]
+acc:172 [in MSetsExtra.MSetIntervals]
+acc:181 [in MSetsExtra.MSetIntervals]
+acc:218 [in MSetsExtra.MSetIntervals]
+acc:221 [in MSetsExtra.MSetIntervals]
+acc:23 [in MSetsExtra.MSetIntervals]
+acc:250 [in MSetsExtra.MSetFoldWithAbort]
+acc:311 [in MSetsExtra.MSetIntervals]
+acc:317 [in MSetsExtra.MSetIntervals]
+acc:322 [in MSetsExtra.MSetIntervals]
+acc:326 [in MSetsExtra.MSetIntervals]
+acc:332 [in MSetsExtra.MSetIntervals]
+acc:338 [in MSetsExtra.MSetIntervals]
+acc:344 [in MSetsExtra.MSetIntervals]
+acc:35 [in MSetsExtra.MSetIntervals]
+acc:352 [in MSetsExtra.MSetIntervals]
+acc:356 [in MSetsExtra.MSetIntervals]
+acc:359 [in MSetsExtra.MSetIntervals]
+acc:366 [in MSetsExtra.MSetFoldWithAbort]
+acc:370 [in MSetsExtra.MSetFoldWithAbort]
+acc:372 [in MSetsExtra.MSetIntervals]
+acc:378 [in MSetsExtra.MSetFoldWithAbort]
+acc:389 [in MSetsExtra.MSetFoldWithAbort]
+acc:393 [in MSetsExtra.MSetFoldWithAbort]
+acc:401 [in MSetsExtra.MSetFoldWithAbort]
+acc:414 [in MSetsExtra.MSetIntervals]
+acc:43 [in MSetsExtra.MSetListWithDups]
+acc:558 [in MSetsExtra.MSetIntervals]
+acc:56 [in MSetsExtra.MSetIntervals]
+acc:561 [in MSetsExtra.MSetIntervals]
+acc:584 [in MSetsExtra.MSetIntervals]
+acc:588 [in MSetsExtra.MSetIntervals]
+acc:600 [in MSetsExtra.MSetIntervals]
+acc:606 [in MSetsExtra.MSetIntervals]
+acc:633 [in MSetsExtra.MSetIntervals]
+acc:637 [in MSetsExtra.MSetIntervals]
+acc:649 [in MSetsExtra.MSetIntervals]
+acc:65 [in MSetsExtra.MSetIntervals]
+acc:657 [in MSetsExtra.MSetIntervals]
+acc:684 [in MSetsExtra.MSetIntervals]
+acc:70 [in MSetsExtra.MSetIntervals]
+acc:832 [in MSetsExtra.MSetIntervals]
+acc:837 [in MSetsExtra.MSetIntervals]
+acc:840 [in MSetsExtra.MSetIntervals]
+acc:852 [in MSetsExtra.MSetIntervals]
+acc:857 [in MSetsExtra.MSetIntervals]
+acc:864 [in MSetsExtra.MSetIntervals]
+acc:869 [in MSetsExtra.MSetIntervals]
+acc:9 [in MSetsExtra.MSetListWithDups]
+a1:152 [in MSetsExtra.MSetListWithDups]
+a1:3 [in MSetsExtra.MSetListWithDups]
+a1:79 [in MSetsExtra.MSetListWithDups]
+a2:153 [in MSetsExtra.MSetListWithDups]
+a2:4 [in MSetsExtra.MSetListWithDups]
+a2:80 [in MSetsExtra.MSetListWithDups]
+a:1002 [in MSetsExtra.MSetIntervals]
+a:1003 [in MSetsExtra.MSetIntervals]
+A:102 [in MSetsExtra.MSetFoldWithAbort]
+A:11 [in MSetsExtra.MSetFoldWithAbort]
+A:12 [in MSetsExtra.MSetIntervals]
+A:126 [in MSetsExtra.MSetFoldWithAbort]
+A:130 [in MSetsExtra.MSetFoldWithAbort]
+A:137 [in MSetsExtra.MSetListWithDups]
+A:140 [in MSetsExtra.MSetFoldWithAbort]
+A:147 [in MSetsExtra.MSetFoldWithAbort]
+A:158 [in MSetsExtra.MSetFoldWithAbort]
+A:175 [in MSetsExtra.MSetFoldWithAbort]
+A:190 [in MSetsExtra.MSetFoldWithAbort]
+A:20 [in MSetsExtra.MSetIntervals]
+A:201 [in MSetsExtra.MSetFoldWithAbort]
+A:218 [in MSetsExtra.MSetFoldWithAbort]
+A:27 [in MSetsExtra.MSetIntervals]
+a:275 [in MSetsExtra.MSetIntervals]
+a:278 [in MSetsExtra.MSetIntervals]
+a:280 [in MSetsExtra.MSetIntervals]
+A:3 [in MSetsExtra.MSetFoldWithAbort]
+A:30 [in MSetsExtra.MSetFoldWithAbort]
+A:302 [in MSetsExtra.MSetFoldWithAbort]
+A:308 [in MSetsExtra.MSetIntervals]
+A:31 [in MSetsExtra.MSetIntervals]
+A:315 [in MSetsExtra.MSetIntervals]
+A:316 [in MSetsExtra.MSetFoldWithAbort]
+A:32 [in MSetsExtra.MSetWithDups]
+A:320 [in MSetsExtra.MSetIntervals]
+A:324 [in MSetsExtra.MSetIntervals]
+A:329 [in MSetsExtra.MSetIntervals]
+A:336 [in MSetsExtra.MSetIntervals]
+A:341 [in MSetsExtra.MSetIntervals]
+A:343 [in MSetsExtra.MSetFoldWithAbort]
+A:349 [in MSetsExtra.MSetIntervals]
+A:35 [in MSetsExtra.MSetFoldWithAbort]
+A:351 [in MSetsExtra.MSetFoldWithAbort]
+A:354 [in MSetsExtra.MSetIntervals]
+A:357 [in MSetsExtra.MSetIntervals]
+A:359 [in MSetsExtra.MSetFoldWithAbort]
+A:36 [in MSetsExtra.MSetIntervals]
+A:369 [in MSetsExtra.MSetIntervals]
+A:37 [in MSetsExtra.MSetFoldWithAbort]
+A:371 [in MSetsExtra.MSetFoldWithAbort]
+A:382 [in MSetsExtra.MSetFoldWithAbort]
+A:39 [in MSetsExtra.MSetFoldWithAbort]
+A:394 [in MSetsExtra.MSetFoldWithAbort]
+a:4 [in MSetsExtra.MSetWithDups]
+A:54 [in MSetsExtra.MSetIntervals]
+A:58 [in MSetsExtra.MSetFoldWithAbort]
+A:63 [in MSetsExtra.MSetFoldWithAbort]
+A:63 [in MSetsExtra.MSetIntervals]
+A:65 [in MSetsExtra.MSetFoldWithAbort]
+A:67 [in MSetsExtra.MSetFoldWithAbort]
+A:68 [in MSetsExtra.MSetIntervals]
+A:7 [in MSetsExtra.MSetFoldWithAbort]
+a:7 [in MSetsExtra.MSetWithDups]
+A:817 [in MSetsExtra.MSetIntervals]
+A:9 [in MSetsExtra.MSetFoldWithAbort]
+a:9 [in MSetsExtra.MSetWithDups]
+A:91 [in MSetsExtra.MSetFoldWithAbort]
+a:92 [in MSetsExtra.MSetListWithDups]
+a:934 [in MSetsExtra.MSetIntervals]
+a:937 [in MSetsExtra.MSetIntervals]
+a:939 [in MSetsExtra.MSetIntervals]
+a:95 [in MSetsExtra.MSetListWithDups]
+A:97 [in MSetsExtra.MSetFoldWithAbort]
+a:97 [in MSetsExtra.MSetListWithDups]
+A:970 [in MSetsExtra.MSetIntervals]
+a:985 [in MSetsExtra.MSetIntervals]
+a:986 [in MSetsExtra.MSetIntervals]
+a:987 [in MSetsExtra.MSetIntervals]
+a:988 [in MSetsExtra.MSetIntervals]
+A:99 [in MSetsExtra.MSetFoldWithAbort]
+A:994 [in MSetsExtra.MSetIntervals]
+a:997 [in MSetsExtra.MSetIntervals]
+

B

+base:309 [in MSetsExtra.MSetFoldWithAbort]
+base:350 [in MSetsExtra.MSetFoldWithAbort]
+base:358 [in MSetsExtra.MSetFoldWithAbort]
+base:366 [in MSetsExtra.MSetIntervals]
+bs:333 [in MSetsExtra.MSetIntervals]
+bs:337 [in MSetsExtra.MSetIntervals]
+B:100 [in MSetsExtra.MSetFoldWithAbort]
+B:103 [in MSetsExtra.MSetFoldWithAbort]
+B:127 [in MSetsExtra.MSetFoldWithAbort]
+B:13 [in MSetsExtra.MSetIntervals]
+B:159 [in MSetsExtra.MSetFoldWithAbort]
+B:21 [in MSetsExtra.MSetIntervals]
+B:212 [in MSetsExtra.MSetFoldWithAbort]
+B:227 [in MSetsExtra.MSetFoldWithAbort]
+B:228 [in MSetsExtra.MSetIntervals]
+b:232 [in MSetsExtra.MSetIntervals]
+b:236 [in MSetsExtra.MSetIntervals]
+B:237 [in MSetsExtra.MSetFoldWithAbort]
+b:240 [in MSetsExtra.MSetIntervals]
+B:253 [in MSetsExtra.MSetFoldWithAbort]
+B:268 [in MSetsExtra.MSetFoldWithAbort]
+B:28 [in MSetsExtra.MSetIntervals]
+B:287 [in MSetsExtra.MSetFoldWithAbort]
+B:290 [in MSetsExtra.MSetFoldWithAbort]
+B:294 [in MSetsExtra.MSetFoldWithAbort]
+B:297 [in MSetsExtra.MSetFoldWithAbort]
+B:303 [in MSetsExtra.MSetFoldWithAbort]
+B:317 [in MSetsExtra.MSetFoldWithAbort]
+B:32 [in MSetsExtra.MSetIntervals]
+B:330 [in MSetsExtra.MSetIntervals]
+B:342 [in MSetsExtra.MSetIntervals]
+B:344 [in MSetsExtra.MSetFoldWithAbort]
+B:352 [in MSetsExtra.MSetFoldWithAbort]
+B:360 [in MSetsExtra.MSetFoldWithAbort]
+B:37 [in MSetsExtra.MSetIntervals]
+B:372 [in MSetsExtra.MSetFoldWithAbort]
+B:383 [in MSetsExtra.MSetFoldWithAbort]
+B:395 [in MSetsExtra.MSetFoldWithAbort]
+B:60 [in MSetsExtra.MSetListWithDups]
+B:92 [in MSetsExtra.MSetFoldWithAbort]
+

C

+cur:178 [in MSetsExtra.MSetIntervals]
+cur:182 [in MSetsExtra.MSetIntervals]
+cur:858 [in MSetsExtra.MSetIntervals]
+cx:306 [in MSetsExtra.MSetIntervals]
+c_f:900 [in MSetsExtra.MSetIntervals]
+c_t:898 [in MSetsExtra.MSetIntervals]
+c1:298 [in MSetsExtra.MSetIntervals]
+c1:399 [in MSetsExtra.MSetIntervals]
+c1:403 [in MSetsExtra.MSetIntervals]
+c1:485 [in MSetsExtra.MSetIntervals]
+c1:510 [in MSetsExtra.MSetIntervals]
+c1:513 [in MSetsExtra.MSetIntervals]
+c1:517 [in MSetsExtra.MSetIntervals]
+c1:523 [in MSetsExtra.MSetIntervals]
+c1:706 [in MSetsExtra.MSetIntervals]
+c1:714 [in MSetsExtra.MSetIntervals]
+c1:759 [in MSetsExtra.MSetIntervals]
+c1:98 [in MSetsExtra.MSetIntervals]
+c2:100 [in MSetsExtra.MSetIntervals]
+c2:146 [in MSetsExtra.MSetIntervals]
+c2:167 [in MSetsExtra.MSetIntervals]
+c2:297 [in MSetsExtra.MSetIntervals]
+c2:401 [in MSetsExtra.MSetIntervals]
+c2:405 [in MSetsExtra.MSetIntervals]
+c2:410 [in MSetsExtra.MSetIntervals]
+c2:467 [in MSetsExtra.MSetIntervals]
+c2:487 [in MSetsExtra.MSetIntervals]
+c2:511 [in MSetsExtra.MSetIntervals]
+c2:515 [in MSetsExtra.MSetIntervals]
+c2:519 [in MSetsExtra.MSetIntervals]
+c2:525 [in MSetsExtra.MSetIntervals]
+c2:582 [in MSetsExtra.MSetIntervals]
+c2:586 [in MSetsExtra.MSetIntervals]
+c2:631 [in MSetsExtra.MSetIntervals]
+c2:635 [in MSetsExtra.MSetIntervals]
+c2:709 [in MSetsExtra.MSetIntervals]
+c2:717 [in MSetsExtra.MSetIntervals]
+c2:760 [in MSetsExtra.MSetIntervals]
+c:102 [in MSetsExtra.MSetIntervals]
+c:123 [in MSetsExtra.MSetIntervals]
+c:191 [in MSetsExtra.MSetIntervals]
+c:198 [in MSetsExtra.MSetIntervals]
+c:214 [in MSetsExtra.MSetIntervals]
+c:220 [in MSetsExtra.MSetIntervals]
+c:242 [in MSetsExtra.MSetIntervals]
+c:288 [in MSetsExtra.MSetIntervals]
+c:292 [in MSetsExtra.MSetIntervals]
+c:295 [in MSetsExtra.MSetIntervals]
+c:300 [in MSetsExtra.MSetIntervals]
+c:301 [in MSetsExtra.MSetIntervals]
+c:310 [in MSetsExtra.MSetIntervals]
+c:328 [in MSetsExtra.MSetIntervals]
+c:351 [in MSetsExtra.MSetIntervals]
+c:361 [in MSetsExtra.MSetIntervals]
+c:374 [in MSetsExtra.MSetIntervals]
+c:377 [in MSetsExtra.MSetIntervals]
+c:384 [in MSetsExtra.MSetIntervals]
+c:393 [in MSetsExtra.MSetIntervals]
+c:396 [in MSetsExtra.MSetIntervals]
+c:420 [in MSetsExtra.MSetIntervals]
+c:429 [in MSetsExtra.MSetIntervals]
+c:432 [in MSetsExtra.MSetIntervals]
+c:434 [in MSetsExtra.MSetIntervals]
+c:489 [in MSetsExtra.MSetIntervals]
+c:492 [in MSetsExtra.MSetIntervals]
+c:496 [in MSetsExtra.MSetIntervals]
+c:500 [in MSetsExtra.MSetIntervals]
+c:503 [in MSetsExtra.MSetIntervals]
+c:507 [in MSetsExtra.MSetIntervals]
+c:530 [in MSetsExtra.MSetIntervals]
+c:58 [in MSetsExtra.MSetIntervals]
+c:67 [in MSetsExtra.MSetIntervals]
+c:7 [in MSetsExtra.MSetIntervals]
+c:732 [in MSetsExtra.MSetIntervals]
+c:767 [in MSetsExtra.MSetIntervals]
+c:821 [in MSetsExtra.MSetIntervals]
+c:833 [in MSetsExtra.MSetIntervals]
+c:838 [in MSetsExtra.MSetIntervals]
+c:841 [in MSetsExtra.MSetIntervals]
+c:842 [in MSetsExtra.MSetIntervals]
+c:846 [in MSetsExtra.MSetIntervals]
+c:851 [in MSetsExtra.MSetIntervals]
+c:855 [in MSetsExtra.MSetIntervals]
+c:862 [in MSetsExtra.MSetIntervals]
+c:895 [in MSetsExtra.MSetIntervals]
+

