< Module lambda_calculus:bool.
< Prove_Constraint lambda_calculus:host:proj_is.
Subgoal 1:
Hyp : |{e}- trueE ~~> abs "a" (abs "b" (var "a"))
Hyp1 : is_e trueE
============================
is_e (abs "a" (abs "b" (var "a")))
< search 6.
Subgoal 2:
Hyp : |{e}- falseE ~~> abs "a" (abs "b" (var "b"))
Hyp1 : is_e falseE
============================
is_e (abs "a" (abs "b" (var "b")))
< search 6.
Subgoal 3:
Variables: F T Cond
Hyp : |{e}- if Cond T F ~~> app (app Cond T) F
Hyp1 : is_e (if Cond T F)
============================
is_e (app (app Cond T) F)
< case Hyp1.
Subgoal 3:
Variables: F T Cond
Hyp : |{e}- if Cond T F ~~> app (app Cond T) F
H1 : is_e Cond
H2 : is_e T
H3 : is_e F
============================
is_e (app (app Cond T) F)
< search.
Proof completed.
< Add_Proj_Rel lambda_calculus:host:is_e.
Proof completed.
< Prove_Ext_Ind lambda_calculus:host:is_e.
Warning: No definition of Ext Size for all relations in Ext Ind; defaulting to proving Ext Ind without Ext Size
Subgoal 6:
IH : forall E, is_e E * -> <is_e {P}> E
R : is_e trueE @
============================
<is_e {P}> trueE
< unfold .
Subgoal 6:
IH : forall E, is_e E * -> <is_e {P}> E
R : is_e trueE @
============================
exists X_T, |{e}- trueE ~~> X_T /\ <is_e {P}> X_T
< exists abs "a" (abs "b" (var "a")).
Subgoal 6:
IH : forall E, is_e E * -> <is_e {P}> E
R : is_e trueE @
============================
|{e}- trueE ~~> abs "a" (abs "b" (var "a")) /\
<is_e {P}> (abs "a" (abs "b" (var "a")))
< search 7.
Subgoal 7:
IH : forall E, is_e E * -> <is_e {P}> E
R : is_e falseE @
============================
<is_e {P}> falseE
< unfold .
Subgoal 7:
IH : forall E, is_e E * -> <is_e {P}> E
R : is_e falseE @
============================
exists X_T, |{e}- falseE ~~> X_T /\ <is_e {P}> X_T
< exists abs "a" (abs "b" (var "b")).
Subgoal 7:
IH : forall E, is_e E * -> <is_e {P}> E
R : is_e falseE @
============================
|{e}- falseE ~~> abs "a" (abs "b" (var "b")) /\
<is_e {P}> (abs "a" (abs "b" (var "b")))
< search 7.
Subgoal 8:
Variables: E3 E1 E2
IH : forall E, is_e E * -> <is_e {P}> E
R : is_e (if E2 E1 E3) @
R1 : is_e E2 *
R2 : is_e E1 *
R3 : is_e E3 *
============================
<is_e {P}> (if E2 E1 E3)
< apply IH to R1.
Subgoal 8:
Variables: E3 E1 E2
IH : forall E, is_e E * -> <is_e {P}> E
R : is_e (if E2 E1 E3) @
R1 : is_e E2 *
R2 : is_e E1 *
R3 : is_e E3 *
H1 : <is_e {P}> E2
============================
<is_e {P}> (if E2 E1 E3)
< apply IH to R2.
Subgoal 8:
Variables: E3 E1 E2
IH : forall E, is_e E * -> <is_e {P}> E
R : is_e (if E2 E1 E3) @
R1 : is_e E2 *
R2 : is_e E1 *
R3 : is_e E3 *
H1 : <is_e {P}> E2
H2 : <is_e {P}> E1
============================
<is_e {P}> (if E2 E1 E3)
< apply IH to R3.
