[stdlib]: remove axioms (int + inductive schemes)

strub · strub · commit f7db11566476 · 2024-07-17T21:40:53.000+02:00
diff --git a/src/ecEnv.ml b/src/ecEnv.ml
@@ -729,7 +729,7 @@ module MC = struct
       let axp  = EcPath.prefix (Lazy.force mypath) in
       let axp  = IPPath (EcPath.pqoname axp name) in
       let ax   =
-        { ax_kind       = `Axiom (Ssym.empty, false);
+        { ax_kind       = `Lemma;
           ax_tparams    = tv;
           ax_spec       = cl;
           ax_loca       = (snd obj).op_loca;
@@ -787,7 +787,7 @@ module MC = struct
               let scname = Printf.sprintf "%s_%s" x name in
                 (scname, { ax_tparams    = tyd.tyd_params;
                            ax_spec       = scheme;
-                           ax_kind       = `Axiom (Ssym.empty, false);
+                           ax_kind       = `Lemma;
                            ax_loca       = loca;
                            ax_visibility = `NoSmt;
                 })
@@ -832,7 +832,7 @@ module MC = struct
             let scname = Printf.sprintf "%s_ind" x in
               (scname, { ax_tparams    = tyd.tyd_params;
                          ax_spec       = scheme;
-                         ax_kind       = `Axiom (Ssym.empty, false);
+                         ax_kind       = `Lemma;
                          ax_loca       = loca;
                          ax_visibility = `NoSmt;
               })
@@ -919,7 +919,7 @@ module MC = struct
             let ax = EcSubst.subst_form fsubst ax in
               (x, { ax_tparams    = [(self, Sp.singleton mypath)];
                     ax_spec       = ax;
-                    ax_kind       = `Axiom (Ssym.empty, false);
+                    ax_kind       = `Lemma;
                     ax_loca       = loca;
                     ax_visibility = `NoSmt; }))
           tc.tc_axs
diff --git a/src/ecScope.ml b/src/ecScope.ml
@@ -1767,7 +1767,7 @@ module Ty = struct
           let ax = {
               ax_tparams    = [];
               ax_spec       = f;
-              ax_kind       = `Axiom (Ssym.empty, false);
+              ax_kind       = `Lemma;
               ax_visibility = `NoSmt;
               ax_loca       = lc;
           } in
diff --git a/theories/datatypes/Int.ec b/theories/datatypes/Int.ec
@@ -19,104 +19,104 @@ lemma intind (p:int -> bool):
 proof. exact/CoreInt.intind. qed.
 
 (* -------------------------------------------------------------------- *)
-axiom addzA     : forall x y z, x + (y + z) = (x + y) + z.
-axiom addzC     : forall x y, x + y = y + x.
-axiom addz0     : forall x, x + 0 = x.
-axiom add0z     : forall x, 0 + x = x.
-axiom addzN     : forall x, x - x = 0.
-axiom addNz     : forall x, -x + x = 0.
-axiom mulzA     : forall x y z, (x * y) * z = x * (y * z).
-axiom mulzC     : forall x y, x * y = y * x.
-axiom mulz1     : forall x, x * 1 = x.
-axiom mul1z     : forall x, 1 * x = x.
-axiom mulzDl    : forall x y z, (x + y) * z = x * z + y * z.
-axiom mulzDr    : forall x y z, x * (y + z) = x * y + x * z.
-axiom onez_neq0 : 1 <> 0.
+lemma addzA     : forall x y z, x + (y + z) = (x + y) + z    by smt().
+lemma addzC     : forall x y, x + y = y + x                  by smt().
+lemma addz0     : forall x, x + 0 = x                        by smt().
+lemma add0z     : forall x, 0 + x = x                        by smt().
+lemma addzN     : forall x, x - x = 0                        by smt().
+lemma addNz     : forall x, -x + x = 0                       by smt().
+lemma mulzA     : forall x y z, (x * y) * z = x * (y * z)    by smt().
+lemma mulzC     : forall x y, x * y = y * x                  by smt().
+lemma mulz1     : forall x, x * 1 = x                        by smt().
+lemma mul1z     : forall x, 1 * x = x                        by smt().
+lemma mulzDl    : forall x y z, (x + y) * z = x * z + y * z  by smt().
+lemma mulzDr    : forall x y z, x * (y + z) = x * y + x * z  by smt().
+lemma onez_neq0 : 1 <> 0                                     by smt().
 