E

+elt:1 [in MSetsExtra.MSetFoldWithAbort]
+elt:28 [in MSetsExtra.MSetFoldWithAbort]
+elt:31 [in MSetsExtra.MSetFoldWithAbort]
+elt:4 [in MSetsExtra.MSetFoldWithAbort]
+elt:56 [in MSetsExtra.MSetFoldWithAbort]
+elt:59 [in MSetsExtra.MSetFoldWithAbort]
+elt:89 [in MSetsExtra.MSetFoldWithAbort]
+elt:93 [in MSetsExtra.MSetFoldWithAbort]
+eqA:14 [in MSetsExtra.MSetIntervals]
+eqB:15 [in MSetsExtra.MSetIntervals]
+e_pre:261 [in MSetsExtra.MSetFoldWithAbort]
+e_pre:244 [in MSetsExtra.MSetFoldWithAbort]
+e_pre:233 [in MSetsExtra.MSetFoldWithAbort]
+e0:251 [in MSetsExtra.MSetFoldWithAbort]
+e0:341 [in MSetsExtra.MSetFoldWithAbort]
+e0:342 [in MSetsExtra.MSetFoldWithAbort]
+e1:1007 [in MSetsExtra.MSetIntervals]
+e1:1009 [in MSetsExtra.MSetIntervals]
+e1:1014 [in MSetsExtra.MSetIntervals]
+e1:1016 [in MSetsExtra.MSetIntervals]
+e1:1021 [in MSetsExtra.MSetIntervals]
+e1:1023 [in MSetsExtra.MSetIntervals]
+e1:118 [in MSetsExtra.MSetFoldWithAbort]
+e1:122 [in MSetsExtra.MSetFoldWithAbort]
+e1:156 [in MSetsExtra.MSetFoldWithAbort]
+e1:169 [in MSetsExtra.MSetFoldWithAbort]
+e1:172 [in MSetsExtra.MSetFoldWithAbort]
+e1:184 [in MSetsExtra.MSetFoldWithAbort]
+e1:187 [in MSetsExtra.MSetFoldWithAbort]
+e1:198 [in MSetsExtra.MSetFoldWithAbort]
+e1:209 [in MSetsExtra.MSetFoldWithAbort]
+e1:223 [in MSetsExtra.MSetFoldWithAbort]
+e1:225 [in MSetsExtra.MSetFoldWithAbort]
+e1:24 [in MSetsExtra.MSetFoldWithAbort]
+e1:332 [in MSetsExtra.MSetFoldWithAbort]
+e1:336 [in MSetsExtra.MSetFoldWithAbort]
+e1:44 [in MSetsExtra.MSetIntervals]
+e1:47 [in MSetsExtra.MSetIntervals]
+e1:52 [in MSetsExtra.MSetFoldWithAbort]
+e1:81 [in MSetsExtra.MSetFoldWithAbort]
+e1:85 [in MSetsExtra.MSetFoldWithAbort]
+e2:1008 [in MSetsExtra.MSetIntervals]
+e2:1010 [in MSetsExtra.MSetIntervals]
+e2:1015 [in MSetsExtra.MSetIntervals]
+e2:1017 [in MSetsExtra.MSetIntervals]
+e2:1022 [in MSetsExtra.MSetIntervals]
+e2:1024 [in MSetsExtra.MSetIntervals]
+e2:121 [in MSetsExtra.MSetFoldWithAbort]
+e2:125 [in MSetsExtra.MSetFoldWithAbort]
+e2:157 [in MSetsExtra.MSetFoldWithAbort]
+e2:171 [in MSetsExtra.MSetFoldWithAbort]
+e2:174 [in MSetsExtra.MSetFoldWithAbort]
+e2:186 [in MSetsExtra.MSetFoldWithAbort]
+e2:189 [in MSetsExtra.MSetFoldWithAbort]
+e2:200 [in MSetsExtra.MSetFoldWithAbort]
+e2:211 [in MSetsExtra.MSetFoldWithAbort]
+e2:224 [in MSetsExtra.MSetFoldWithAbort]
+e2:226 [in MSetsExtra.MSetFoldWithAbort]
+e2:27 [in MSetsExtra.MSetFoldWithAbort]
+e2:335 [in MSetsExtra.MSetFoldWithAbort]
+e2:339 [in MSetsExtra.MSetFoldWithAbort]
+e2:45 [in MSetsExtra.MSetIntervals]
+e2:48 [in MSetsExtra.MSetIntervals]
+e2:55 [in MSetsExtra.MSetFoldWithAbort]
+e2:84 [in MSetsExtra.MSetFoldWithAbort]
+e2:88 [in MSetsExtra.MSetFoldWithAbort]
+e:1006 [in MSetsExtra.MSetIntervals]
+e:1013 [in MSetsExtra.MSetIntervals]
+e:1020 [in MSetsExtra.MSetIntervals]
+e:115 [in MSetsExtra.MSetFoldWithAbort]
+e:116 [in MSetsExtra.MSetFoldWithAbort]
+e:134 [in MSetsExtra.MSetFoldWithAbort]
+e:136 [in MSetsExtra.MSetFoldWithAbort]
+e:138 [in MSetsExtra.MSetFoldWithAbort]
+e:143 [in MSetsExtra.MSetFoldWithAbort]
+e:145 [in MSetsExtra.MSetFoldWithAbort]
+e:150 [in MSetsExtra.MSetFoldWithAbort]
+e:152 [in MSetsExtra.MSetFoldWithAbort]
+e:154 [in MSetsExtra.MSetFoldWithAbort]
+e:167 [in MSetsExtra.MSetFoldWithAbort]
+e:182 [in MSetsExtra.MSetFoldWithAbort]
+e:196 [in MSetsExtra.MSetFoldWithAbort]
+e:207 [in MSetsExtra.MSetFoldWithAbort]
+e:21 [in MSetsExtra.MSetFoldWithAbort]
+e:22 [in MSetsExtra.MSetFoldWithAbort]
+e:222 [in MSetsExtra.MSetFoldWithAbort]
+e:230 [in MSetsExtra.MSetFoldWithAbort]
+e:232 [in MSetsExtra.MSetFoldWithAbort]
+e:235 [in MSetsExtra.MSetFoldWithAbort]
+e:241 [in MSetsExtra.MSetFoldWithAbort]
+e:243 [in MSetsExtra.MSetFoldWithAbort]
+e:246 [in MSetsExtra.MSetFoldWithAbort]
+e:248 [in MSetsExtra.MSetFoldWithAbort]
+e:256 [in MSetsExtra.MSetFoldWithAbort]
+e:256 [in MSetsExtra.MSetIntervals]
+e:260 [in MSetsExtra.MSetFoldWithAbort]
+e:264 [in MSetsExtra.MSetFoldWithAbort]
+e:272 [in MSetsExtra.MSetFoldWithAbort]
+e:273 [in MSetsExtra.MSetFoldWithAbort]
+e:274 [in MSetsExtra.MSetFoldWithAbort]
+e:301 [in MSetsExtra.MSetFoldWithAbort]
+e:329 [in MSetsExtra.MSetFoldWithAbort]
+e:330 [in MSetsExtra.MSetFoldWithAbort]
+e:340 [in MSetsExtra.MSetFoldWithAbort]
+e:379 [in MSetsExtra.MSetFoldWithAbort]
+e:380 [in MSetsExtra.MSetFoldWithAbort]
+e:402 [in MSetsExtra.MSetFoldWithAbort]
+e:403 [in MSetsExtra.MSetFoldWithAbort]
+e:405 [in MSetsExtra.MSetFoldWithAbort]
+e:42 [in MSetsExtra.MSetIntervals]
+e:49 [in MSetsExtra.MSetFoldWithAbort]
+e:50 [in MSetsExtra.MSetFoldWithAbort]
+e:772 [in MSetsExtra.MSetIntervals]
+e:78 [in MSetsExtra.MSetFoldWithAbort]
+e:79 [in MSetsExtra.MSetFoldWithAbort]
+e:998 [in MSetsExtra.MSetIntervals]
+

F

+foldWithAbortGtLt:66 [in MSetsExtra.MSetFoldWithAbort]
+foldWithAbortGt:38 [in MSetsExtra.MSetFoldWithAbort]
+foldWithAbortPrecompute:101 [in MSetsExtra.MSetFoldWithAbort]
+foldWithAbort:10 [in MSetsExtra.MSetFoldWithAbort]
+fold:36 [in MSetsExtra.MSetFoldWithAbort]
+fold:64 [in MSetsExtra.MSetFoldWithAbort]
+fold:8 [in MSetsExtra.MSetFoldWithAbort]
+fold:98 [in MSetsExtra.MSetFoldWithAbort]
+fwasa:221 [in MSetsExtra.MSetFoldWithAbort]
+fwasa:228 [in MSetsExtra.MSetFoldWithAbort]
+fwasa:238 [in MSetsExtra.MSetFoldWithAbort]
+fwasa:254 [in MSetsExtra.MSetFoldWithAbort]
+fwasa:269 [in MSetsExtra.MSetFoldWithAbort]
+fwasa:288 [in MSetsExtra.MSetFoldWithAbort]
+fwasa:291 [in MSetsExtra.MSetFoldWithAbort]
+fwasa:295 [in MSetsExtra.MSetFoldWithAbort]
+fwasa:298 [in MSetsExtra.MSetFoldWithAbort]
+f_gt:399 [in MSetsExtra.MSetFoldWithAbort]
+f_lt:397 [in MSetsExtra.MSetFoldWithAbort]
+f_pre:396 [in MSetsExtra.MSetFoldWithAbort]
+f_gt:387 [in MSetsExtra.MSetFoldWithAbort]
+f_lt:385 [in MSetsExtra.MSetFoldWithAbort]
+f_pre:384 [in MSetsExtra.MSetFoldWithAbort]
+f_gt:376 [in MSetsExtra.MSetFoldWithAbort]
+f_lt:374 [in MSetsExtra.MSetFoldWithAbort]
+f_pre:373 [in MSetsExtra.MSetFoldWithAbort]
+f_gt:364 [in MSetsExtra.MSetFoldWithAbort]
+f_lt:362 [in MSetsExtra.MSetFoldWithAbort]
+f_pre:361 [in MSetsExtra.MSetFoldWithAbort]
+f_gt:356 [in MSetsExtra.MSetFoldWithAbort]
+f_lt:354 [in MSetsExtra.MSetFoldWithAbort]
+f_pre:353 [in MSetsExtra.MSetFoldWithAbort]
+f_gt:348 [in MSetsExtra.MSetFoldWithAbort]
+f_lt:346 [in MSetsExtra.MSetFoldWithAbort]
+f_pre:345 [in MSetsExtra.MSetFoldWithAbort]
+f_gt:324 [in MSetsExtra.MSetFoldWithAbort]
+f_lt:323 [in MSetsExtra.MSetFoldWithAbort]
+f_pre:320 [in MSetsExtra.MSetFoldWithAbort]
+f_gt:307 [in MSetsExtra.MSetFoldWithAbort]
+f_lt:305 [in MSetsExtra.MSetFoldWithAbort]
+f_pre:304 [in MSetsExtra.MSetFoldWithAbort]
+f_abort:205 [in MSetsExtra.MSetFoldWithAbort]
+f_gt:194 [in MSetsExtra.MSetFoldWithAbort]
+f_gt:180 [in MSetsExtra.MSetFoldWithAbort]
+f_lt:179 [in MSetsExtra.MSetFoldWithAbort]
+f_gt:165 [in MSetsExtra.MSetFoldWithAbort]
+f_lt:164 [in MSetsExtra.MSetFoldWithAbort]
+f_pre:161 [in MSetsExtra.MSetFoldWithAbort]
+f_abort:149 [in MSetsExtra.MSetFoldWithAbort]
+f_gt:142 [in MSetsExtra.MSetFoldWithAbort]
+f_gt:133 [in MSetsExtra.MSetFoldWithAbort]
+f_lt:131 [in MSetsExtra.MSetFoldWithAbort]
+f_gt:110 [in MSetsExtra.MSetFoldWithAbort]
+f_lt:109 [in MSetsExtra.MSetFoldWithAbort]
+f_precompute:106 [in MSetsExtra.MSetFoldWithAbort]
+f_gt:73 [in MSetsExtra.MSetFoldWithAbort]
+f_lt:72 [in MSetsExtra.MSetFoldWithAbort]
+f_gt:44 [in MSetsExtra.MSetFoldWithAbort]
+f_abort:16 [in MSetsExtra.MSetFoldWithAbort]
+f':108 [in MSetsExtra.MSetFoldWithAbort]
+f':15 [in MSetsExtra.MSetFoldWithAbort]
+f':163 [in MSetsExtra.MSetFoldWithAbort]
+f':178 [in MSetsExtra.MSetFoldWithAbort]
+f':193 [in MSetsExtra.MSetFoldWithAbort]
+f':204 [in MSetsExtra.MSetFoldWithAbort]
+f':322 [in MSetsExtra.MSetFoldWithAbort]
+f':43 [in MSetsExtra.MSetFoldWithAbort]
+f':71 [in MSetsExtra.MSetFoldWithAbort]
+f:107 [in MSetsExtra.MSetFoldWithAbort]
+f:121 [in MSetsExtra.MSetListWithDups]
+f:124 [in MSetsExtra.MSetListWithDups]
+f:132 [in MSetsExtra.MSetFoldWithAbort]
+f:139 [in MSetsExtra.MSetListWithDups]
+f:14 [in MSetsExtra.MSetFoldWithAbort]
+f:141 [in MSetsExtra.MSetFoldWithAbort]
+f:147 [in MSetsExtra.MSetListWithDups]
+f:148 [in MSetsExtra.MSetFoldWithAbort]
+f:150 [in MSetsExtra.MSetListWithDups]
+f:155 [in MSetsExtra.MSetListWithDups]
+f:158 [in MSetsExtra.MSetListWithDups]
+f:16 [in MSetsExtra.MSetIntervals]
+f:160 [in MSetsExtra.MSetListWithDups]
+f:162 [in MSetsExtra.MSetFoldWithAbort]
+f:177 [in MSetsExtra.MSetFoldWithAbort]
+f:184 [in MSetsExtra.MSetIntervals]
+f:188 [in MSetsExtra.MSetIntervals]
+f:192 [in MSetsExtra.MSetFoldWithAbort]
+f:194 [in MSetsExtra.MSetIntervals]
+f:201 [in MSetsExtra.MSetIntervals]
+f:203 [in MSetsExtra.MSetFoldWithAbort]
+f:205 [in MSetsExtra.MSetIntervals]
+f:207 [in MSetsExtra.MSetIntervals]
+f:211 [in MSetsExtra.MSetIntervals]
+f:217 [in MSetsExtra.MSetIntervals]
+f:22 [in MSetsExtra.MSetIntervals]
+f:222 [in MSetsExtra.MSetIntervals]
+f:226 [in MSetsExtra.MSetIntervals]
+f:229 [in MSetsExtra.MSetIntervals]
+f:234 [in MSetsExtra.MSetIntervals]
+f:238 [in MSetsExtra.MSetIntervals]
+f:29 [in MSetsExtra.MSetIntervals]
+f:306 [in MSetsExtra.MSetFoldWithAbort]
+f:309 [in MSetsExtra.MSetIntervals]
+f:316 [in MSetsExtra.MSetIntervals]
+f:321 [in MSetsExtra.MSetFoldWithAbort]
+f:321 [in MSetsExtra.MSetIntervals]
+f:325 [in MSetsExtra.MSetIntervals]
+f:33 [in MSetsExtra.MSetIntervals]
+f:331 [in MSetsExtra.MSetIntervals]
+f:34 [in MSetsExtra.MSetWithDups]
+f:343 [in MSetsExtra.MSetIntervals]
+f:347 [in MSetsExtra.MSetFoldWithAbort]
+f:350 [in MSetsExtra.MSetIntervals]
+f:355 [in MSetsExtra.MSetFoldWithAbort]
+f:355 [in MSetsExtra.MSetIntervals]
+f:358 [in MSetsExtra.MSetIntervals]
+f:363 [in MSetsExtra.MSetFoldWithAbort]
+f:370 [in MSetsExtra.MSetIntervals]
+f:375 [in MSetsExtra.MSetFoldWithAbort]
+f:38 [in MSetsExtra.MSetIntervals]
+f:386 [in MSetsExtra.MSetFoldWithAbort]
+f:398 [in MSetsExtra.MSetFoldWithAbort]
+f:42 [in MSetsExtra.MSetFoldWithAbort]
+f:44 [in MSetsExtra.MSetListWithDups]
+f:48 [in MSetsExtra.MSetListWithDups]
+f:55 [in MSetsExtra.MSetIntervals]
+f:61 [in MSetsExtra.MSetListWithDups]
+f:64 [in MSetsExtra.MSetIntervals]
+f:69 [in MSetsExtra.MSetIntervals]
+f:70 [in MSetsExtra.MSetFoldWithAbort]
+f:71 [in MSetsExtra.MSetListWithDups]
+f:75 [in MSetsExtra.MSetListWithDups]
+f:81 [in MSetsExtra.MSetListWithDups]
+f:819 [in MSetsExtra.MSetIntervals]
+f:824 [in MSetsExtra.MSetIntervals]
+f:828 [in MSetsExtra.MSetIntervals]
+f:854 [in MSetsExtra.MSetIntervals]
+f:861 [in MSetsExtra.MSetIntervals]
+f:867 [in MSetsExtra.MSetIntervals]
+f:876 [in MSetsExtra.MSetIntervals]
+f:882 [in MSetsExtra.MSetIntervals]
+f:889 [in MSetsExtra.MSetIntervals]
+f:894 [in MSetsExtra.MSetIntervals]
+f:903 [in MSetsExtra.MSetIntervals]
+f:910 [in MSetsExtra.MSetIntervals]
+f:913 [in MSetsExtra.MSetIntervals]
+f:917 [in MSetsExtra.MSetIntervals]
+f:920 [in MSetsExtra.MSetIntervals]
+f:923 [in MSetsExtra.MSetIntervals]
+f:925 [in MSetsExtra.MSetIntervals]
+f:971 [in MSetsExtra.MSetIntervals]
+f:974 [in MSetsExtra.MSetIntervals]
+f:976 [in MSetsExtra.MSetIntervals]
+f:978 [in MSetsExtra.MSetIntervals]
+f:980 [in MSetsExtra.MSetIntervals]
+f:996 [in MSetsExtra.MSetIntervals]
+

