Skip to content

Add lemmas for list count and perm_eq #824

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
strub merged 1 commit into from
Oct 28, 2025
Merged

Add lemmas for list count and perm_eq #824

strub merged 1 commit into from
Oct 28, 2025

Conversation

@cassiersg
Copy link
Contributor

@cassiersg cassiersg commented Oct 27, 2025

I needed these simple lemmas and they look like they might belong to the standard library.

@fdupress
Copy link
Member

fdupress commented Oct 28, 2025

StdOrder eventually requires FinType, which uses lists to characterise finiteness. You can't require StdOrder in List. Do you see another way of getting those lemmas in?

strub
strub reviewed Oct 28, 2025
View reviewed changes
@cassiersg
Copy link
Contributor Author

cassiersg commented Oct 28, 2025

Thanks @fdupress @strub for the comments. I addressed the StdOrder issue by re-proving the only lemma I used (IntOrder.ler_add) within the proof that used it. I'm not sure it that's the cleanest way?

@fdupress
Copy link
Member

fdupress commented Oct 28, 2025

Can you check if Int.lez_add exists?

@fdupress
Copy link
Member

fdupress commented Oct 28, 2025

Can you check if Int.lez_add exists? A lot of simple results on integers exist in Int (derived by smt) as they are needed to construct more complex theories.

But as soon as there is a generic notion of order and generic lemmas about it, it makes sense to instantiate it with Int to get all derived results. (This will, once they are ready, be done using type classes instead of cloning.)

@cassiersg
Copy link
Contributor Author

cassiersg commented Oct 28, 2025

Int.lez_add does not exist. Should I add it?

@strub
Copy link
Member

strub commented Oct 28, 2025

You can also do that:

lemma le_in_count ['a] (p1 p2 : 'a -> bool) (s : 'a list) :
  (forall x, x \in s => p1 x => p2 x) =>
  count p1 s <= count p2 s.
proof. elim: s => //#. qed.

@strub
Copy link
Member

strub commented Oct 28, 2025

To be clear, this is the kind of goals where SMT provers are stable.

strub
strub approved these changes Oct 28, 2025
View reviewed changes
Copy link
Member

@strub strub left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Squash, and we are good to go.

@cassiersg
Copy link
Contributor Author

cassiersg commented Oct 28, 2025

@strub done

@strub strub merged commit 98e393a into EasyCrypt:main Oct 28, 2025
15 checks passed
@cassiersg cassiersg deleted the list_lemmas branch October 29, 2025 21:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@strub strub strub approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@cassiersg @fdupress @strub