Subgoal 8:
Variables: E3 E1 E2
IH : forall E, is_e E * -> <is_e {P}> E
R : is_e (if E2 E1 E3) @
R1 : is_e E2 *
R2 : is_e E1 *
R3 : is_e E3 *
H1 : <is_e {P}> E2
H2 : <is_e {P}> E1
H3 : <is_e {P}> E3
============================
<is_e {P}> (if E2 E1 E3)
< search.
Proof completed.
< Prove_Constraint lambda_calculus:host:proj_same.
Subgoal 1:
Variables: E2
Hyp : |{e}- trueE ~~> abs "a" (abs "b" (var "a"))
Hyp1 : |{e}- trueE ~~> E2
============================
abs "a" (abs "b" (var "a")) = E2
< case Hyp1.
Subgoal 1:
Hyp : |{e}- trueE ~~> abs "a" (abs "b" (var "a"))
============================
abs "a" (abs "b" (var "a")) = abs "a" (abs "b" (var "a"))
< search.
Subgoal 2:
Variables: E2
Hyp : |{e}- falseE ~~> abs "a" (abs "b" (var "b"))
Hyp1 : |{e}- falseE ~~> E2
============================
abs "a" (abs "b" (var "b")) = E2
< case Hyp1.
Subgoal 2:
Hyp : |{e}- falseE ~~> abs "a" (abs "b" (var "b"))
============================
abs "a" (abs "b" (var "b")) = abs "a" (abs "b" (var "b"))
< search.
Subgoal 3:
Variables: E2 F T Cond
Hyp : |{e}- if Cond T F ~~> app (app Cond T) F
Hyp1 : |{e}- if Cond T F ~~> E2
============================
app (app Cond T) F = E2
< case Hyp1.
Subgoal 3:
Variables: F T Cond
Hyp : |{e}- if Cond T F ~~> app (app Cond T) F
============================
app (app Cond T) F = app (app Cond T) F
< search.
Proof completed.
< Prove lambda_calculus:host:subst_exists.
Subgoal 6:
Variables: X R
IH : forall X R E, is_e E * -> is_string X -> is_e R -> exists S, subst X R E S
IsE : is_e trueE @
IsX : is_string X
IsR : is_e R
============================
exists S, subst X R trueE S
< search.
Subgoal 7:
Variables: X R
IH : forall X R E, is_e E * -> is_string X -> is_e R -> exists S, subst X R E S
IsE : is_e falseE @
IsX : is_string X
IsR : is_e R
============================
exists S, subst X R falseE S
< search.
Subgoal 8:
Variables: X R E3 E1 E2
IH : forall X R E, is_e E * -> is_string X -> is_e R -> exists S, subst X R E S
IsE : is_e (if E2 E1 E3) @
IsX : is_string X
IsR : is_e R
IsE1 : is_e E2 *
IsE2 : is_e E1 *
IsE3 : is_e E3 *
============================
exists S, subst X R (if E2 E1 E3) S
< apply IH to IsE1 _ IsR.
Subgoal 8:
Variables: X R E3 E1 E2 S
IH : forall X R E, is_e E * -> is_string X -> is_e R -> exists S, subst X R E S
IsE : is_e (if E2 E1 E3) @
IsX : is_string X
IsR : is_e R
IsE1 : is_e E2 *
IsE2 : is_e E1 *
IsE3 : is_e E3 *
H1 : subst X R E2 S
============================
exists S, subst X R (if E2 E1 E3) S
< apply IH to IsE2 _ IsR.
Subgoal 8:
Variables: X R E3 E1 E2 S S1
IH : forall X R E, is_e E * -> is_string X -> is_e R -> exists S, subst X R E S
IsE : is_e (if E2 E1 E3) @
IsX : is_string X
IsR : is_e R
IsE1 : is_e E2 *
IsE2 : is_e E1 *
IsE3 : is_e E3 *
H1 : subst X R E2 S
H2 : subst X R E1 S1
============================
exists S, subst X R (if E2 E1 E3) S
< apply IH to IsE3 _ IsR.