H

+Heq:62 [in MSetsExtra.MSetIntervals]
+Hs':580 [in MSetsExtra.MSetIntervals]
+Hs':629 [in MSetsExtra.MSetIntervals]
+Hs':681 [in MSetsExtra.MSetIntervals]
+Hs':728 [in MSetsExtra.MSetIntervals]
+Hs':743 [in MSetsExtra.MSetIntervals]
+Hs':748 [in MSetsExtra.MSetIntervals]
+Hs:268 [in MSetsExtra.MSetIntervals]
+Hs:480 [in MSetsExtra.MSetIntervals]
+Hs:483 [in MSetsExtra.MSetIntervals]
+Hs:544 [in MSetsExtra.MSetIntervals]
+Hs:547 [in MSetsExtra.MSetIntervals]
+Hs:579 [in MSetsExtra.MSetIntervals]
+Hs:628 [in MSetsExtra.MSetIntervals]
+Hs:680 [in MSetsExtra.MSetIntervals]
+Hs:690 [in MSetsExtra.MSetIntervals]
+Hs:697 [in MSetsExtra.MSetIntervals]
+Hs:727 [in MSetsExtra.MSetIntervals]
+Hs:731 [in MSetsExtra.MSetIntervals]
+Hs:735 [in MSetsExtra.MSetIntervals]
+Hs:737 [in MSetsExtra.MSetIntervals]
+Hs:742 [in MSetsExtra.MSetIntervals]
+Hs:747 [in MSetsExtra.MSetIntervals]
+Hs:780 [in MSetsExtra.MSetIntervals]
+Hs:785 [in MSetsExtra.MSetIntervals]
+Hs:789 [in MSetsExtra.MSetIntervals]
+Hs:793 [in MSetsExtra.MSetIntervals]
+Hs:810 [in MSetsExtra.MSetIntervals]
+Hs:814 [in MSetsExtra.MSetIntervals]
+Hs:825 [in MSetsExtra.MSetIntervals]
+Hs:829 [in MSetsExtra.MSetIntervals]
+H0:575 [in MSetsExtra.MSetIntervals]
+H0:624 [in MSetsExtra.MSetIntervals]
+H0:676 [in MSetsExtra.MSetIntervals]
+H1:313 [in MSetsExtra.MSetIntervals]
+H2:314 [in MSetsExtra.MSetIntervals]
+H:540 [in MSetsExtra.MSetIntervals]
+H:574 [in MSetsExtra.MSetIntervals]
+H:59 [in MSetsExtra.MSetIntervals]
+H:623 [in MSetsExtra.MSetIntervals]
+H:675 [in MSetsExtra.MSetIntervals]
+H:693 [in MSetsExtra.MSetIntervals]
+H:883 [in MSetsExtra.MSetIntervals]
+H:918 [in MSetsExtra.MSetIntervals]
+H:921 [in MSetsExtra.MSetIntervals]
+

I

+In:34 [in MSetsExtra.MSetFoldWithAbort]
+In:6 [in MSetsExtra.MSetFoldWithAbort]
+In:62 [in MSetsExtra.MSetFoldWithAbort]
+In:96 [in MSetsExtra.MSetFoldWithAbort]
+i':105 [in MSetsExtra.MSetFoldWithAbort]
+i':13 [in MSetsExtra.MSetFoldWithAbort]
+i':319 [in MSetsExtra.MSetFoldWithAbort]
+i':41 [in MSetsExtra.MSetFoldWithAbort]
+i':69 [in MSetsExtra.MSetFoldWithAbort]
+i1:86 [in MSetsExtra.MSetIntervals]
+i2:87 [in MSetsExtra.MSetIntervals]
+i:104 [in MSetsExtra.MSetFoldWithAbort]
+i:12 [in MSetsExtra.MSetFoldWithAbort]
+i:138 [in MSetsExtra.MSetListWithDups]
+i:160 [in MSetsExtra.MSetFoldWithAbort]
+i:176 [in MSetsExtra.MSetFoldWithAbort]
+i:191 [in MSetsExtra.MSetFoldWithAbort]
+i:202 [in MSetsExtra.MSetFoldWithAbort]
+i:231 [in MSetsExtra.MSetIntervals]
+i:318 [in MSetsExtra.MSetFoldWithAbort]
+i:33 [in MSetsExtra.MSetWithDups]
+i:40 [in MSetsExtra.MSetFoldWithAbort]
+i:407 [in MSetsExtra.MSetIntervals]
+i:63 [in MSetsExtra.MSetListWithDups]
+i:68 [in MSetsExtra.MSetFoldWithAbort]
+i:818 [in MSetsExtra.MSetIntervals]
+i:91 [in MSetsExtra.MSetIntervals]
+i:995 [in MSetsExtra.MSetIntervals]
+

L

+ls:290 [in MSetsExtra.MSetIntervals]
+lt:33 [in MSetsExtra.MSetFoldWithAbort]
+lt:61 [in MSetsExtra.MSetFoldWithAbort]
+lt:95 [in MSetsExtra.MSetFoldWithAbort]
+l':24 [in MSetsExtra.MSetListWithDups]
+l':30 [in MSetsExtra.MSetListWithDups]
+l1:345 [in MSetsExtra.MSetIntervals]
+l1:425 [in MSetsExtra.MSetIntervals]
+l1:707 [in MSetsExtra.MSetIntervals]
+l1:715 [in MSetsExtra.MSetIntervals]
+l2:346 [in MSetsExtra.MSetIntervals]
+l2:426 [in MSetsExtra.MSetIntervals]
+l2:710 [in MSetsExtra.MSetIntervals]
+l2:718 [in MSetsExtra.MSetIntervals]
+l:10 [in MSetsExtra.MSetListWithDups]
+l:103 [in MSetsExtra.MSetIntervals]
+l:115 [in MSetsExtra.MSetIntervals]
+l:119 [in MSetsExtra.MSetIntervals]
+l:134 [in MSetsExtra.MSetIntervals]
+l:14 [in MSetsExtra.MSetListWithDups]
+l:16 [in MSetsExtra.MSetListWithDups]
+l:17 [in MSetsExtra.MSetIntervals]
+l:23 [in MSetsExtra.MSetListWithDups]
+l:24 [in MSetsExtra.MSetIntervals]
+l:254 [in MSetsExtra.MSetIntervals]
+l:258 [in MSetsExtra.MSetIntervals]
+l:260 [in MSetsExtra.MSetIntervals]
+l:28 [in MSetsExtra.MSetListWithDups]
+l:29 [in MSetsExtra.MSetListWithDups]
+l:30 [in MSetsExtra.MSetIntervals]
+l:339 [in MSetsExtra.MSetIntervals]
+l:34 [in MSetsExtra.MSetListWithDups]
+l:34 [in MSetsExtra.MSetIntervals]
+l:367 [in MSetsExtra.MSetIntervals]
+l:39 [in MSetsExtra.MSetIntervals]
+l:427 [in MSetsExtra.MSetIntervals]
+l:50 [in MSetsExtra.MSetIntervals]
+l:551 [in MSetsExtra.MSetIntervals]
+l:554 [in MSetsExtra.MSetIntervals]
+l:698 [in MSetsExtra.MSetIntervals]
+l:701 [in MSetsExtra.MSetIntervals]
+l:75 [in MSetsExtra.MSetIntervals]
+l:849 [in MSetsExtra.MSetIntervals]
+

N

+n:1011 [in MSetsExtra.MSetIntervals]
+n:1018 [in MSetsExtra.MSetIntervals]
+n:2 [in MSetsExtra.MSetIntervals]
+n:289 [in MSetsExtra.MSetIntervals]
+n:4 [in MSetsExtra.MSetIntervals]
+n:52 [in MSetsExtra.MSetIntervals]
+

P

+pre_x:392 [in MSetsExtra.MSetFoldWithAbort]
+pre_x:369 [in MSetsExtra.MSetFoldWithAbort]
+P:10 [in MSetsExtra.MSetWithDups]
+P:101 [in MSetsExtra.MSetListWithDups]
+P:112 [in MSetsExtra.MSetFoldWithAbort]
+P:13 [in MSetsExtra.MSetWithDups]
+P:18 [in MSetsExtra.MSetFoldWithAbort]
+P:220 [in MSetsExtra.MSetFoldWithAbort]
+p:231 [in MSetsExtra.MSetFoldWithAbort]
+p:236 [in MSetsExtra.MSetFoldWithAbort]
+P:239 [in MSetsExtra.MSetFoldWithAbort]
+p:242 [in MSetsExtra.MSetFoldWithAbort]
+p:247 [in MSetsExtra.MSetFoldWithAbort]
+p:257 [in MSetsExtra.MSetFoldWithAbort]
+p:265 [in MSetsExtra.MSetFoldWithAbort]
+P:270 [in MSetsExtra.MSetFoldWithAbort]
+P:281 [in MSetsExtra.MSetIntervals]
+P:284 [in MSetsExtra.MSetIntervals]
+P:292 [in MSetsExtra.MSetFoldWithAbort]
+P:300 [in MSetsExtra.MSetFoldWithAbort]
+p:319 [in MSetsExtra.MSetIntervals]
+P:326 [in MSetsExtra.MSetFoldWithAbort]
+P:46 [in MSetsExtra.MSetFoldWithAbort]
+p:53 [in MSetsExtra.MSetIntervals]
+P:75 [in MSetsExtra.MSetFoldWithAbort]
+P:940 [in MSetsExtra.MSetIntervals]
+P:943 [in MSetsExtra.MSetIntervals]
+P:98 [in MSetsExtra.MSetListWithDups]
+p:982 [in MSetsExtra.MSetIntervals]
+