 (* -------------------------------------------------------------------- *)
-axiom lezz      : forall x, x <= x.
-axiom lez_trans : forall y x z, x <= y => y <= z => x <= z.
-axiom ltz_trans : forall y x z, x < y => y < z => x < z.
-axiom lez_anti  : forall (x y : int), x <= y <= x => x = y.
-axiom lez01     : 0 <= 1.
-axiom lez_total : forall x y, x <= y \/ y <= x.
+lemma lezz      : forall x, x <= x                           by smt().
+lemma lez_trans : forall y x z, x <= y => y <= z => x <= z   by smt().
+lemma ltz_trans : forall y x z, x < y => y < z => x < z      by smt().
+lemma lez_anti  : forall (x y : int), x <= y <= x => x = y   by smt().
+lemma lez01     : 0 <= 1                                     by smt().
+lemma lez_total : forall x y, x <= y \/ y <= x               by smt().
 
 (* -------------------------------------------------------------------- *)
-axiom subzz (z : int): z - z = 0.
-axiom subz0 (z : int): z - 0 = z.
+lemma subzz (z : int): z - z = 0 by smt().
+lemma subz0 (z : int): z - 0 = z by smt().
 
-axiom oppzK: forall (x  : int), -(-x) = x.
-axiom oppz0: -0 = 0.
+lemma oppzK: forall (x  : int), -(-x) = x by smt().
+lemma oppz0: -0 = 0 by smt().
 
-axiom addzCA (x y z : int): x + (y + z) = y + (x + z).
-axiom addzAC (x y z : int): (x + y) + z = (x + z) + y.
+lemma addzCA (x y z : int): x + (y + z) = y + (x + z) by smt().
+lemma addzAC (x y z : int): (x + y) + z = (x + z) + y by smt().
 
-axiom addzI  (x y z : int): x + y = x + z => y = z.
-axiom addIz  (x y z : int): y + x = z + x => y = z.
+lemma addzI  (x y z : int): x + y = x + z => y = z by smt().
+lemma addIz  (x y z : int): y + x = z + x => y = z by smt().
 
-axiom addzK (y x : int): (x + y) - y = x.
-axiom addKz (y x : int): -y + (y + x) = x.
+lemma addzK (y x : int): (x + y) - y = x by smt().
+lemma addKz (y x : int): -y + (y + x) = x by smt().
 
-axiom subz_add2r (x y z : int): (x + z) - (y + z) = x - y.
+lemma subz_add2r (x y z : int): (x + z) - (y + z) = x - y by smt().
 
-axiom lez_norm_add (x y : int): `|x + y| <= `|x| + `|y|.
+lemma lez_norm_add (x y : int): `|x + y| <= `|x| + `|y| by smt().
 
-axiom addz_gt0 (x y : int): 0 < x => 0 < y => 0 < x + y.
+lemma addz_gt0 (x y : int): 0 < x => 0 < y => 0 < x + y by smt().
 
-axiom normz_eq0 (x   : int): `|x| = 0 => x = 0.
+lemma normz_eq0 (x   : int): `|x| = 0 => x = 0 by smt().
 
-axiom normzM (x y : int): `|x * y| = `|x| * `|y|.
+lemma normzM (x y : int): `|x * y| = `|x| * `|y| by smt().
 
-axiom lez_def (x y : int): x <= y <=> `|y - x| = y - x.
-axiom ltz_def (x y : int): x < y <=> ( y <> x /\ x <= y).
+lemma lez_def (x y : int): x <= y <=> `|y - x| = y - x by smt().
+lemma ltz_def (x y : int): x < y <=> (y <> x /\ x <= y) by smt().
 