Subgoal 8:
Variables: X R E3 E1 E2 S S1 S2
IH : forall X R E, is_e E * -> is_string X -> is_e R -> exists S, subst X R E S
IsE : is_e (if E2 E1 E3) @
IsX : is_string X
IsR : is_e R
IsE1 : is_e E2 *
IsE2 : is_e E1 *
IsE3 : is_e E3 *
H1 : subst X R E2 S
H2 : subst X R E1 S1
H3 : subst X R E3 S2
============================
exists S, subst X R (if E2 E1 E3) S
< search.
Proof completed.
< Prove lambda_calculus:host:subst_is.
Subgoal 8:
Variables: X R
IH : forall X R E S,
is_e E -> is_string X -> is_e R -> subst X R E S * -> is_e S
IsE : is_e trueE
IsX : is_string X
IsR : is_e R
S : subst X R trueE (abs "a" (abs "b" (var "a"))) @
============================
is_e (abs "a" (abs "b" (var "a")))
< search 7.
Subgoal 9:
Variables: X R
IH : forall X R E S,
is_e E -> is_string X -> is_e R -> subst X R E S * -> is_e S
IsE : is_e falseE
IsX : is_string X
IsR : is_e R
S : subst X R falseE (abs "a" (abs "b" (var "b"))) @
============================
is_e (abs "a" (abs "b" (var "b")))
< search 7.
Subgoal 10:
Variables: X R FS TS CS F T Cond
IH : forall X R E S,
is_e E -> is_string X -> is_e R -> subst X R E S * -> is_e S
IsE : is_e (if Cond T F)
IsX : is_string X
IsR : is_e R
S : subst X R (if Cond T F) (app (app CS TS) FS) @
S1 : subst X R Cond CS *
S2 : subst X R T TS *
S3 : subst X R F FS *
============================
is_e (app (app CS TS) FS)
< Is: case IsE.
Subgoal 10:
Variables: X R FS TS CS F T Cond
IH : forall X R E S,
is_e E -> is_string X -> is_e R -> subst X R E S * -> is_e S
IsX : is_string X
IsR : is_e R
S : subst X R (if Cond T F) (app (app CS TS) FS) @
S1 : subst X R Cond CS *
S2 : subst X R T TS *
S3 : subst X R F FS *
Is : is_e Cond
Is1 : is_e T
Is2 : is_e F
============================
is_e (app (app CS TS) FS)
< apply IH to _ _ _ S1.
Subgoal 10:
Variables: X R FS TS CS F T Cond
IH : forall X R E S,
is_e E -> is_string X -> is_e R -> subst X R E S * -> is_e S
IsX : is_string X
IsR : is_e R
S : subst X R (if Cond T F) (app (app CS TS) FS) @
S1 : subst X R Cond CS *
S2 : subst X R T TS *
S3 : subst X R F FS *
Is : is_e Cond
Is1 : is_e T
Is2 : is_e F
H1 : is_e CS
============================
is_e (app (app CS TS) FS)
< apply IH to _ _ _ S2.
Subgoal 10:
Variables: X R FS TS CS F T Cond
IH : forall X R E S,
is_e E -> is_string X -> is_e R -> subst X R E S * -> is_e S
IsX : is_string X
IsR : is_e R
S : subst X R (if Cond T F) (app (app CS TS) FS) @
S1 : subst X R Cond CS *
S2 : subst X R T TS *
S3 : subst X R F FS *
Is : is_e Cond
Is1 : is_e T
Is2 : is_e F
H1 : is_e CS
H2 : is_e TS
============================
is_e (app (app CS TS) FS)
< apply IH to _ _ _ S3.