R

+r:859 [in MSetsExtra.MSetIntervals]
+

S

+st':114 [in MSetsExtra.MSetFoldWithAbort]
+st':120 [in MSetsExtra.MSetFoldWithAbort]
+st':124 [in MSetsExtra.MSetFoldWithAbort]
+st':20 [in MSetsExtra.MSetFoldWithAbort]
+st':26 [in MSetsExtra.MSetFoldWithAbort]
+st':328 [in MSetsExtra.MSetFoldWithAbort]
+st':334 [in MSetsExtra.MSetFoldWithAbort]
+st':338 [in MSetsExtra.MSetFoldWithAbort]
+st':48 [in MSetsExtra.MSetFoldWithAbort]
+st':54 [in MSetsExtra.MSetFoldWithAbort]
+st':77 [in MSetsExtra.MSetFoldWithAbort]
+st':83 [in MSetsExtra.MSetFoldWithAbort]
+st':87 [in MSetsExtra.MSetFoldWithAbort]
+st0:313 [in MSetsExtra.MSetFoldWithAbort]
+st1:314 [in MSetsExtra.MSetFoldWithAbort]
+st2:315 [in MSetsExtra.MSetFoldWithAbort]
+st:113 [in MSetsExtra.MSetFoldWithAbort]
+st:117 [in MSetsExtra.MSetFoldWithAbort]
+st:119 [in MSetsExtra.MSetFoldWithAbort]
+st:123 [in MSetsExtra.MSetFoldWithAbort]
+st:135 [in MSetsExtra.MSetFoldWithAbort]
+st:137 [in MSetsExtra.MSetFoldWithAbort]
+st:139 [in MSetsExtra.MSetFoldWithAbort]
+st:144 [in MSetsExtra.MSetFoldWithAbort]
+st:146 [in MSetsExtra.MSetFoldWithAbort]
+st:151 [in MSetsExtra.MSetFoldWithAbort]
+st:153 [in MSetsExtra.MSetFoldWithAbort]
+st:155 [in MSetsExtra.MSetFoldWithAbort]
+st:168 [in MSetsExtra.MSetFoldWithAbort]
+st:170 [in MSetsExtra.MSetFoldWithAbort]
+st:173 [in MSetsExtra.MSetFoldWithAbort]
+st:183 [in MSetsExtra.MSetFoldWithAbort]
+st:185 [in MSetsExtra.MSetFoldWithAbort]
+st:185 [in MSetsExtra.MSetIntervals]
+st:188 [in MSetsExtra.MSetFoldWithAbort]
+st:189 [in MSetsExtra.MSetIntervals]
+st:19 [in MSetsExtra.MSetFoldWithAbort]
+st:192 [in MSetsExtra.MSetIntervals]
+st:197 [in MSetsExtra.MSetFoldWithAbort]
+st:199 [in MSetsExtra.MSetFoldWithAbort]
+st:208 [in MSetsExtra.MSetFoldWithAbort]
+st:208 [in MSetsExtra.MSetIntervals]
+st:210 [in MSetsExtra.MSetFoldWithAbort]
+st:212 [in MSetsExtra.MSetIntervals]
+st:215 [in MSetsExtra.MSetIntervals]
+st:23 [in MSetsExtra.MSetFoldWithAbort]
+st:25 [in MSetsExtra.MSetFoldWithAbort]
+st:258 [in MSetsExtra.MSetFoldWithAbort]
+st:262 [in MSetsExtra.MSetFoldWithAbort]
+st:266 [in MSetsExtra.MSetFoldWithAbort]
+st:275 [in MSetsExtra.MSetFoldWithAbort]
+st:327 [in MSetsExtra.MSetFoldWithAbort]
+st:331 [in MSetsExtra.MSetFoldWithAbort]
+st:333 [in MSetsExtra.MSetFoldWithAbort]
+st:337 [in MSetsExtra.MSetFoldWithAbort]
+st:381 [in MSetsExtra.MSetFoldWithAbort]
+st:404 [in MSetsExtra.MSetFoldWithAbort]
+st:47 [in MSetsExtra.MSetFoldWithAbort]
+st:51 [in MSetsExtra.MSetFoldWithAbort]
+st:53 [in MSetsExtra.MSetFoldWithAbort]
+st:76 [in MSetsExtra.MSetFoldWithAbort]
+st:80 [in MSetsExtra.MSetFoldWithAbort]
+st:82 [in MSetsExtra.MSetFoldWithAbort]
+st:86 [in MSetsExtra.MSetFoldWithAbort]
+s'':749 [in MSetsExtra.MSetIntervals]
+s':107 [in MSetsExtra.MSetListWithDups]
+s':109 [in MSetsExtra.MSetListWithDups]
+s':130 [in MSetsExtra.MSetListWithDups]
+s':133 [in MSetsExtra.MSetListWithDups]
+s':143 [in MSetsExtra.MSetListWithDups]
+s':162 [in MSetsExtra.MSetIntervals]
+s':274 [in MSetsExtra.MSetIntervals]
+s':277 [in MSetsExtra.MSetIntervals]
+s':3 [in MSetsExtra.MSetWithDups]
+s':430 [in MSetsExtra.MSetIntervals]
+s':435 [in MSetsExtra.MSetIntervals]
+s':577 [in MSetsExtra.MSetIntervals]
+s':6 [in MSetsExtra.MSetWithDups]
+s':626 [in MSetsExtra.MSetIntervals]
+s':65 [in MSetsExtra.MSetListWithDups]
+s':67 [in MSetsExtra.MSetListWithDups]
+s':678 [in MSetsExtra.MSetIntervals]
+s':70 [in MSetsExtra.MSetListWithDups]
+s':726 [in MSetsExtra.MSetIntervals]
+s':741 [in MSetsExtra.MSetIntervals]
+s':746 [in MSetsExtra.MSetIntervals]
+s':796 [in MSetsExtra.MSetIntervals]
+s':91 [in MSetsExtra.MSetListWithDups]
+s':933 [in MSetsExtra.MSetIntervals]
+s':936 [in MSetsExtra.MSetIntervals]
+s':94 [in MSetsExtra.MSetListWithDups]
+s':954 [in MSetsExtra.MSetIntervals]
+s':956 [in MSetsExtra.MSetIntervals]
+s':958 [in MSetsExtra.MSetIntervals]
+s':960 [in MSetsExtra.MSetIntervals]
+s':962 [in MSetsExtra.MSetIntervals]
+s':984 [in MSetsExtra.MSetIntervals]
+s0:245 [in MSetsExtra.MSetFoldWithAbort]
+s0:249 [in MSetsExtra.MSetFoldWithAbort]
+s0:252 [in MSetsExtra.MSetFoldWithAbort]
+s1:138 [in MSetsExtra.MSetIntervals]
+s1:143 [in MSetsExtra.MSetIntervals]
+s1:152 [in MSetsExtra.MSetIntervals]
+s1:155 [in MSetsExtra.MSetIntervals]
+s1:157 [in MSetsExtra.MSetIntervals]
+s1:173 [in MSetsExtra.MSetIntervals]
+s1:176 [in MSetsExtra.MSetIntervals]
+s1:379 [in MSetsExtra.MSetIntervals]
+s1:386 [in MSetsExtra.MSetIntervals]
+s1:450 [in MSetsExtra.MSetIntervals]
+s1:453 [in MSetsExtra.MSetIntervals]
+s1:457 [in MSetsExtra.MSetIntervals]
+s1:461 [in MSetsExtra.MSetIntervals]
+s1:465 [in MSetsExtra.MSetIntervals]
+s1:497 [in MSetsExtra.MSetIntervals]
+s1:53 [in MSetsExtra.MSetListWithDups]
+s1:55 [in MSetsExtra.MSetListWithDups]
+s1:556 [in MSetsExtra.MSetIntervals]
+s1:559 [in MSetsExtra.MSetIntervals]
+s1:562 [in MSetsExtra.MSetIntervals]
+s1:564 [in MSetsExtra.MSetIntervals]
+s1:569 [in MSetsExtra.MSetIntervals]
+s1:572 [in MSetsExtra.MSetIntervals]
+s1:605 [in MSetsExtra.MSetIntervals]
+s1:616 [in MSetsExtra.MSetIntervals]
+s1:619 [in MSetsExtra.MSetIntervals]
+s1:621 [in MSetsExtra.MSetIntervals]
+s1:656 [in MSetsExtra.MSetIntervals]
+s1:668 [in MSetsExtra.MSetIntervals]
+s1:671 [in MSetsExtra.MSetIntervals]
+s1:673 [in MSetsExtra.MSetIntervals]
+s1:703 [in MSetsExtra.MSetIntervals]
+s1:720 [in MSetsExtra.MSetIntervals]
+s1:738 [in MSetsExtra.MSetIntervals]
+s1:751 [in MSetsExtra.MSetIntervals]
+s1:753 [in MSetsExtra.MSetIntervals]
+s1:761 [in MSetsExtra.MSetIntervals]
+s1:763 [in MSetsExtra.MSetIntervals]
+s1:765 [in MSetsExtra.MSetIntervals]
+s1:94 [in MSetsExtra.MSetIntervals]
+s1:968 [in MSetsExtra.MSetIntervals]
+s2:140 [in MSetsExtra.MSetIntervals]
+s2:144 [in MSetsExtra.MSetIntervals]
+s2:153 [in MSetsExtra.MSetIntervals]
+s2:156 [in MSetsExtra.MSetIntervals]
+s2:159 [in MSetsExtra.MSetIntervals]
+s2:174 [in MSetsExtra.MSetIntervals]
+s2:177 [in MSetsExtra.MSetIntervals]
+s2:380 [in MSetsExtra.MSetIntervals]
+s2:387 [in MSetsExtra.MSetIntervals]
+s2:451 [in MSetsExtra.MSetIntervals]
+s2:454 [in MSetsExtra.MSetIntervals]
+s2:458 [in MSetsExtra.MSetIntervals]
+s2:462 [in MSetsExtra.MSetIntervals]
+s2:498 [in MSetsExtra.MSetIntervals]
+s2:54 [in MSetsExtra.MSetListWithDups]
+s2:557 [in MSetsExtra.MSetIntervals]
+s2:56 [in MSetsExtra.MSetListWithDups]
+s2:560 [in MSetsExtra.MSetIntervals]
+s2:563 [in MSetsExtra.MSetIntervals]
+s2:565 [in MSetsExtra.MSetIntervals]
+s2:567 [in MSetsExtra.MSetIntervals]
+s2:570 [in MSetsExtra.MSetIntervals]
+s2:571 [in MSetsExtra.MSetIntervals]
+s2:573 [in MSetsExtra.MSetIntervals]
+s2:604 [in MSetsExtra.MSetIntervals]
+s2:617 [in MSetsExtra.MSetIntervals]
+s2:620 [in MSetsExtra.MSetIntervals]
+s2:622 [in MSetsExtra.MSetIntervals]
+s2:655 [in MSetsExtra.MSetIntervals]
+s2:669 [in MSetsExtra.MSetIntervals]
+s2:672 [in MSetsExtra.MSetIntervals]
+s2:674 [in MSetsExtra.MSetIntervals]
+s2:704 [in MSetsExtra.MSetIntervals]
+s2:721 [in MSetsExtra.MSetIntervals]
+s2:723 [in MSetsExtra.MSetIntervals]
+s2:739 [in MSetsExtra.MSetIntervals]
+s2:752 [in MSetsExtra.MSetIntervals]
+s2:754 [in MSetsExtra.MSetIntervals]
+s2:762 [in MSetsExtra.MSetIntervals]
+s2:764 [in MSetsExtra.MSetIntervals]
+s2:766 [in MSetsExtra.MSetIntervals]
+s2:95 [in MSetsExtra.MSetIntervals]
+s2:969 [in MSetsExtra.MSetIntervals]
+s:102 [in MSetsExtra.MSetListWithDups]
+s:104 [in MSetsExtra.MSetListWithDups]
+s:106 [in MSetsExtra.MSetListWithDups]
+s:108 [in MSetsExtra.MSetListWithDups]
+s:108 [in MSetsExtra.MSetIntervals]
+s:11 [in MSetsExtra.MSetWithDups]
+s:111 [in MSetsExtra.MSetFoldWithAbort]
+s:112 [in MSetsExtra.MSetListWithDups]
+s:112 [in MSetsExtra.MSetIntervals]
+s:113 [in MSetsExtra.MSetListWithDups]
+s:114 [in MSetsExtra.MSetIntervals]
+s:116 [in MSetsExtra.MSetIntervals]
+s:117 [in MSetsExtra.MSetIntervals]
+s:118 [in MSetsExtra.MSetListWithDups]
+s:122 [in MSetsExtra.MSetListWithDups]
+s:124 [in MSetsExtra.MSetIntervals]
+s:125 [in MSetsExtra.MSetListWithDups]
+s:127 [in MSetsExtra.MSetIntervals]
+s:129 [in MSetsExtra.MSetListWithDups]
+s:131 [in MSetsExtra.MSetIntervals]
+s:132 [in MSetsExtra.MSetListWithDups]
+s:133 [in MSetsExtra.MSetIntervals]
+s:135 [in MSetsExtra.MSetIntervals]
+s:136 [in MSetsExtra.MSetListWithDups]
+s:136 [in MSetsExtra.MSetIntervals]
+s:14 [in MSetsExtra.MSetWithDups]
+s:140 [in MSetsExtra.MSetListWithDups]
+s:142 [in MSetsExtra.MSetListWithDups]
+s:145 [in MSetsExtra.MSetListWithDups]
+s:146 [in MSetsExtra.MSetListWithDups]
+s:148 [in MSetsExtra.MSetIntervals]
+s:149 [in MSetsExtra.MSetListWithDups]
+s:154 [in MSetsExtra.MSetListWithDups]
+s:157 [in MSetsExtra.MSetListWithDups]
+s:159 [in MSetsExtra.MSetListWithDups]
+s:161 [in MSetsExtra.MSetIntervals]
+s:162 [in MSetsExtra.MSetListWithDups]
+s:164 [in MSetsExtra.MSetListWithDups]
+s:165 [in MSetsExtra.MSetListWithDups]
+s:166 [in MSetsExtra.MSetFoldWithAbort]
+s:168 [in MSetsExtra.MSetListWithDups]
+s:169 [in MSetsExtra.MSetListWithDups]
+s:169 [in MSetsExtra.MSetIntervals]
+s:17 [in MSetsExtra.MSetFoldWithAbort]
+s:181 [in MSetsExtra.MSetFoldWithAbort]
+s:195 [in MSetsExtra.MSetFoldWithAbort]
+s:2 [in MSetsExtra.MSetWithDups]
+s:202 [in MSetsExtra.MSetIntervals]
+s:206 [in MSetsExtra.MSetFoldWithAbort]
+s:219 [in MSetsExtra.MSetFoldWithAbort]
+s:223 [in MSetsExtra.MSetIntervals]
+s:229 [in MSetsExtra.MSetFoldWithAbort]
+s:230 [in MSetsExtra.MSetIntervals]
+s:234 [in MSetsExtra.MSetFoldWithAbort]
+s:235 [in MSetsExtra.MSetIntervals]
+s:239 [in MSetsExtra.MSetIntervals]
+s:240 [in MSetsExtra.MSetFoldWithAbort]
+s:243 [in MSetsExtra.MSetIntervals]
+s:246 [in MSetsExtra.MSetIntervals]
+s:247 [in MSetsExtra.MSetIntervals]
+s:249 [in MSetsExtra.MSetIntervals]
+s:250 [in MSetsExtra.MSetIntervals]
+s:253 [in MSetsExtra.MSetIntervals]
+s:255 [in MSetsExtra.MSetFoldWithAbort]
+s:263 [in MSetsExtra.MSetIntervals]
+s:264 [in MSetsExtra.MSetIntervals]
+s:267 [in MSetsExtra.MSetIntervals]
+s:270 [in MSetsExtra.MSetIntervals]
+s:271 [in MSetsExtra.MSetFoldWithAbort]
+s:272 [in MSetsExtra.MSetIntervals]
+s:273 [in MSetsExtra.MSetIntervals]
+s:276 [in MSetsExtra.MSetIntervals]
+s:279 [in MSetsExtra.MSetIntervals]
+s:282 [in MSetsExtra.MSetIntervals]
+s:285 [in MSetsExtra.MSetIntervals]
+s:289 [in MSetsExtra.MSetFoldWithAbort]
+s:293 [in MSetsExtra.MSetFoldWithAbort]
+s:296 [in MSetsExtra.MSetFoldWithAbort]
+s:299 [in MSetsExtra.MSetFoldWithAbort]
+s:325 [in MSetsExtra.MSetFoldWithAbort]
+s:362 [in MSetsExtra.MSetIntervals]
+s:365 [in MSetsExtra.MSetIntervals]
+s:37 [in MSetsExtra.MSetListWithDups]
+s:371 [in MSetsExtra.MSetIntervals]
+s:375 [in MSetsExtra.MSetIntervals]
+s:378 [in MSetsExtra.MSetIntervals]
+s:385 [in MSetsExtra.MSetIntervals]
+s:389 [in MSetsExtra.MSetIntervals]
+s:395 [in MSetsExtra.MSetIntervals]
+s:41 [in MSetsExtra.MSetListWithDups]
+s:413 [in MSetsExtra.MSetIntervals]
+s:416 [in MSetsExtra.MSetIntervals]
+s:421 [in MSetsExtra.MSetIntervals]
+s:424 [in MSetsExtra.MSetIntervals]
+s:436 [in MSetsExtra.MSetIntervals]
+s:440 [in MSetsExtra.MSetIntervals]
+s:441 [in MSetsExtra.MSetIntervals]
+s:444 [in MSetsExtra.MSetIntervals]
+s:447 [in MSetsExtra.MSetIntervals]
+s:45 [in MSetsExtra.MSetFoldWithAbort]
+s:45 [in MSetsExtra.MSetListWithDups]
+s:470 [in MSetsExtra.MSetIntervals]
+s:472 [in MSetsExtra.MSetIntervals]
+s:474 [in MSetsExtra.MSetIntervals]
+s:477 [in MSetsExtra.MSetIntervals]
+s:478 [in MSetsExtra.MSetIntervals]
+s:481 [in MSetsExtra.MSetIntervals]
+s:49 [in MSetsExtra.MSetWithDups]
+s:49 [in MSetsExtra.MSetListWithDups]
+s:490 [in MSetsExtra.MSetIntervals]
+s:494 [in MSetsExtra.MSetIntervals]
+s:5 [in MSetsExtra.MSetWithDups]
+s:501 [in MSetsExtra.MSetIntervals]
+s:504 [in MSetsExtra.MSetIntervals]
+s:508 [in MSetsExtra.MSetIntervals]
+s:51 [in MSetsExtra.MSetWithDups]
+s:51 [in MSetsExtra.MSetListWithDups]
+s:521 [in MSetsExtra.MSetIntervals]
+s:528 [in MSetsExtra.MSetIntervals]
+s:53 [in MSetsExtra.MSetWithDups]
+s:531 [in MSetsExtra.MSetIntervals]
+s:535 [in MSetsExtra.MSetIntervals]
+s:538 [in MSetsExtra.MSetIntervals]
+s:541 [in MSetsExtra.MSetIntervals]
+s:546 [in MSetsExtra.MSetIntervals]
+s:552 [in MSetsExtra.MSetIntervals]
+s:555 [in MSetsExtra.MSetIntervals]
+s:56 [in MSetsExtra.MSetWithDups]
+s:57 [in MSetsExtra.MSetWithDups]
+s:576 [in MSetsExtra.MSetIntervals]
+s:583 [in MSetsExtra.MSetIntervals]
+s:587 [in MSetsExtra.MSetIntervals]
+s:62 [in MSetsExtra.MSetListWithDups]
+s:625 [in MSetsExtra.MSetIntervals]
+s:632 [in MSetsExtra.MSetIntervals]
+s:636 [in MSetsExtra.MSetIntervals]
+s:64 [in MSetsExtra.MSetListWithDups]
+s:66 [in MSetsExtra.MSetListWithDups]
+s:677 [in MSetsExtra.MSetIntervals]
+s:683 [in MSetsExtra.MSetIntervals]
+s:685 [in MSetsExtra.MSetIntervals]
+s:687 [in MSetsExtra.MSetIntervals]
+s:69 [in MSetsExtra.MSetListWithDups]
+s:691 [in MSetsExtra.MSetIntervals]
+s:694 [in MSetsExtra.MSetIntervals]
+s:699 [in MSetsExtra.MSetIntervals]
+s:702 [in MSetsExtra.MSetIntervals]
+s:71 [in MSetsExtra.MSetIntervals]
+s:72 [in MSetsExtra.MSetListWithDups]
+s:725 [in MSetsExtra.MSetIntervals]
+s:729 [in MSetsExtra.MSetIntervals]
+s:734 [in MSetsExtra.MSetIntervals]
+s:736 [in MSetsExtra.MSetIntervals]
+s:74 [in MSetsExtra.MSetFoldWithAbort]
+s:74 [in MSetsExtra.MSetIntervals]
+s:740 [in MSetsExtra.MSetIntervals]
+s:745 [in MSetsExtra.MSetIntervals]
+s:755 [in MSetsExtra.MSetIntervals]
+s:756 [in MSetsExtra.MSetIntervals]
+s:76 [in MSetsExtra.MSetListWithDups]
+s:769 [in MSetsExtra.MSetIntervals]
+s:77 [in MSetsExtra.MSetIntervals]
+s:770 [in MSetsExtra.MSetIntervals]
+s:775 [in MSetsExtra.MSetIntervals]
+s:777 [in MSetsExtra.MSetIntervals]
+s:781 [in MSetsExtra.MSetIntervals]
+s:783 [in MSetsExtra.MSetIntervals]
+s:786 [in MSetsExtra.MSetIntervals]
+s:79 [in MSetsExtra.MSetIntervals]
+s:790 [in MSetsExtra.MSetIntervals]
+s:791 [in MSetsExtra.MSetIntervals]
+s:794 [in MSetsExtra.MSetIntervals]
+s:795 [in MSetsExtra.MSetIntervals]
+s:799 [in MSetsExtra.MSetIntervals]
+s:8 [in MSetsExtra.MSetWithDups]
+s:801 [in MSetsExtra.MSetIntervals]
+s:805 [in MSetsExtra.MSetIntervals]
+s:806 [in MSetsExtra.MSetIntervals]
+s:808 [in MSetsExtra.MSetIntervals]
+s:811 [in MSetsExtra.MSetIntervals]
+s:815 [in MSetsExtra.MSetIntervals]
+s:816 [in MSetsExtra.MSetIntervals]
+s:82 [in MSetsExtra.MSetListWithDups]
+s:820 [in MSetsExtra.MSetIntervals]
+s:822 [in MSetsExtra.MSetIntervals]
+s:823 [in MSetsExtra.MSetIntervals]
+s:827 [in MSetsExtra.MSetIntervals]
+s:83 [in MSetsExtra.MSetIntervals]
+s:85 [in MSetsExtra.MSetListWithDups]
+s:86 [in MSetsExtra.MSetListWithDups]
+s:868 [in MSetsExtra.MSetIntervals]
+s:877 [in MSetsExtra.MSetIntervals]
+s:881 [in MSetsExtra.MSetIntervals]
+s:887 [in MSetsExtra.MSetIntervals]
+s:89 [in MSetsExtra.MSetListWithDups]
+s:90 [in MSetsExtra.MSetListWithDups]
+s:904 [in MSetsExtra.MSetIntervals]
+s:911 [in MSetsExtra.MSetIntervals]
+s:914 [in MSetsExtra.MSetIntervals]
+s:916 [in MSetsExtra.MSetIntervals]
+s:919 [in MSetsExtra.MSetIntervals]
+s:922 [in MSetsExtra.MSetIntervals]
+s:924 [in MSetsExtra.MSetIntervals]
+s:93 [in MSetsExtra.MSetListWithDups]
+s:931 [in MSetsExtra.MSetIntervals]
+s:932 [in MSetsExtra.MSetIntervals]
+s:935 [in MSetsExtra.MSetIntervals]
+s:938 [in MSetsExtra.MSetIntervals]
+s:941 [in MSetsExtra.MSetIntervals]
+s:944 [in MSetsExtra.MSetIntervals]
+s:947 [in MSetsExtra.MSetIntervals]
+s:949 [in MSetsExtra.MSetIntervals]
+s:951 [in MSetsExtra.MSetIntervals]
+s:953 [in MSetsExtra.MSetIntervals]
+s:955 [in MSetsExtra.MSetIntervals]
+s:957 [in MSetsExtra.MSetIntervals]
+s:959 [in MSetsExtra.MSetIntervals]
+s:96 [in MSetsExtra.MSetListWithDups]
+s:961 [in MSetsExtra.MSetIntervals]
+s:963 [in MSetsExtra.MSetIntervals]
+s:964 [in MSetsExtra.MSetIntervals]
+s:965 [in MSetsExtra.MSetIntervals]
+s:966 [in MSetsExtra.MSetIntervals]
+s:967 [in MSetsExtra.MSetIntervals]
+s:972 [in MSetsExtra.MSetIntervals]
+s:973 [in MSetsExtra.MSetIntervals]
+s:975 [in MSetsExtra.MSetIntervals]
+s:977 [in MSetsExtra.MSetIntervals]
+s:979 [in MSetsExtra.MSetIntervals]
+s:981 [in MSetsExtra.MSetIntervals]
+s:983 [in MSetsExtra.MSetIntervals]
+s:99 [in MSetsExtra.MSetListWithDups]
+

T

+t:2 [in MSetsExtra.MSetFoldWithAbort]
+t:29 [in MSetsExtra.MSetFoldWithAbort]
+t:308 [in MSetsExtra.MSetFoldWithAbort]
+t:32 [in MSetsExtra.MSetFoldWithAbort]
+t:349 [in MSetsExtra.MSetFoldWithAbort]
+t:357 [in MSetsExtra.MSetFoldWithAbort]
+t:365 [in MSetsExtra.MSetFoldWithAbort]
+t:377 [in MSetsExtra.MSetFoldWithAbort]
+t:388 [in MSetsExtra.MSetFoldWithAbort]
+t:400 [in MSetsExtra.MSetFoldWithAbort]
+t:5 [in MSetsExtra.MSetFoldWithAbort]
+t:57 [in MSetsExtra.MSetFoldWithAbort]
+t:60 [in MSetsExtra.MSetFoldWithAbort]
+t:90 [in MSetsExtra.MSetFoldWithAbort]
+t:94 [in MSetsExtra.MSetFoldWithAbort]
+