-axiom ltzz (z : int): z < z <=> false.
+lemma ltzz (z : int): z < z <=> false by smt().
 
-axiom ltzNge (x y : int): (x <  y) <=> !(y <= x).
-axiom lezNgt (x y : int): (x <= y) <=> !(y <  x).
+lemma ltzNge (x y : int): (x <  y) <=> !(y <= x) by smt().
+lemma lezNgt (x y : int): (x <= y) <=> !(y <  x) by smt().
 
-axiom neq_ltz (x y : int): (x <> y) <=> (x < y \/ y < x).
-axiom eqz_leq (x y : int): (x = y) <=> (x <= y /\ y <= x).
+lemma neq_ltz (x y : int): (x <> y) <=> (x < y \/ y < x) by smt().
+lemma eqz_leq (x y : int): (x = y) <=> (x <= y /\ y <= x) by smt().
 
-axiom lez_add2l (x y z : int): (x + y <= x + z) <=> (y <= z).
-axiom lez_add2r (x y z : int): (y + x <= z + x) <=> (y <= z).
+lemma lez_add2l (x y z : int): (x + y <= x + z) <=> (y <= z) by smt().
+lemma lez_add2r (x y z : int): (y + x <= z + x) <=> (y <= z) by smt().
 
-axiom ltz_add2l (x y z : int): (x + y <  x + z) <=> (y < z).
-axiom ltz_add2r (x y z : int): (y + x <  z + x) <=> (y < z).
+lemma ltz_add2l (x y z : int): (x + y <  x + z) <=> (y < z) by smt().
+lemma ltz_add2r (x y z : int): (y + x <  z + x) <=> (y < z) by smt().
 
-axiom lez_addl (x y : int) : (x <= x + y) = (0 <= y).
-axiom lez_addr (x y : int) : (x <= y + x) = (0 <= y).
+lemma lez_addl (x y : int) : (x <= x + y) = (0 <= y) by smt().
+lemma lez_addr (x y : int) : (x <= y + x) = (0 <= y) by smt().
 
-axiom ltz_addl (x y : int) : (x < x + y) = (0 < y).
-axiom ltz_addr (x y : int) : (x < y + x) = (0 < y).
+lemma ltz_addl (x y : int) : (x < x + y) = (0 < y) by smt().
+lemma ltz_addr (x y : int) : (x < y + x) = (0 < y) by smt().
 
-axiom addz_ge0 (x y : int) : 0 <= x => 0 <= y => 0 <= x + y.
+lemma addz_ge0 (x y : int) : 0 <= x => 0 <= y => 0 <= x + y by smt().
 
-axiom lez_add1r (x y : int): (1 + x <= y) = (x < y).
+lemma lez_add1r (x y : int): (1 + x <= y) = (x < y) by smt().
 
-axiom subz_ge0 x y : (0 <= y - x) = (x <= y).
-axiom subz_gt0 x y : (0 < y - x) = (x < y).
-axiom subz_le0 x y : (y - x <= 0) = (y <= x).
-axiom subz_lt0  x y : (y - x < 0) = (y < x).
+lemma subz_ge0 x y : (0 <= y - x) = (x <= y) by smt().
+lemma subz_gt0 x y : (0 < y - x) = (x < y)   by smt().
+lemma subz_le0 x y : (y - x <= 0) = (y <= x) by smt().
+lemma subz_lt0  x y : (y - x < 0) = (y < x)  by smt().
 
-axiom oppz_ge0 x : (0 <= - x) = (x <= 0).
-axiom oppz_gt0 x : (0 < - x) = (x < 0).
-axiom oppz_le0 x : (- x <= 0) = (0 <= x).
-axiom oppz_lt0 x : (- x < 0) = (0 < x).
+lemma oppz_ge0 x : (0 <= - x) = (x <= 0) by smt().
+lemma oppz_gt0 x : (0 < - x) = (x < 0)   by smt().
+lemma oppz_le0 x : (- x <= 0) = (0 <= x) by smt().
+lemma oppz_lt0 x : (- x < 0) = (0 < x)   by smt().
 