Subgoal 10:
Variables: X R FS TS CS F T Cond
IH : forall X R E S,
is_e E -> is_string X -> is_e R -> subst X R E S * -> is_e S
IsX : is_string X
IsR : is_e R
S : subst X R (if Cond T F) (app (app CS TS) FS) @
S1 : subst X R Cond CS *
S2 : subst X R T TS *
S3 : subst X R F FS *
Is : is_e Cond
Is1 : is_e T
Is2 : is_e F
H1 : is_e CS
H2 : is_e TS
H3 : is_e FS
============================
is_e (app (app CS TS) FS)
< search.
Proof completed.
< Prove lambda_calculus:host:eval_is.
Subgoal 5:
IH : forall E V, is_e E -> eval E V * -> is_e V
IsE : is_e trueE
Ev : eval trueE (abs "a" (abs "b" (var "a"))) @
============================
is_e (abs "a" (abs "b" (var "a")))
< search 7.
Subgoal 6:
IH : forall E V, is_e E -> eval E V * -> is_e V
IsE : is_e falseE
Ev : eval falseE (abs "a" (abs "b" (var "b"))) @
============================
is_e (abs "a" (abs "b" (var "b")))
< search 7.
Subgoal 7:
Variables: V F T Cond
IH : forall E V, is_e E -> eval E V * -> is_e V
IsE : is_e (if Cond T F)
Ev : eval (if Cond T F) V @
Ev1 : eval (app (app Cond T) F) V *
============================
is_e V
< Is: case IsE.
Subgoal 7:
Variables: V F T Cond
IH : forall E V, is_e E -> eval E V * -> is_e V
Ev : eval (if Cond T F) V @
Ev1 : eval (app (app Cond T) F) V *
Is : is_e Cond
Is1 : is_e T
Is2 : is_e F
============================
is_e V
< IsC: apply IH to _ Ev1.
Subgoal 7:
Variables: V F T Cond
IH : forall E V, is_e E -> eval E V * -> is_e V
Ev : eval (if Cond T F) V @
Ev1 : eval (app (app Cond T) F) V *
Is : is_e Cond
Is1 : is_e T
Is2 : is_e F
IsC : is_e V
============================
is_e V
< search.
Proof completed.
< Prove lambda_calculus:host:subst_unique.
Subgoal 8:
Variables: X R SB
IH : forall X R E SA SB,
is_e E -> is_string X -> is_e R -> subst X R E SA * -> subst X R E SB -> SA = SB
IsE : is_e trueE
IsX : is_string X
IsR : is_e R
SA : subst X R trueE (abs "a" (abs "b" (var "a"))) @
SB : subst X R trueE SB
============================
abs "a" (abs "b" (var "a")) = SB
< case SB.
Subgoal 8:
Variables: X R
IH : forall X R E SA SB,
is_e E -> is_string X -> is_e R -> subst X R E SA * -> subst X R E SB -> SA = SB
IsE : is_e trueE
IsX : is_string X
IsR : is_e R
SA : subst X R trueE (abs "a" (abs "b" (var "a"))) @
============================
abs "a" (abs "b" (var "a")) = abs "a" (abs "b" (var "a"))
< search.
Subgoal 9:
Variables: X R SB
IH : forall X R E SA SB,
is_e E -> is_string X -> is_e R -> subst X R E SA * -> subst X R E SB -> SA = SB
IsE : is_e falseE
IsX : is_string X
IsR : is_e R
SA : subst X R falseE (abs "a" (abs "b" (var "b"))) @
SB : subst X R falseE SB
============================
abs "a" (abs "b" (var "b")) = SB
< case SB.
Subgoal 9:
Variables: X R
IH : forall X R E SA SB,
is_e E -> is_string X -> is_e R -> subst X R E SA * -> subst X R E SB -> SA = SB
IsE : is_e falseE
IsX : is_string X
IsR : is_e R
SA : subst X R falseE (abs "a" (abs "b" (var "b"))) @
============================
abs "a" (abs "b" (var "b")) = abs "a" (abs "b" (var "b"))
< search.