X

+xs':22 [in MSetsExtra.MSetListWithDups]
+xs:20 [in MSetsExtra.MSetListWithDups]
+xs:277 [in MSetsExtra.MSetFoldWithAbort]
+xx:804 [in MSetsExtra.MSetIntervals]
+x_pre:312 [in MSetsExtra.MSetFoldWithAbort]
+x':21 [in MSetsExtra.MSetListWithDups]
+x':798 [in MSetsExtra.MSetIntervals]
+x0:278 [in MSetsExtra.MSetFoldWithAbort]
+x0:281 [in MSetsExtra.MSetFoldWithAbort]
+x0:284 [in MSetsExtra.MSetFoldWithAbort]
+x1:18 [in MSetsExtra.MSetIntervals]
+x1:455 [in MSetsExtra.MSetIntervals]
+x1:459 [in MSetsExtra.MSetIntervals]
+x1:463 [in MSetsExtra.MSetIntervals]
+x1:484 [in MSetsExtra.MSetIntervals]
+x1:522 [in MSetsExtra.MSetIntervals]
+x1:589 [in MSetsExtra.MSetIntervals]
+x1:602 [in MSetsExtra.MSetIntervals]
+x1:607 [in MSetsExtra.MSetIntervals]
+x1:612 [in MSetsExtra.MSetIntervals]
+x1:614 [in MSetsExtra.MSetIntervals]
+x1:638 [in MSetsExtra.MSetIntervals]
+x1:651 [in MSetsExtra.MSetIntervals]
+x1:658 [in MSetsExtra.MSetIntervals]
+x1:664 [in MSetsExtra.MSetIntervals]
+x1:666 [in MSetsExtra.MSetIntervals]
+x1:870 [in MSetsExtra.MSetIntervals]
+x1:874 [in MSetsExtra.MSetIntervals]
+x1:879 [in MSetsExtra.MSetIntervals]
+x1:97 [in MSetsExtra.MSetIntervals]
+x2:19 [in MSetsExtra.MSetIntervals]
+x2:456 [in MSetsExtra.MSetIntervals]
+x2:460 [in MSetsExtra.MSetIntervals]
+x2:464 [in MSetsExtra.MSetIntervals]
+x2:486 [in MSetsExtra.MSetIntervals]
+x2:524 [in MSetsExtra.MSetIntervals]
+x2:590 [in MSetsExtra.MSetIntervals]
+x2:603 [in MSetsExtra.MSetIntervals]
+x2:608 [in MSetsExtra.MSetIntervals]
+x2:613 [in MSetsExtra.MSetIntervals]
+x2:615 [in MSetsExtra.MSetIntervals]
+x2:639 [in MSetsExtra.MSetIntervals]
+x2:652 [in MSetsExtra.MSetIntervals]
+x2:659 [in MSetsExtra.MSetIntervals]
+x2:665 [in MSetsExtra.MSetIntervals]
+x2:667 [in MSetsExtra.MSetIntervals]
+x2:871 [in MSetsExtra.MSetIntervals]
+x2:875 [in MSetsExtra.MSetIntervals]
+x2:880 [in MSetsExtra.MSetIntervals]
+x2:99 [in MSetsExtra.MSetIntervals]
+x:1 [in MSetsExtra.MSetListWithDups]
+x:10 [in MSetsExtra.MSetIntervals]
+x:100 [in MSetsExtra.MSetListWithDups]
+x:1000 [in MSetsExtra.MSetIntervals]
+x:1001 [in MSetsExtra.MSetIntervals]
+x:101 [in MSetsExtra.MSetIntervals]
+x:103 [in MSetsExtra.MSetListWithDups]
+x:105 [in MSetsExtra.MSetListWithDups]
+x:107 [in MSetsExtra.MSetIntervals]
+x:110 [in MSetsExtra.MSetListWithDups]
+x:111 [in MSetsExtra.MSetIntervals]
+x:113 [in MSetsExtra.MSetIntervals]
+x:114 [in MSetsExtra.MSetListWithDups]
+x:116 [in MSetsExtra.MSetListWithDups]
+x:118 [in MSetsExtra.MSetIntervals]
+x:12 [in MSetsExtra.MSetWithDups]
+x:120 [in MSetsExtra.MSetListWithDups]
+x:120 [in MSetsExtra.MSetIntervals]
+x:121 [in MSetsExtra.MSetIntervals]
+x:122 [in MSetsExtra.MSetIntervals]
+x:123 [in MSetsExtra.MSetListWithDups]
+x:126 [in MSetsExtra.MSetListWithDups]
+x:126 [in MSetsExtra.MSetIntervals]
+x:130 [in MSetsExtra.MSetIntervals]
+x:131 [in MSetsExtra.MSetListWithDups]
+x:132 [in MSetsExtra.MSetIntervals]
+x:134 [in MSetsExtra.MSetListWithDups]
+x:137 [in MSetsExtra.MSetIntervals]
+x:141 [in MSetsExtra.MSetListWithDups]
+x:144 [in MSetsExtra.MSetListWithDups]
+x:148 [in MSetsExtra.MSetListWithDups]
+x:15 [in MSetsExtra.MSetWithDups]
+x:151 [in MSetsExtra.MSetListWithDups]
+x:156 [in MSetsExtra.MSetListWithDups]
+x:161 [in MSetsExtra.MSetListWithDups]
+x:163 [in MSetsExtra.MSetListWithDups]
+x:166 [in MSetsExtra.MSetListWithDups]
+x:167 [in MSetsExtra.MSetListWithDups]
+x:179 [in MSetsExtra.MSetIntervals]
+x:186 [in MSetsExtra.MSetIntervals]
+x:19 [in MSetsExtra.MSetListWithDups]
+x:190 [in MSetsExtra.MSetIntervals]
+x:193 [in MSetsExtra.MSetIntervals]
+x:197 [in MSetsExtra.MSetIntervals]
+x:209 [in MSetsExtra.MSetIntervals]
+x:213 [in MSetsExtra.MSetIntervals]
+x:216 [in MSetsExtra.MSetIntervals]
+x:219 [in MSetsExtra.MSetIntervals]
+x:25 [in MSetsExtra.MSetListWithDups]
+x:255 [in MSetsExtra.MSetIntervals]
+x:257 [in MSetsExtra.MSetIntervals]
+x:269 [in MSetsExtra.MSetIntervals]
+x:271 [in MSetsExtra.MSetIntervals]
+x:283 [in MSetsExtra.MSetIntervals]
+x:286 [in MSetsExtra.MSetIntervals]
+x:287 [in MSetsExtra.MSetIntervals]
+x:291 [in MSetsExtra.MSetIntervals]
+x:293 [in MSetsExtra.MSetIntervals]
+x:294 [in MSetsExtra.MSetIntervals]
+x:296 [in MSetsExtra.MSetIntervals]
+x:299 [in MSetsExtra.MSetIntervals]
+x:303 [in MSetsExtra.MSetIntervals]
+x:305 [in MSetsExtra.MSetIntervals]
+x:307 [in MSetsExtra.MSetIntervals]
+x:31 [in MSetsExtra.MSetListWithDups]
+x:312 [in MSetsExtra.MSetIntervals]
+x:318 [in MSetsExtra.MSetIntervals]
+x:32 [in MSetsExtra.MSetListWithDups]
+x:323 [in MSetsExtra.MSetIntervals]
+x:327 [in MSetsExtra.MSetIntervals]
+x:33 [in MSetsExtra.MSetListWithDups]
+x:340 [in MSetsExtra.MSetIntervals]
+x:353 [in MSetsExtra.MSetIntervals]
+x:36 [in MSetsExtra.MSetListWithDups]
+x:368 [in MSetsExtra.MSetIntervals]
+x:37 [in MSetsExtra.MSetWithDups]
+x:373 [in MSetsExtra.MSetIntervals]
+x:376 [in MSetsExtra.MSetIntervals]
+x:383 [in MSetsExtra.MSetIntervals]
+x:39 [in MSetsExtra.MSetWithDups]
+x:392 [in MSetsExtra.MSetIntervals]
+x:397 [in MSetsExtra.MSetIntervals]
+x:40 [in MSetsExtra.MSetListWithDups]
+x:412 [in MSetsExtra.MSetIntervals]
+x:415 [in MSetsExtra.MSetIntervals]
+x:419 [in MSetsExtra.MSetIntervals]
+x:42 [in MSetsExtra.MSetWithDups]
+x:42 [in MSetsExtra.MSetListWithDups]
+x:422 [in MSetsExtra.MSetIntervals]
+x:431 [in MSetsExtra.MSetIntervals]
+x:438 [in MSetsExtra.MSetIntervals]
+x:439 [in MSetsExtra.MSetIntervals]
+x:443 [in MSetsExtra.MSetIntervals]
+x:446 [in MSetsExtra.MSetIntervals]
+x:449 [in MSetsExtra.MSetIntervals]
+x:468 [in MSetsExtra.MSetIntervals]
+x:469 [in MSetsExtra.MSetIntervals]
+x:471 [in MSetsExtra.MSetIntervals]
+x:473 [in MSetsExtra.MSetIntervals]
+x:476 [in MSetsExtra.MSetIntervals]
+x:479 [in MSetsExtra.MSetIntervals]
+x:48 [in MSetsExtra.MSetWithDups]
+x:482 [in MSetsExtra.MSetIntervals]
+x:488 [in MSetsExtra.MSetIntervals]
+x:491 [in MSetsExtra.MSetIntervals]
+x:495 [in MSetsExtra.MSetIntervals]
+x:499 [in MSetsExtra.MSetIntervals]
+x:5 [in MSetsExtra.MSetListWithDups]
+x:50 [in MSetsExtra.MSetListWithDups]
+x:502 [in MSetsExtra.MSetIntervals]
+x:506 [in MSetsExtra.MSetIntervals]
+x:509 [in MSetsExtra.MSetIntervals]
+x:529 [in MSetsExtra.MSetIntervals]
+x:532 [in MSetsExtra.MSetIntervals]
+x:536 [in MSetsExtra.MSetIntervals]
+x:539 [in MSetsExtra.MSetIntervals]
+x:542 [in MSetsExtra.MSetIntervals]
+x:545 [in MSetsExtra.MSetIntervals]
+x:548 [in MSetsExtra.MSetIntervals]
+x:549 [in MSetsExtra.MSetIntervals]
+x:55 [in MSetsExtra.MSetWithDups]
+x:553 [in MSetsExtra.MSetIntervals]
+x:57 [in MSetsExtra.MSetIntervals]
+x:578 [in MSetsExtra.MSetIntervals]
+x:58 [in MSetsExtra.MSetListWithDups]
+x:59 [in MSetsExtra.MSetListWithDups]
+x:627 [in MSetsExtra.MSetIntervals]
+x:640 [in MSetsExtra.MSetIntervals]
+x:642 [in MSetsExtra.MSetIntervals]
+x:646 [in MSetsExtra.MSetIntervals]
+x:647 [in MSetsExtra.MSetIntervals]
+x:648 [in MSetsExtra.MSetIntervals]
+x:650 [in MSetsExtra.MSetIntervals]
+x:653 [in MSetsExtra.MSetIntervals]
+x:66 [in MSetsExtra.MSetIntervals]
+x:663 [in MSetsExtra.MSetIntervals]
+x:679 [in MSetsExtra.MSetIntervals]
+x:68 [in MSetsExtra.MSetListWithDups]
+x:682 [in MSetsExtra.MSetIntervals]
+x:686 [in MSetsExtra.MSetIntervals]
+x:688 [in MSetsExtra.MSetIntervals]
+x:692 [in MSetsExtra.MSetIntervals]
+x:695 [in MSetsExtra.MSetIntervals]
+x:7 [in MSetsExtra.MSetListWithDups]
+x:700 [in MSetsExtra.MSetIntervals]
+x:730 [in MSetsExtra.MSetIntervals]
+x:733 [in MSetsExtra.MSetIntervals]
+x:744 [in MSetsExtra.MSetIntervals]
+x:76 [in MSetsExtra.MSetIntervals]
+x:768 [in MSetsExtra.MSetIntervals]
+x:771 [in MSetsExtra.MSetIntervals]
+x:776 [in MSetsExtra.MSetIntervals]
+x:778 [in MSetsExtra.MSetIntervals]
+x:78 [in MSetsExtra.MSetIntervals]
+x:782 [in MSetsExtra.MSetIntervals]
+x:784 [in MSetsExtra.MSetIntervals]
+x:787 [in MSetsExtra.MSetIntervals]
+x:792 [in MSetsExtra.MSetIntervals]
+x:797 [in MSetsExtra.MSetIntervals]
+x:8 [in MSetsExtra.MSetIntervals]
+x:800 [in MSetsExtra.MSetIntervals]
+x:802 [in MSetsExtra.MSetIntervals]
+x:807 [in MSetsExtra.MSetIntervals]
+x:809 [in MSetsExtra.MSetIntervals]
+x:812 [in MSetsExtra.MSetIntervals]
+x:82 [in MSetsExtra.MSetIntervals]
+x:826 [in MSetsExtra.MSetIntervals]
+x:830 [in MSetsExtra.MSetIntervals]
+x:831 [in MSetsExtra.MSetIntervals]
+x:836 [in MSetsExtra.MSetIntervals]
+x:839 [in MSetsExtra.MSetIntervals]
+x:847 [in MSetsExtra.MSetIntervals]
+x:856 [in MSetsExtra.MSetIntervals]
+x:863 [in MSetsExtra.MSetIntervals]
+x:88 [in MSetsExtra.MSetListWithDups]
+x:888 [in MSetsExtra.MSetIntervals]
+x:890 [in MSetsExtra.MSetIntervals]
+x:901 [in MSetsExtra.MSetIntervals]
+x:902 [in MSetsExtra.MSetIntervals]
+x:907 [in MSetsExtra.MSetIntervals]
+x:908 [in MSetsExtra.MSetIntervals]
+x:909 [in MSetsExtra.MSetIntervals]
+x:912 [in MSetsExtra.MSetIntervals]
+x:915 [in MSetsExtra.MSetIntervals]
+x:926 [in MSetsExtra.MSetIntervals]
+x:930 [in MSetsExtra.MSetIntervals]
+x:942 [in MSetsExtra.MSetIntervals]
+x:945 [in MSetsExtra.MSetIntervals]
+x:946 [in MSetsExtra.MSetIntervals]
+x:948 [in MSetsExtra.MSetIntervals]
+x:950 [in MSetsExtra.MSetIntervals]
+x:952 [in MSetsExtra.MSetIntervals]
+x:999 [in MSetsExtra.MSetIntervals]
+

Y

+yc1:89 [in MSetsExtra.MSetIntervals]
+yc2:88 [in MSetsExtra.MSetIntervals]
+yc2:93 [in MSetsExtra.MSetIntervals]
+yc:844 [in MSetsExtra.MSetIntervals]
+ys':27 [in MSetsExtra.MSetListWithDups]
+y':26 [in MSetsExtra.MSetListWithDups]
+y':774 [in MSetsExtra.MSetIntervals]
+y':835 [in MSetsExtra.MSetIntervals]
+y':860 [in MSetsExtra.MSetIntervals]
+y':865 [in MSetsExtra.MSetIntervals]
+y':866 [in MSetsExtra.MSetIntervals]
+y':872 [in MSetsExtra.MSetIntervals]
+y':873 [in MSetsExtra.MSetIntervals]
+y':878 [in MSetsExtra.MSetIntervals]
+y0:128 [in MSetsExtra.MSetListWithDups]
+y1:398 [in MSetsExtra.MSetIntervals]
+y1:402 [in MSetsExtra.MSetIntervals]
+y1:408 [in MSetsExtra.MSetIntervals]
+y1:5 [in MSetsExtra.MSetIntervals]
+y1:512 [in MSetsExtra.MSetIntervals]
+y1:516 [in MSetsExtra.MSetIntervals]
+y1:705 [in MSetsExtra.MSetIntervals]
+y1:713 [in MSetsExtra.MSetIntervals]
+y1:757 [in MSetsExtra.MSetIntervals]
+y1:90 [in MSetsExtra.MSetIntervals]
+y2:145 [in MSetsExtra.MSetIntervals]
+y2:166 [in MSetsExtra.MSetIntervals]
+y2:400 [in MSetsExtra.MSetIntervals]
+y2:404 [in MSetsExtra.MSetIntervals]
+y2:409 [in MSetsExtra.MSetIntervals]
+y2:466 [in MSetsExtra.MSetIntervals]
+y2:514 [in MSetsExtra.MSetIntervals]
+y2:518 [in MSetsExtra.MSetIntervals]
+y2:581 [in MSetsExtra.MSetIntervals]
+y2:585 [in MSetsExtra.MSetIntervals]
+y2:6 [in MSetsExtra.MSetIntervals]
+y2:630 [in MSetsExtra.MSetIntervals]
+y2:634 [in MSetsExtra.MSetIntervals]
+y2:708 [in MSetsExtra.MSetIntervals]
+y2:716 [in MSetsExtra.MSetIntervals]
+y2:758 [in MSetsExtra.MSetIntervals]
+y:11 [in MSetsExtra.MSetIntervals]
+y:111 [in MSetsExtra.MSetListWithDups]
+y:115 [in MSetsExtra.MSetListWithDups]
+y:117 [in MSetsExtra.MSetListWithDups]
+y:127 [in MSetsExtra.MSetListWithDups]
+y:135 [in MSetsExtra.MSetListWithDups]
+y:2 [in MSetsExtra.MSetListWithDups]
+y:279 [in MSetsExtra.MSetFoldWithAbort]
+y:282 [in MSetsExtra.MSetFoldWithAbort]
+y:285 [in MSetsExtra.MSetFoldWithAbort]
+y:302 [in MSetsExtra.MSetIntervals]
+y:304 [in MSetsExtra.MSetIntervals]
+y:360 [in MSetsExtra.MSetIntervals]
+y:381 [in MSetsExtra.MSetIntervals]
+y:382 [in MSetsExtra.MSetIntervals]
+y:388 [in MSetsExtra.MSetIntervals]
+y:390 [in MSetsExtra.MSetIntervals]
+y:391 [in MSetsExtra.MSetIntervals]
+y:394 [in MSetsExtra.MSetIntervals]
+y:406 [in MSetsExtra.MSetIntervals]
+y:423 [in MSetsExtra.MSetIntervals]
+y:428 [in MSetsExtra.MSetIntervals]
+y:433 [in MSetsExtra.MSetIntervals]
+y:437 [in MSetsExtra.MSetIntervals]
+y:442 [in MSetsExtra.MSetIntervals]
+y:445 [in MSetsExtra.MSetIntervals]
+y:448 [in MSetsExtra.MSetIntervals]
+y:452 [in MSetsExtra.MSetIntervals]
+y:493 [in MSetsExtra.MSetIntervals]
+y:505 [in MSetsExtra.MSetIntervals]
+y:52 [in MSetsExtra.MSetListWithDups]
+y:526 [in MSetsExtra.MSetIntervals]
+y:527 [in MSetsExtra.MSetIntervals]
+y:533 [in MSetsExtra.MSetIntervals]
+y:543 [in MSetsExtra.MSetIntervals]
+y:550 [in MSetsExtra.MSetIntervals]
+y:566 [in MSetsExtra.MSetIntervals]
+y:568 [in MSetsExtra.MSetIntervals]
+y:57 [in MSetsExtra.MSetListWithDups]
+y:591 [in MSetsExtra.MSetIntervals]
+y:592 [in MSetsExtra.MSetIntervals]
+y:593 [in MSetsExtra.MSetIntervals]
+y:594 [in MSetsExtra.MSetIntervals]
+y:595 [in MSetsExtra.MSetIntervals]
+y:596 [in MSetsExtra.MSetIntervals]
+y:597 [in MSetsExtra.MSetIntervals]
+y:598 [in MSetsExtra.MSetIntervals]
+y:599 [in MSetsExtra.MSetIntervals]
+y:6 [in MSetsExtra.MSetListWithDups]
+y:601 [in MSetsExtra.MSetIntervals]
+y:609 [in MSetsExtra.MSetIntervals]
+y:618 [in MSetsExtra.MSetIntervals]
+y:641 [in MSetsExtra.MSetIntervals]
+y:643 [in MSetsExtra.MSetIntervals]
+y:644 [in MSetsExtra.MSetIntervals]
+y:645 [in MSetsExtra.MSetIntervals]
+y:654 [in MSetsExtra.MSetIntervals]
+y:660 [in MSetsExtra.MSetIntervals]
+y:670 [in MSetsExtra.MSetIntervals]
+y:689 [in MSetsExtra.MSetIntervals]
+y:696 [in MSetsExtra.MSetIntervals]
+y:711 [in MSetsExtra.MSetIntervals]
+y:712 [in MSetsExtra.MSetIntervals]
+y:719 [in MSetsExtra.MSetIntervals]
+y:722 [in MSetsExtra.MSetIntervals]
+y:724 [in MSetsExtra.MSetIntervals]
+y:773 [in MSetsExtra.MSetIntervals]
+y:779 [in MSetsExtra.MSetIntervals]
+y:788 [in MSetsExtra.MSetIntervals]
+y:8 [in MSetsExtra.MSetListWithDups]
+y:803 [in MSetsExtra.MSetIntervals]
+y:813 [in MSetsExtra.MSetIntervals]
+y:845 [in MSetsExtra.MSetIntervals]
+y:848 [in MSetsExtra.MSetIntervals]
+y:853 [in MSetsExtra.MSetIntervals]
+y:896 [in MSetsExtra.MSetIntervals]
+y:9 [in MSetsExtra.MSetIntervals]
+