-axiom lezWP (z1 z2 : int) : (z1 <= z2) || (z2 <= z1).
-axiom ltzW (z1 z2 : int) : (z1 < z2) => (z1 <= z2).
+lemma lezWP (z1 z2 : int) : (z1 <= z2) || (z2 <= z1) by smt().
+lemma ltzW (z1 z2 : int) : (z1 < z2) => (z1 <= z2)   by smt().
 
-axiom addz1_neq0 (i : int) : 0 <= i => i+1 <> 0.
-axiom add1z_neq0 (i : int) : 0 <= i => 1+i <> 0.
-axiom addz1_neqC0 (i : int): 0 <= i => 0 <> i+1.
-axiom add1z_neqC0 (i : int): 0 <= i => 0 <> 1+i.
+lemma addz1_neq0 (i : int) : 0 <= i => i+1 <> 0 by smt().
+lemma add1z_neq0 (i : int) : 0 <= i => 1+i <> 0 by smt().
+lemma addz1_neqC0 (i : int): 0 <= i => 0 <> i+1 by smt().
+lemma add1z_neqC0 (i : int): 0 <= i => 0 <> 1+i by smt().
 
 hint rewrite addz_neq0 : addz1_neq0 add1z_neq0 addz1_neqC0 add1z_neqC0.
 
-axiom lez_eqVlt : forall x y, (x <= y) <=> ((x = y) \/ (x < y)).
+lemma lez_eqVlt : forall x y, (x <= y) <=> ((x = y) \/ (x < y)) by smt().
 
-axiom lez_lt_asym x y : !(x <= y < x).
+lemma lez_lt_asym x y : !(x <= y < x) by smt().
 
 (* -------------------------------------------------------------------- *)
 lemma natind (p : int -> bool):
@@ -334,10 +334,16 @@ qed.
 (* -------------------------------------------------------------------- *)
 (* TO BE REMOVED                                                        *)
 
-op fold : ('a -> 'a) -> 'a -> int -> 'a.
+op [opaque] fold ['a] (f : 'a -> 'a) (x : 'a) (i : int) =
+  iter i f x.
 
-axiom foldle0 p (f : 'a -> 'a) a: p <= 0 => fold f a p = a.
-axiom foldS (f : 'a -> 'a) a n: 0 <= n => fold f a (n+1) = f (fold f a n).
+lemma foldle0 (p : int) (f : 'a -> 'a) (a : 'a) :
+ p <= 0 => fold f a p = a.
+proof. by move=> @/fold; apply: iter0. qed.
+
+lemma foldS (f : 'a -> 'a) (a : 'a) (n : int) :
+  0 <= n => fold f a (n+1) = f (fold f a n).
+proof. by move=> @/fold; apply: iterS. qed.
 
 lemma fold0 (f : 'a -> 'a) a: fold f a 0 = a.
 proof. by rewrite foldle0. qed.
diff --git a/theories/datatypes/List.ec b/theories/datatypes/List.ec
@@ -3472,7 +3472,11 @@ theory InsertSort.
   proof. by move=> e_ltgt; elim: s => //= x s IHs; apply sorted_insert. qed.
 end InsertSort.
 
-op sort (e : 'a -> 'a -> bool) s = InsertSort.sort e s axiomatized by sortE.
+op [opaque] sort (e : 'a -> 'a -> bool) s = InsertSort.sort e s.
+
+lemma sortE ['a] (e : 'a -> 'a -> bool) s :
+  sort e s = InsertSort.sort e s.
+proof. by rewrite /sort. qed.
 
 lemma perm_sort e (s : 'a list): perm_eq (sort e s) s.
 proof. by rewrite sortE /=; apply InsertSort.perm_sort. qed.