Z

+z:1 [in MSetsExtra.MSetIntervals]
+z:1004 [in MSetsExtra.MSetIntervals]
+z:1005 [in MSetsExtra.MSetIntervals]
+z:1012 [in MSetsExtra.MSetIntervals]
+z:1019 [in MSetsExtra.MSetIntervals]
+z:206 [in MSetsExtra.MSetIntervals]
+z:227 [in MSetsExtra.MSetIntervals]
+z:233 [in MSetsExtra.MSetIntervals]
+z:237 [in MSetsExtra.MSetIntervals]
+z:241 [in MSetsExtra.MSetIntervals]
+z:3 [in MSetsExtra.MSetIntervals]
+z:411 [in MSetsExtra.MSetIntervals]
+z:418 [in MSetsExtra.MSetIntervals]
+z:475 [in MSetsExtra.MSetIntervals]
+z:520 [in MSetsExtra.MSetIntervals]
+z:534 [in MSetsExtra.MSetIntervals]
+z:537 [in MSetsExtra.MSetIntervals]
+z:750 [in MSetsExtra.MSetIntervals]
+z:884 [in MSetsExtra.MSetIntervals]
+z:885 [in MSetsExtra.MSetIntervals]
+z:886 [in MSetsExtra.MSetIntervals]
+z:891 [in MSetsExtra.MSetIntervals]
+z:892 [in MSetsExtra.MSetIntervals]
+z:893 [in MSetsExtra.MSetIntervals]
+

+

Module Index

+

E

+ElementEncode [in MSetsExtra.MSetIntervals]
+ElementEncodeN [in MSetsExtra.MSetIntervals]
+ElementEncodeNat [in MSetsExtra.MSetIntervals]
+ElementEncodeNat.E [in MSetsExtra.MSetIntervals]
+ElementEncodeN.E [in MSetsExtra.MSetIntervals]
+ElementEncodeZ [in MSetsExtra.MSetIntervals]
+ElementEncodeZ.E [in MSetsExtra.MSetIntervals]
+ElementEncode.E [in MSetsExtra.MSetIntervals]
+

H

+HasFoldWithAbort [in MSetsExtra.MSetFoldWithAbort]
+HasFoldWithAbortOps [in MSetsExtra.MSetFoldWithAbort]
+

M

+Make [in MSetsExtra.MSetListWithDups]
+MakeAVLSetsWithFoldA [in MSetsExtra.MSetFoldWithAbort]
+MakeGenTreeFoldA [in MSetsExtra.MSetFoldWithAbort]
+MakeListSetsWithFoldA [in MSetsExtra.MSetFoldWithAbort]
+MakeRBTSetsWithFoldA [in MSetsExtra.MSetFoldWithAbort]
+MakeWeakListSetsWithFoldA [in MSetsExtra.MSetFoldWithAbort]
+MakeWeakListSetsWithFoldA.E [in MSetsExtra.MSetFoldWithAbort]
+MakeWeakListSetsWithFoldA.Raw [in MSetsExtra.MSetFoldWithAbort]
+MSetIntervals [in MSetsExtra.MSetIntervals]
+MSetIntervalsN [in MSetsExtra.MSetIntervals]
+MSetIntervalsNat [in MSetsExtra.MSetIntervals]
+MSetIntervalsZ [in MSetsExtra.MSetIntervals]
+MSetIntervals.E [in MSetsExtra.MSetIntervals]
+MSetIntervals.Raw [in MSetsExtra.MSetIntervals]
+

N

+NOP [in MSetsExtra.MSetIntervals]
+

O

+Ops [in MSetsExtra.MSetListWithDups]
+Ops [in MSetsExtra.MSetIntervals]
+Ops.MX [in MSetsExtra.MSetListWithDups]
+Ops.RDFS [in MSetsExtra.MSetListWithDups]
+

R

+Raw [in MSetsExtra.MSetIntervals]
+RemoveDupsFromSorted [in MSetsExtra.MSetListWithDups]
+RemoveDupsFromSorted.MX [in MSetsExtra.MSetListWithDups]
+RemoveDupsFromSorted.XSort [in MSetsExtra.MSetListWithDups]
+RemoveDupsFromSorted.XTotalLeBool [in MSetsExtra.MSetListWithDups]
+

S

+SetsWithFoldA [in MSetsExtra.MSetFoldWithAbort]
+SetsWithFoldA.E [in MSetsExtra.MSetFoldWithAbort]
+

W

+WSetsOnWithDups [in MSetsExtra.MSetWithDups]
+WSetsOnWithDupsExtra [in MSetsExtra.MSetWithDups]
+WSetsOn_TO_WSetsOnWithDupsExtra [in MSetsExtra.MSetWithDups]
+WSetsWithDupsFoldA [in MSetsExtra.MSetFoldWithAbort]
+WSetsWithDupsFoldA.E [in MSetsExtra.MSetFoldWithAbort]
+WSetsWithFoldA [in MSetsExtra.MSetFoldWithAbort]
+WSetsWithFoldA.E [in MSetsExtra.MSetFoldWithAbort]
+

+

Variable Index

+

M

+MSetIntervals.Spec.f [in MSetsExtra.MSetIntervals]
+MSetIntervals.Spec.s [in MSetsExtra.MSetIntervals]
+MSetIntervals.Spec.s' [in MSetsExtra.MSetIntervals]
+MSetIntervals.Spec.x [in MSetsExtra.MSetIntervals]
+MSetIntervals.Spec.y [in MSetsExtra.MSetIntervals]
+

W

+WSetsOnWithDups.Spec.f [in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.Spec.s [in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.Spec.s' [in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.Spec.x [in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.Spec.y [in MSetsExtra.MSetWithDups]
+

+

Library Index

+

M

+MSetFoldWithAbort
+MSetIntervals
+MSetListWithDups
+MSetWithDups
+

+

Lemma Index

+

A

+add_add_sub_eq [in MSetsExtra.MSetIntervals]
+

E

+ElementEncodeNat.decode_encode_ok [in MSetsExtra.MSetIntervals]
+ElementEncodeNat.encode_lt [in MSetsExtra.MSetIntervals]
+ElementEncodeNat.encode_eq [in MSetsExtra.MSetIntervals]
+ElementEncodeN.decode_encode_ok [in MSetsExtra.MSetIntervals]
+ElementEncodeN.encode_lt [in MSetsExtra.MSetIntervals]
+ElementEncodeN.encode_eq [in MSetsExtra.MSetIntervals]
+ElementEncodeZ.decode_encode_ok [in MSetsExtra.MSetIntervals]
+ElementEncodeZ.encode_lt [in MSetsExtra.MSetIntervals]
+ElementEncodeZ.encode_eq [in MSetsExtra.MSetIntervals]
+

H

+HasFoldWithAbortOps.choose_with_abort_spec [in MSetsExtra.MSetFoldWithAbort]
+HasFoldWithAbortOps.exists_with_abort_spec [in MSetsExtra.MSetFoldWithAbort]
+HasFoldWithAbortOps.filter_with_abort_spec [in MSetsExtra.MSetFoldWithAbort]
+HasFoldWithAbortOps.foldWithAbortGtLtSpec [in MSetsExtra.MSetFoldWithAbort]
+HasFoldWithAbortOps.foldWithAbortGtLtSpec_Equal [in MSetsExtra.MSetFoldWithAbort]
+HasFoldWithAbortOps.foldWithAbortGtSpec [in MSetsExtra.MSetFoldWithAbort]
+HasFoldWithAbortOps.foldWithAbortGtSpec_Equal [in MSetsExtra.MSetFoldWithAbort]
+HasFoldWithAbortOps.foldWithAbortPrecomputeSpec_Equal [in MSetsExtra.MSetFoldWithAbort]
+HasFoldWithAbortOps.foldWithAbortSpec [in MSetsExtra.MSetFoldWithAbort]
+HasFoldWithAbortOps.foldWithAbortSpec_Equal [in MSetsExtra.MSetFoldWithAbort]
+HasFoldWithAbortOps.forall_with_abort_spec [in MSetsExtra.MSetFoldWithAbort]
+

M

+MakeAVLSetsWithFoldA.foldWithAbortPrecomputeSpec [in MSetsExtra.MSetFoldWithAbort]
+MakeGenTreeFoldA.foldWithAbort_RawSpec [in MSetsExtra.MSetFoldWithAbort]
+MakeListSetsWithFoldA.foldWithAbortPrecomputeSpec [in MSetsExtra.MSetFoldWithAbort]
+MakeRBTSetsWithFoldA.foldWithAbortPrecomputeSpec [in MSetsExtra.MSetFoldWithAbort]
+MakeWeakListSetsWithFoldA.foldWithAbortPrecomputeSpec [in MSetsExtra.MSetFoldWithAbort]
+Make.add_spec [in MSetsExtra.MSetListWithDups]
+Make.cardinal_spec [in MSetsExtra.MSetListWithDups]
+Make.choose_spec2 [in MSetsExtra.MSetListWithDups]
+Make.choose_spec1 [in MSetsExtra.MSetListWithDups]
+Make.diff_spec [in MSetsExtra.MSetListWithDups]
+Make.elements_dist_spec2w [in MSetsExtra.MSetListWithDups]
+Make.elements_dist_spec1 [in MSetsExtra.MSetListWithDups]
+Make.elements_dist_spec_full [in MSetsExtra.MSetListWithDups]
+Make.elements_spec1 [in MSetsExtra.MSetListWithDups]
+Make.empty_spec [in MSetsExtra.MSetListWithDups]
+Make.equal_spec [in MSetsExtra.MSetListWithDups]
+Make.eq_dec [in MSetsExtra.MSetListWithDups]
+Make.eq_equiv [in MSetsExtra.MSetListWithDups]
+Make.exists_spec [in MSetsExtra.MSetListWithDups]
+Make.filter_spec [in MSetsExtra.MSetListWithDups]
+Make.fold_spec [in MSetsExtra.MSetListWithDups]
+Make.for_all_spec [in MSetsExtra.MSetListWithDups]
+Make.inter_spec [in MSetsExtra.MSetListWithDups]
+Make.is_empty_spec [in MSetsExtra.MSetListWithDups]
+Make.mem_spec [in MSetsExtra.MSetListWithDups]
+Make.partition_spec2 [in MSetsExtra.MSetListWithDups]
+Make.partition_spec1 [in MSetsExtra.MSetListWithDups]
+Make.partition_aux_spec [in MSetsExtra.MSetListWithDups]
+Make.remove_spec [in MSetsExtra.MSetListWithDups]
+Make.rev_filter_aux_spec [in MSetsExtra.MSetListWithDups]
+Make.singleton_spec [in MSetsExtra.MSetListWithDups]
+Make.subset_spec [in MSetsExtra.MSetListWithDups]
+Make.union_spec [in MSetsExtra.MSetListWithDups]
+MSetIntervals.add_spec [in MSetsExtra.MSetIntervals]
+MSetIntervals.cardinal_spec [in MSetsExtra.MSetIntervals]
+MSetIntervals.choose_spec3 [in MSetsExtra.MSetIntervals]
+MSetIntervals.choose_spec2 [in MSetsExtra.MSetIntervals]
+MSetIntervals.choose_spec1 [in MSetsExtra.MSetIntervals]
+MSetIntervals.compare_spec [in MSetsExtra.MSetIntervals]
+MSetIntervals.diff_spec [in MSetsExtra.MSetIntervals]
+MSetIntervals.elements_spec2 [in MSetsExtra.MSetIntervals]
+MSetIntervals.elements_spec2w [in MSetsExtra.MSetIntervals]
+MSetIntervals.elements_spec1 [in MSetsExtra.MSetIntervals]
+MSetIntervals.empty_spec [in MSetsExtra.MSetIntervals]
+MSetIntervals.equal_spec [in MSetsExtra.MSetIntervals]
+MSetIntervals.exists_spec [in MSetsExtra.MSetIntervals]
+MSetIntervals.filter_spec [in MSetsExtra.MSetIntervals]
+MSetIntervals.fold_spec [in MSetsExtra.MSetIntervals]
+MSetIntervals.for_all_spec [in MSetsExtra.MSetIntervals]
+MSetIntervals.inter_spec [in MSetsExtra.MSetIntervals]
+MSetIntervals.is_empty_spec [in MSetsExtra.MSetIntervals]
+MSetIntervals.max_elt_spec3 [in MSetsExtra.MSetIntervals]
+MSetIntervals.max_elt_spec2 [in MSetsExtra.MSetIntervals]
+MSetIntervals.max_elt_spec1 [in MSetsExtra.MSetIntervals]
+MSetIntervals.mem_spec [in MSetsExtra.MSetIntervals]
+MSetIntervals.min_elt_spec3 [in MSetsExtra.MSetIntervals]
+MSetIntervals.min_elt_spec2 [in MSetsExtra.MSetIntervals]
+MSetIntervals.min_elt_spec1 [in MSetsExtra.MSetIntervals]
+MSetIntervals.partition_spec2 [in MSetsExtra.MSetIntervals]
+MSetIntervals.partition_spec1 [in MSetsExtra.MSetIntervals]
+MSetIntervals.remove_spec [in MSetsExtra.MSetIntervals]
+MSetIntervals.singleton_spec [in MSetsExtra.MSetIntervals]
+MSetIntervals.subset_spec [in MSetsExtra.MSetIntervals]
+MSetIntervals.union_spec [in MSetsExtra.MSetIntervals]
+

N

+NoDupA_map [in MSetsExtra.MSetIntervals]
+

O

+Ops.acc_pred [in MSetsExtra.MSetIntervals]
+Ops.singleton_alt_def [in MSetsExtra.MSetIntervals]
+

R

+Raw.addZ_invariant [in MSetsExtra.MSetIntervals]
+Raw.addZ_InZ [in MSetsExtra.MSetIntervals]
+Raw.addZ_alt_def [in MSetsExtra.MSetIntervals]
+Raw.addZ_aux_alt_def [in MSetsExtra.MSetIntervals]
+Raw.add_list_spec [in MSetsExtra.MSetIntervals]
+Raw.add_list_ok [in MSetsExtra.MSetIntervals]
+Raw.add_spec [in MSetsExtra.MSetIntervals]
+Raw.cardinalN_spec [in MSetsExtra.MSetIntervals]
+Raw.cardinal_spec [in MSetsExtra.MSetIntervals]
+Raw.choose_spec3 [in MSetsExtra.MSetIntervals]
+Raw.compare_spec [in MSetsExtra.MSetIntervals]
+Raw.compare_antisym [in MSetsExtra.MSetIntervals]
+Raw.compare_eq_Lt_cons [in MSetsExtra.MSetIntervals]
+Raw.compare_eq_Lt_nil_r [in MSetsExtra.MSetIntervals]
+Raw.compare_eq_Lt_nil_l [in MSetsExtra.MSetIntervals]
+Raw.compare_eq_Eq [in MSetsExtra.MSetIntervals]
+Raw.diff_spec [in MSetsExtra.MSetIntervals]
+Raw.diff_invariant [in MSetsExtra.MSetIntervals]
+Raw.diff_InZ [in MSetsExtra.MSetIntervals]
+Raw.diff_aux2_props [in MSetsExtra.MSetIntervals]
+Raw.diff_aux_props [in MSetsExtra.MSetIntervals]
+Raw.diff_aux_alt_def [in MSetsExtra.MSetIntervals]
+Raw.elementsZ_sorted [in MSetsExtra.MSetIntervals]
+Raw.elementsZ_single_sorted [in MSetsExtra.MSetIntervals]
+Raw.elementsZ_spec2w [in MSetsExtra.MSetIntervals]
+Raw.elementsZ_insert_intervalZ_guarded [in MSetsExtra.MSetIntervals]
+Raw.elementsZ_app [in MSetsExtra.MSetIntervals]
+Raw.elementsZ_cons [in MSetsExtra.MSetIntervals]
+Raw.elementsZ_single_succ_front [in MSetsExtra.MSetIntervals]
+Raw.elementsZ_single_add [in MSetsExtra.MSetIntervals]
+Raw.elementsZ_single_succ [in MSetsExtra.MSetIntervals]
+Raw.elementsZ_single_base [in MSetsExtra.MSetIntervals]
+Raw.elementsZ_nil [in MSetsExtra.MSetIntervals]
+Raw.elements_sorted [in MSetsExtra.MSetIntervals]
+Raw.elements_spec2w [in MSetsExtra.MSetIntervals]
+Raw.elements_spec1 [in MSetsExtra.MSetIntervals]
+Raw.elements_cons [in MSetsExtra.MSetIntervals]
+Raw.elements_nil [in MSetsExtra.MSetIntervals]
+Raw.empty_spec [in MSetsExtra.MSetIntervals]
+Raw.empty_spec' [in MSetsExtra.MSetIntervals]
+Raw.encode_decode_eq [in MSetsExtra.MSetIntervals]
+Raw.equal_spec [in MSetsExtra.MSetIntervals]
+Raw.equal_elementsZ [in MSetsExtra.MSetIntervals]
+Raw.equal_alt_def [in MSetsExtra.MSetIntervals]
+Raw.exists_spec [in MSetsExtra.MSetIntervals]
+Raw.filterZ_props [in MSetsExtra.MSetIntervals]
+Raw.filterZ_aux_props [in MSetsExtra.MSetIntervals]
+Raw.filterZ_single_props [in MSetsExtra.MSetIntervals]
+Raw.filterZ_single_aux_props [in MSetsExtra.MSetIntervals]
+Raw.filter_spec [in MSetsExtra.MSetIntervals]
+Raw.fold_spec [in MSetsExtra.MSetIntervals]
+Raw.fold_elementsZ_alt_def [in MSetsExtra.MSetIntervals]
+Raw.fold_elementsZ_alt_def_aux [in MSetsExtra.MSetIntervals]
+Raw.fold_elementsZ_cons [in MSetsExtra.MSetIntervals]
+Raw.fold_elementsZ_nil [in MSetsExtra.MSetIntervals]
+Raw.fold_elementsZ_single_alt_def [in MSetsExtra.MSetIntervals]
+Raw.fold_opt_app [in MSetsExtra.MSetIntervals]
+Raw.fold_opt_list_cons [in MSetsExtra.MSetIntervals]
+Raw.fold_elementsZ_single_succ [in MSetsExtra.MSetIntervals]
+Raw.fold_elementsZ_single_zero [in MSetsExtra.MSetIntervals]
+Raw.fold_elementsZ_single_pos [in MSetsExtra.MSetIntervals]
+Raw.fold_elementsZ_aux_irrel [in MSetsExtra.MSetIntervals]
+Raw.for_all_spec [in MSetsExtra.MSetIntervals]
+Raw.insert_interval_begin_spec [in MSetsExtra.MSetIntervals]
+Raw.insert_intervalZ_guarded_rev_nil_app [in MSetsExtra.MSetIntervals]
+Raw.insert_intervalZ_guarded_app [in MSetsExtra.MSetIntervals]
+Raw.interval_list_elements_greater_insert_intervalZ_guarded [in MSetsExtra.MSetIntervals]
+Raw.interval_list_invariant_insert_intervalZ_guarded [in MSetsExtra.MSetIntervals]
+Raw.interval_list_invariant_snoc_intro [in MSetsExtra.MSetIntervals]
+Raw.interval_list_invariant_app_iff [in MSetsExtra.MSetIntervals]
+Raw.interval_list_invariant_app_elim [in MSetsExtra.MSetIntervals]
+Raw.interval_list_invariant_app_intro [in MSetsExtra.MSetIntervals]
+Raw.interval_list_elements_greater_app_elim_1 [in MSetsExtra.MSetIntervals]
+Raw.interval_list_elements_greater_intro [in MSetsExtra.MSetIntervals]
+Raw.interval_list_elements_greater_alt2_def [in MSetsExtra.MSetIntervals]
+Raw.interval_list_elements_greater_alt_def [in MSetsExtra.MSetIntervals]
+Raw.interval_list_invariant_sing [in MSetsExtra.MSetIntervals]
+Raw.interval_list_invariant_cons [in MSetsExtra.MSetIntervals]
+Raw.interval_list_invariant_nil [in MSetsExtra.MSetIntervals]
+Raw.interval_list_elements_greater_impl [in MSetsExtra.MSetIntervals]
+Raw.interval_list_elements_greater_cons [in MSetsExtra.MSetIntervals]
+Raw.interval_1_compare_elim [in MSetsExtra.MSetIntervals]
+Raw.interval_1_compare_alt_def [in MSetsExtra.MSetIntervals]
+Raw.interval_compare_swap [in MSetsExtra.MSetIntervals]
+Raw.interval_compare_elim [in MSetsExtra.MSetIntervals]
+Raw.inter_spec [in MSetsExtra.MSetIntervals]
+Raw.inter_invariant [in MSetsExtra.MSetIntervals]
+Raw.inter_InZ [in MSetsExtra.MSetIntervals]
+Raw.inter_aux2_props [in MSetsExtra.MSetIntervals]
+Raw.inter_aux_props [in MSetsExtra.MSetIntervals]
+Raw.inter_aux_alt_def [in MSetsExtra.MSetIntervals]
+Raw.InZ_partitionZ_fold_skip [in MSetsExtra.MSetIntervals]
+Raw.InZ_partitionZ_fold_insert [in MSetsExtra.MSetIntervals]
+Raw.InZ_partitionZ_fold_current_Some [in MSetsExtra.MSetIntervals]
+Raw.InZ_insert_intervalZ_guarded [in MSetsExtra.MSetIntervals]
+Raw.InZ_In [in MSetsExtra.MSetIntervals]
+Raw.InZ_dec [in MSetsExtra.MSetIntervals]
+Raw.InZ_rev [in MSetsExtra.MSetIntervals]
+Raw.InZ_app [in MSetsExtra.MSetIntervals]
+Raw.InZ_cons [in MSetsExtra.MSetIntervals]
+Raw.InZ_nil [in MSetsExtra.MSetIntervals]
+Raw.In_merge_interval [in MSetsExtra.MSetIntervals]
+Raw.In_InZ [in MSetsExtra.MSetIntervals]
+Raw.In_alt_def [in MSetsExtra.MSetIntervals]
+Raw.In_elementsZ_single_hd [in MSetsExtra.MSetIntervals]
+Raw.In_elementsZ_single_dec [in MSetsExtra.MSetIntervals]
+Raw.In_elementsZ_single1 [in MSetsExtra.MSetIntervals]
+Raw.In_elementsZ_single [in MSetsExtra.MSetIntervals]
+Raw.is_empty_spec [in MSetsExtra.MSetIntervals]
+Raw.is_encoded_elems_list_rev [in MSetsExtra.MSetIntervals]
+Raw.is_encoded_elems_list_app [in MSetsExtra.MSetIntervals]
+Raw.length_elementsZ_single [in MSetsExtra.MSetIntervals]
+Raw.lt_Transitive [in MSetsExtra.MSetIntervals]
+Raw.lt_Irreflexive [in MSetsExtra.MSetIntervals]
+Raw.max_eltZ_eq_None [in MSetsExtra.MSetIntervals]
+Raw.max_eltZ_spec2 [in MSetsExtra.MSetIntervals]
+Raw.memZ_spec [in MSetsExtra.MSetIntervals]
+Raw.mem_spec [in MSetsExtra.MSetIntervals]
+Raw.merge_interval_size_invariant [in MSetsExtra.MSetIntervals]
+Raw.merge_interval_size_eq_max [in MSetsExtra.MSetIntervals]
+Raw.merge_interval_size_add [in MSetsExtra.MSetIntervals]
+Raw.merge_interval_size_neq_0 [in MSetsExtra.MSetIntervals]
+Raw.min_eltZ_spec2 [in MSetsExtra.MSetIntervals]
+Raw.Nin_elements_greater_equal [in MSetsExtra.MSetIntervals]
+Raw.Nin_elements_greater [in MSetsExtra.MSetIntervals]
+Raw.NoDupA_elementsZ_single [in MSetsExtra.MSetIntervals]
+Raw.Ok_cons [in MSetsExtra.MSetIntervals]
+Raw.Ok_nil [in MSetsExtra.MSetIntervals]
+Raw.partitionZ_alt_def [in MSetsExtra.MSetIntervals]
+Raw.partitionZ_aux_alt_def [in MSetsExtra.MSetIntervals]
+Raw.partitionZ_single_aux_alt_def [in MSetsExtra.MSetIntervals]
+Raw.partitionZ_aux_invariant_skip [in MSetsExtra.MSetIntervals]
+Raw.partitionZ_aux_invariant_insert [in MSetsExtra.MSetIntervals]
+Raw.partition_spec2 [in MSetsExtra.MSetIntervals]
+Raw.partition_spec1 [in MSetsExtra.MSetIntervals]
+Raw.partition_alt_def [in MSetsExtra.MSetIntervals]
+Raw.removeZ_spec [in MSetsExtra.MSetIntervals]
+Raw.removeZ_interval_list_invariant [in MSetsExtra.MSetIntervals]
+Raw.removeZ_alt_def [in MSetsExtra.MSetIntervals]
+Raw.remove_list_spec [in MSetsExtra.MSetIntervals]
+Raw.remove_list_ok [in MSetsExtra.MSetIntervals]
+Raw.remove_spec [in MSetsExtra.MSetIntervals]
+Raw.singleton_spec [in MSetsExtra.MSetIntervals]
+Raw.subset_spec [in MSetsExtra.MSetIntervals]
+Raw.subset_props [in MSetsExtra.MSetIntervals]
+Raw.subset_props_aux_before [in MSetsExtra.MSetIntervals]
+Raw.subset_props_aux [in MSetsExtra.MSetIntervals]
+Raw.subset_flatten_alt_def [in MSetsExtra.MSetIntervals]
+Raw.union_spec [in MSetsExtra.MSetIntervals]
+Raw.union_invariant [in MSetsExtra.MSetIntervals]
+Raw.union_InZ [in MSetsExtra.MSetIntervals]
+Raw.union_alt_def [in MSetsExtra.MSetIntervals]
+Raw.union_aux_alt_def [in MSetsExtra.MSetIntervals]
+Raw.union_aux_flatten_alt_def [in MSetsExtra.MSetIntervals]
+RemoveDupsFromSorted.eqb_eq_alt [in MSetsExtra.MSetListWithDups]
+RemoveDupsFromSorted.remove_dups_by_sortingA_spec [in MSetsExtra.MSetListWithDups]
+RemoveDupsFromSorted.remove_dups_from_sortedA_spec [in MSetsExtra.MSetListWithDups]
+RemoveDupsFromSorted.remove_dups_from_sortedA_hd [in MSetsExtra.MSetListWithDups]
+RemoveDupsFromSorted.remove_dups_from_sortedA_alt [in MSetsExtra.MSetListWithDups]
+RemoveDupsFromSorted.remove_dups_from_sortedA_aux_alt [in MSetsExtra.MSetListWithDups]
+RemoveDupsFromSorted.XTotalLeBool.leb_total [in MSetsExtra.MSetListWithDups]
+rev_map_alt_def [in MSetsExtra.MSetIntervals]
+rev_map_aux_alt_def [in MSetsExtra.MSetIntervals]
+

W

+WSetsOn_TO_WSetsOnWithDupsExtra.elements_dist_spec2w [in MSetsExtra.MSetWithDups]
+WSetsOn_TO_WSetsOnWithDupsExtra.elements_dist_spec1 [in MSetsExtra.MSetWithDups]
+

Z

+Z_to_N_minus_neq_0 [in MSetsExtra.MSetIntervals]
+Z_lt_le_add_r [in MSetsExtra.MSetIntervals]
+Z_lt_add_r [in MSetsExtra.MSetIntervals]
+Z_le_add_r [in MSetsExtra.MSetIntervals]
+

+

Axiom Index

+

E

+ElementEncode.decode [in MSetsExtra.MSetIntervals]
+ElementEncode.decode_encode_ok [in MSetsExtra.MSetIntervals]
+ElementEncode.encode [in MSetsExtra.MSetIntervals]
+ElementEncode.encode_lt [in MSetsExtra.MSetIntervals]
+ElementEncode.encode_eq [in MSetsExtra.MSetIntervals]
+

H

+HasFoldWithAbort.foldWithAbortPrecompute [in MSetsExtra.MSetFoldWithAbort]
+HasFoldWithAbort.foldWithAbortPrecomputeSpec [in MSetsExtra.MSetFoldWithAbort]
+

W

+WSetsOnWithDupsExtra.cardinal_spec [in MSetsExtra.MSetWithDups]
+WSetsOnWithDupsExtra.elements_dist_spec2w [in MSetsExtra.MSetWithDups]
+WSetsOnWithDupsExtra.elements_dist_spec1 [in MSetsExtra.MSetWithDups]
+WSetsOnWithDupsExtra.elements_dist [in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.add_spec [in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.choose_spec2 [in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.choose_spec1 [in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.diff_spec [in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.elements_spec1 [in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.empty_spec [in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.equal_spec [in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.exists_spec [in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.filter_spec [in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.fold_spec [in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.for_all_spec [in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.In [in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.inter_spec [in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.is_empty_spec [in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.mem_spec [in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.partition_spec2 [in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.partition_spec1 [in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.remove_spec [in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.singleton_spec [in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.subset_spec [in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.union_spec [in MSetsExtra.MSetWithDups]
+

+

Constructor Index

+

O

+Ops.ICR_after_touch [in MSetsExtra.MSetIntervals]
+Ops.ICR_after [in MSetsExtra.MSetIntervals]
+Ops.ICR_subsume_2 [in MSetsExtra.MSetIntervals]
+Ops.ICR_subsume_1 [in MSetsExtra.MSetIntervals]
+Ops.ICR_equal [in MSetsExtra.MSetIntervals]
+Ops.ICR_overlap_after [in MSetsExtra.MSetIntervals]
+Ops.ICR_overlap_before [in MSetsExtra.MSetIntervals]
+Ops.ICR_before_touch [in MSetsExtra.MSetIntervals]
+Ops.ICR_before [in MSetsExtra.MSetIntervals]
+

R

+Raw.ok [in MSetsExtra.MSetIntervals]
+

+

Projection Index

+

H

+HasFoldWithAbortOps.fwasa_P' [in MSetsExtra.MSetFoldWithAbort]
+HasFoldWithAbortOps.fwasa_f_gt [in MSetsExtra.MSetFoldWithAbort]
+HasFoldWithAbortOps.fwasa_f_lt [in MSetsExtra.MSetFoldWithAbort]
+HasFoldWithAbortOps.fwasa_f_pre [in MSetsExtra.MSetFoldWithAbort]
+

M

+MSetIntervals.is_ok [in MSetsExtra.MSetIntervals]
+MSetIntervals.this [in MSetsExtra.MSetIntervals]
+

R

+Raw.ok [in MSetsExtra.MSetIntervals]
+

+

Inductive Index

+

O

+Ops.interval_compare_result [in MSetsExtra.MSetIntervals]
+

R

+Raw.Ok [in MSetsExtra.MSetIntervals]
+

+

Section Index

+

M

+MSetIntervals.Spec [in MSetsExtra.MSetIntervals]
+

R

+Raw.ForNotations [in MSetsExtra.MSetIntervals]
+

W

+WSetsOnWithDups.Spec [in MSetsExtra.MSetWithDups]
+

+

Instance Index

+

M

+Make.In_compat [in MSetsExtra.MSetListWithDups]
+MSetIntervals.eq_equiv [in MSetsExtra.MSetIntervals]
+MSetIntervals.In_compat [in MSetsExtra.MSetIntervals]
+MSetIntervals.lt_compat [in MSetsExtra.MSetIntervals]
+MSetIntervals.lt_strorder [in MSetsExtra.MSetIntervals]
+

R

+Raw.add_ok [in MSetsExtra.MSetIntervals]
+Raw.diff_ok [in MSetsExtra.MSetIntervals]
+Raw.empty_ok [in MSetsExtra.MSetIntervals]
+Raw.filter_ok [in MSetsExtra.MSetIntervals]
+Raw.inter_ok [in MSetsExtra.MSetIntervals]
+Raw.IsOk_Ok [in MSetsExtra.MSetIntervals]
+Raw.partition_ok2 [in MSetsExtra.MSetIntervals]
+Raw.partition_ok1 [in MSetsExtra.MSetIntervals]
+Raw.remove_ok [in MSetsExtra.MSetIntervals]
+Raw.singleton_ok [in MSetsExtra.MSetIntervals]
+Raw.union_ok [in MSetsExtra.MSetIntervals]
+

W

+WSetsOnWithDups.In_compat [in MSetsExtra.MSetWithDups]
+

+

Abbreviation Index

+

M

+Make.compatb [in MSetsExtra.MSetListWithDups]
+MSetIntervals.compatb [in MSetsExtra.MSetIntervals]
+

W

+WSetsOnWithDups.compatb [in MSetsExtra.MSetWithDups]
+

+

Definition Index

+

E

+ElementEncodeNat.decode [in MSetsExtra.MSetIntervals]
+ElementEncodeNat.encode [in MSetsExtra.MSetIntervals]
+ElementEncodeN.decode [in MSetsExtra.MSetIntervals]
+ElementEncodeN.encode [in MSetsExtra.MSetIntervals]
+ElementEncodeZ.decode [in MSetsExtra.MSetIntervals]
+ElementEncodeZ.encode [in MSetsExtra.MSetIntervals]
+

F

+foldWithAbortGtLtSpecPred [in MSetsExtra.MSetFoldWithAbort]
+foldWithAbortGtLtType [in MSetsExtra.MSetFoldWithAbort]
+foldWithAbortGtSpecPred [in MSetsExtra.MSetFoldWithAbort]
+foldWithAbortGtType [in MSetsExtra.MSetFoldWithAbort]
+foldWithAbortPrecomputeSpecPred [in MSetsExtra.MSetFoldWithAbort]
+foldWithAbortPrecomputeType [in MSetsExtra.MSetFoldWithAbort]
+foldWithAbortSpecPred [in MSetsExtra.MSetFoldWithAbort]
+foldWithAbortType [in MSetsExtra.MSetFoldWithAbort]
+

H

+HasFoldWithAbortOps.choose_with_abort [in MSetsExtra.MSetFoldWithAbort]
+HasFoldWithAbortOps.exists_with_abort [in MSetsExtra.MSetFoldWithAbort]
+HasFoldWithAbortOps.filter_with_abort [in MSetsExtra.MSetFoldWithAbort]
+HasFoldWithAbortOps.foldWithAbort [in MSetsExtra.MSetFoldWithAbort]
+HasFoldWithAbortOps.foldWithAbortGt [in MSetsExtra.MSetFoldWithAbort]
+HasFoldWithAbortOps.foldWithAbortGtLt [in MSetsExtra.MSetFoldWithAbort]
+HasFoldWithAbortOps.foldWithAbortSpecArgsForPred [in MSetsExtra.MSetFoldWithAbort]
+HasFoldWithAbortOps.forall_with_abort [in MSetsExtra.MSetFoldWithAbort]
+

M

+MakeAVLSetsWithFoldA.foldWithAbortPrecompute [in MSetsExtra.MSetFoldWithAbort]
+MakeGenTreeFoldA.foldWithAbort_Raw [in MSetsExtra.MSetFoldWithAbort]
+MakeListSetsWithFoldA.foldWithAbortPrecompute [in MSetsExtra.MSetFoldWithAbort]
+MakeListSetsWithFoldA.foldWithAbortRaw [in MSetsExtra.MSetFoldWithAbort]
+MakeRBTSetsWithFoldA.foldWithAbortPrecompute [in MSetsExtra.MSetFoldWithAbort]
+MakeWeakListSetsWithFoldA.foldWithAbortPrecompute [in MSetsExtra.MSetFoldWithAbort]
+MakeWeakListSetsWithFoldA.foldWithAbortRaw [in MSetsExtra.MSetFoldWithAbort]
+Make.Empty [in MSetsExtra.MSetListWithDups]
+Make.eq [in MSetsExtra.MSetListWithDups]
+Make.Equal [in MSetsExtra.MSetListWithDups]
+Make.Exists [in MSetsExtra.MSetListWithDups]
+Make.For_all [in MSetsExtra.MSetListWithDups]
+Make.In [in MSetsExtra.MSetListWithDups]
+Make.Subset [in MSetsExtra.MSetListWithDups]
+MSetIntervals.add [in MSetsExtra.MSetIntervals]
+MSetIntervals.cardinal [in MSetsExtra.MSetIntervals]
+MSetIntervals.choose [in MSetsExtra.MSetIntervals]
+MSetIntervals.compare [in MSetsExtra.MSetIntervals]
+MSetIntervals.diff [in MSetsExtra.MSetIntervals]
+MSetIntervals.elements [in MSetsExtra.MSetIntervals]
+MSetIntervals.elt [in MSetsExtra.MSetIntervals]
+MSetIntervals.empty [in MSetsExtra.MSetIntervals]
+MSetIntervals.Empty [in MSetsExtra.MSetIntervals]
+MSetIntervals.eq [in MSetsExtra.MSetIntervals]
+MSetIntervals.equal [in MSetsExtra.MSetIntervals]
+MSetIntervals.Equal [in MSetsExtra.MSetIntervals]
+MSetIntervals.eq_dec [in MSetsExtra.MSetIntervals]
+MSetIntervals.Exists [in MSetsExtra.MSetIntervals]
+MSetIntervals.exists_ [in MSetsExtra.MSetIntervals]
+MSetIntervals.filter [in MSetsExtra.MSetIntervals]
+MSetIntervals.fold [in MSetsExtra.MSetIntervals]
+MSetIntervals.for_all [in MSetsExtra.MSetIntervals]
+MSetIntervals.For_all [in MSetsExtra.MSetIntervals]
+MSetIntervals.In [in MSetsExtra.MSetIntervals]
+MSetIntervals.inter [in MSetsExtra.MSetIntervals]
+MSetIntervals.is_empty [in MSetsExtra.MSetIntervals]
+MSetIntervals.lt [in MSetsExtra.MSetIntervals]
+MSetIntervals.max_elt [in MSetsExtra.MSetIntervals]
+MSetIntervals.mem [in MSetsExtra.MSetIntervals]
+MSetIntervals.min_elt [in MSetsExtra.MSetIntervals]
+MSetIntervals.partition [in MSetsExtra.MSetIntervals]
+MSetIntervals.remove [in MSetsExtra.MSetIntervals]
+MSetIntervals.singleton [in MSetsExtra.MSetIntervals]
+MSetIntervals.subset [in MSetsExtra.MSetIntervals]
+MSetIntervals.Subset [in MSetsExtra.MSetIntervals]
+MSetIntervals.t [in MSetsExtra.MSetIntervals]
+MSetIntervals.union [in MSetsExtra.MSetIntervals]
+

O

+Ops.add [in MSetsExtra.MSetListWithDups]
+Ops.add [in MSetsExtra.MSetIntervals]
+Ops.addZ [in MSetsExtra.MSetIntervals]
+Ops.addZ_aux [in MSetsExtra.MSetIntervals]
+Ops.add_list [in MSetsExtra.MSetIntervals]
+Ops.cardinal [in MSetsExtra.MSetListWithDups]
+Ops.cardinal [in MSetsExtra.MSetIntervals]
+Ops.cardinalN [in MSetsExtra.MSetIntervals]
+Ops.choose [in MSetsExtra.MSetListWithDups]
+Ops.choose [in MSetsExtra.MSetIntervals]
+Ops.compare [in MSetsExtra.MSetIntervals]
+Ops.diff [in MSetsExtra.MSetListWithDups]
+Ops.diff [in MSetsExtra.MSetIntervals]
+Ops.diff_aux2 [in MSetsExtra.MSetIntervals]
+Ops.diff_aux [in MSetsExtra.MSetIntervals]
+Ops.elements [in MSetsExtra.MSetListWithDups]
+Ops.elements [in MSetsExtra.MSetIntervals]
+Ops.elementsZ [in MSetsExtra.MSetIntervals]
+Ops.elements_dist [in MSetsExtra.MSetListWithDups]
+Ops.elt [in MSetsExtra.MSetListWithDups]
+Ops.elt [in MSetsExtra.MSetIntervals]
+Ops.empty [in MSetsExtra.MSetListWithDups]
+Ops.empty [in MSetsExtra.MSetIntervals]
+Ops.equal [in MSetsExtra.MSetListWithDups]
+Ops.equal [in MSetsExtra.MSetIntervals]
+Ops.exists_ [in MSetsExtra.MSetListWithDups]
+Ops.exists_ [in MSetsExtra.MSetIntervals]
+Ops.filter [in MSetsExtra.MSetListWithDups]
+Ops.filter [in MSetsExtra.MSetIntervals]
+Ops.filterZ [in MSetsExtra.MSetIntervals]
+Ops.filterZ_aux [in MSetsExtra.MSetIntervals]
+Ops.filterZ_single [in MSetsExtra.MSetIntervals]
+Ops.filterZ_single_aux [in MSetsExtra.MSetIntervals]
+Ops.filterZ_fold_fun [in MSetsExtra.MSetIntervals]
+Ops.fold [in MSetsExtra.MSetListWithDups]
+Ops.fold [in MSetsExtra.MSetIntervals]
+Ops.fold_elementsZ [in MSetsExtra.MSetIntervals]
+Ops.fold_elementsZ_single [in MSetsExtra.MSetIntervals]
+Ops.fold_elementsZ_aux [in MSetsExtra.MSetIntervals]
+Ops.for_all [in MSetsExtra.MSetListWithDups]
+Ops.for_all [in MSetsExtra.MSetIntervals]
+Ops.from_elements [in MSetsExtra.MSetIntervals]
+Ops.insert_intervalZ_guarded [in MSetsExtra.MSetIntervals]
+Ops.insert_interval_begin [in MSetsExtra.MSetIntervals]
+Ops.inter [in MSetsExtra.MSetListWithDups]
+Ops.inter [in MSetsExtra.MSetIntervals]
+Ops.interval_1_compare [in MSetsExtra.MSetIntervals]
+Ops.interval_compare [in MSetsExtra.MSetIntervals]
+Ops.inter_aux2 [in MSetsExtra.MSetIntervals]
+Ops.inter_aux [in MSetsExtra.MSetIntervals]
+Ops.is_empty [in MSetsExtra.MSetListWithDups]
+Ops.is_empty [in MSetsExtra.MSetIntervals]
+Ops.max_elt [in MSetsExtra.MSetIntervals]
+Ops.max_eltZ [in MSetsExtra.MSetIntervals]
+Ops.mem [in MSetsExtra.MSetListWithDups]
+Ops.mem [in MSetsExtra.MSetIntervals]
+Ops.memZ [in MSetsExtra.MSetIntervals]
+Ops.merge_interval_size [in MSetsExtra.MSetIntervals]
+Ops.min_elt [in MSetsExtra.MSetIntervals]
+Ops.min_eltZ [in MSetsExtra.MSetIntervals]
+Ops.partition [in MSetsExtra.MSetListWithDups]
+Ops.partition [in MSetsExtra.MSetIntervals]
+Ops.partitionZ [in MSetsExtra.MSetIntervals]
+Ops.partitionZ_aux [in MSetsExtra.MSetIntervals]
+Ops.partitionZ_single [in MSetsExtra.MSetIntervals]
+Ops.partitionZ_single_aux [in MSetsExtra.MSetIntervals]
+Ops.partitionZ_fold_fun [in MSetsExtra.MSetIntervals]
+Ops.partitionZ_fold_skip [in MSetsExtra.MSetIntervals]
+Ops.partitionZ_fold_insert [in MSetsExtra.MSetIntervals]
+Ops.partition_aux [in MSetsExtra.MSetListWithDups]
+Ops.remove [in MSetsExtra.MSetListWithDups]
+Ops.remove [in MSetsExtra.MSetIntervals]
+Ops.removeZ [in MSetsExtra.MSetIntervals]
+Ops.removeZ_aux [in MSetsExtra.MSetIntervals]
+Ops.remove_list [in MSetsExtra.MSetIntervals]
+Ops.rev_filter [in MSetsExtra.MSetListWithDups]
+Ops.rev_filter_aux [in MSetsExtra.MSetListWithDups]
+Ops.singleton [in MSetsExtra.MSetListWithDups]
+Ops.singleton [in MSetsExtra.MSetIntervals]
+Ops.subset [in MSetsExtra.MSetListWithDups]
+Ops.subset [in MSetsExtra.MSetIntervals]
+Ops.t [in MSetsExtra.MSetListWithDups]
+Ops.t [in MSetsExtra.MSetIntervals]
+Ops.union [in MSetsExtra.MSetListWithDups]
+Ops.union [in MSetsExtra.MSetIntervals]
+Ops.union_aux [in MSetsExtra.MSetIntervals]
+

R

+Raw.choose_spec2 [in MSetsExtra.MSetIntervals]
+Raw.choose_spec1 [in MSetsExtra.MSetIntervals]
+Raw.elementsZ_single [in MSetsExtra.MSetIntervals]
+Raw.elements_single [in MSetsExtra.MSetIntervals]
+Raw.Empty [in MSetsExtra.MSetIntervals]
+Raw.Equal [in MSetsExtra.MSetIntervals]
+Raw.Exists [in MSetsExtra.MSetIntervals]
+Raw.fold_opt [in MSetsExtra.MSetIntervals]
+Raw.For_all [in MSetsExtra.MSetIntervals]
+Raw.In [in MSetsExtra.MSetIntervals]
+Raw.interval_list_invariant [in MSetsExtra.MSetIntervals]
+Raw.interval_list_elements_greater [in MSetsExtra.MSetIntervals]
+Raw.InZ [in MSetsExtra.MSetIntervals]
+Raw.IsOk [in MSetsExtra.MSetIntervals]
+Raw.is_encoded_elems_list [in MSetsExtra.MSetIntervals]
+Raw.lt [in MSetsExtra.MSetIntervals]
+Raw.max_elt_spec3 [in MSetsExtra.MSetIntervals]
+Raw.max_elt_spec2 [in MSetsExtra.MSetIntervals]
+Raw.max_elt_spec1 [in MSetsExtra.MSetIntervals]
+Raw.max_eltZ_spec3 [in MSetsExtra.MSetIntervals]
+Raw.max_eltZ_spec1 [in MSetsExtra.MSetIntervals]
+Raw.min_elt_spec3 [in MSetsExtra.MSetIntervals]
+Raw.min_elt_spec2 [in MSetsExtra.MSetIntervals]
+Raw.min_elt_spec1 [in MSetsExtra.MSetIntervals]
+Raw.min_eltZ_spec3 [in MSetsExtra.MSetIntervals]
+Raw.min_eltZ_spec1 [in MSetsExtra.MSetIntervals]
+Raw.partitionZ_fold_current [in MSetsExtra.MSetIntervals]
+Raw.partitionZ_aux_invariant [in MSetsExtra.MSetIntervals]
+Raw.Subset [in MSetsExtra.MSetIntervals]
+RemoveDupsFromSorted.remove_dups_by_sortingA [in MSetsExtra.MSetListWithDups]
+RemoveDupsFromSorted.remove_dups_from_sortedA [in MSetsExtra.MSetListWithDups]
+RemoveDupsFromSorted.remove_dups_from_sortedA_aux [in MSetsExtra.MSetListWithDups]
+RemoveDupsFromSorted.XTotalLeBool.le [in MSetsExtra.MSetListWithDups]
+RemoveDupsFromSorted.XTotalLeBool.leb [in MSetsExtra.MSetListWithDups]
+RemoveDupsFromSorted.XTotalLeBool.t [in MSetsExtra.MSetListWithDups]
+rev_map [in MSetsExtra.MSetIntervals]
+rev_map_aux [in MSetsExtra.MSetIntervals]
+

W

+WSetsOnWithDups.Empty [in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.eq [in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.Equal [in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.Exists [in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.For_all [in MSetsExtra.MSetWithDups]
+WSetsOnWithDups.Subset [in MSetsExtra.MSetWithDups]
+WSetsOn_TO_WSetsOnWithDupsExtra.elements_dist [in MSetsExtra.MSetWithDups]
+

+

Record Index

+

H

+HasFoldWithAbortOps.FoldWithAbortSpecArg [in MSetsExtra.MSetFoldWithAbort]
+

M

+MSetIntervals.t_ [in MSetsExtra.MSetIntervals]
+

R

+Raw.Ok [in MSetsExtra.MSetIntervals]
+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Global IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(2110 entries)
Notation IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(5 entries)
Binder IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(1515 entries)
Module IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(43 entries)
Variable IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(10 entries)
Library IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(4 entries)
Lemma IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(257 entries)
Axiom IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(32 entries)
Constructor IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(10 entries)
Projection IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(7 entries)
Inductive IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(2 entries)
Section IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(3 entries)
Instance IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(17 entries)
Abbreviation IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(3 entries)
Definition IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(199 entries)
Record IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_other(3 entries)
+
This page has been generated by coqdoc +
+ +
+ + + \ No newline at end of file diff --git a/html/toc.html b/html/toc.html new file mode 100644 index 0000000..ca7807c --- /dev/null +++ b/html/toc.html @@ -0,0 +1,268 @@ + + + + + +Table of contents + + + + +
+ + + +
+ +
+

Library MSetsExtra.MSetFoldWithAbort

+ +

Library MSetsExtra.MSetIntervals

+ +

Library MSetsExtra.MSetListWithDups

+ +

Library MSetsExtra.MSetWithDups

+ +
+
This page has been generated by coqdoc +
+ +
+ + + \ No newline at end of file