Subgoal 10:
Variables: X R SB FS TS CS F T Cond
IH : forall X R E SA SB,
is_e E -> is_string X -> is_e R -> subst X R E SA * -> subst X R E SB -> SA = SB
IsE : is_e (if Cond T F)
IsX : is_string X
IsR : is_e R
SA : subst X R (if Cond T F) (app (app CS TS) FS) @
SB : subst X R (if Cond T F) SB
SA1 : subst X R Cond CS *
SA2 : subst X R T TS *
SA3 : subst X R F FS *
============================
app (app CS TS) FS = SB
< SB: case SB.
Subgoal 10:
Variables: X R FS TS CS F T Cond FS1 TS1 CS1
IH : forall X R E SA SB,
is_e E -> is_string X -> is_e R -> subst X R E SA * -> subst X R E SB -> SA = SB
IsE : is_e (if Cond T F)
IsX : is_string X
IsR : is_e R
SA : subst X R (if Cond T F) (app (app CS TS) FS) @
SA1 : subst X R Cond CS *
SA2 : subst X R T TS *
SA3 : subst X R F FS *
SB : subst X R Cond CS1
SB1 : subst X R T TS1
SB2 : subst X R F FS1
============================
app (app CS TS) FS = app (app CS1 TS1) FS1
< Is: case IsE.
Subgoal 10:
Variables: X R FS TS CS F T Cond FS1 TS1 CS1
IH : forall X R E SA SB,
is_e E -> is_string X -> is_e R -> subst X R E SA * -> subst X R E SB -> SA = SB
IsX : is_string X
IsR : is_e R
SA : subst X R (if Cond T F) (app (app CS TS) FS) @
SA1 : subst X R Cond CS *
SA2 : subst X R T TS *
SA3 : subst X R F FS *
SB : subst X R Cond CS1
SB1 : subst X R T TS1
SB2 : subst X R F FS1
Is : is_e Cond
Is1 : is_e T
Is2 : is_e F
============================
app (app CS TS) FS = app (app CS1 TS1) FS1
< apply IH to _ _ _ SA1 SB.
Subgoal 10:
Variables: X R FS TS F T Cond FS1 TS1 CS1
IH : forall X R E SA SB,
is_e E -> is_string X -> is_e R -> subst X R E SA * -> subst X R E SB -> SA = SB
IsX : is_string X
IsR : is_e R
SA : subst X R (if Cond T F) (app (app CS1 TS) FS) @
SA1 : subst X R Cond CS1 *
SA2 : subst X R T TS *
SA3 : subst X R F FS *
SB : subst X R Cond CS1
SB1 : subst X R T TS1
SB2 : subst X R F FS1
Is : is_e Cond
Is1 : is_e T
Is2 : is_e F
============================
app (app CS1 TS) FS = app (app CS1 TS1) FS1
< apply IH to _ _ _ SA2 SB1.
Subgoal 10:
Variables: X R FS F T Cond FS1 TS1 CS1
IH : forall X R E SA SB,
is_e E -> is_string X -> is_e R -> subst X R E SA * -> subst X R E SB -> SA = SB
IsX : is_string X
IsR : is_e R
SA : subst X R (if Cond T F) (app (app CS1 TS1) FS) @
SA1 : subst X R Cond CS1 *
SA2 : subst X R T TS1 *
SA3 : subst X R F FS *
SB : subst X R Cond CS1
SB1 : subst X R T TS1
SB2 : subst X R F FS1
Is : is_e Cond
Is1 : is_e T
Is2 : is_e F
============================
app (app CS1 TS1) FS = app (app CS1 TS1) FS1
< apply IH to _ _ _ SA3 SB2.
Subgoal 10:
Variables: X R F T Cond FS1 TS1 CS1
IH : forall X R E SA SB,
is_e E -> is_string X -> is_e R -> subst X R E SA * -> subst X R E SB -> SA = SB
IsX : is_string X
IsR : is_e R
SA : subst X R (if Cond T F) (app (app CS1 TS1) FS1) @
SA1 : subst X R Cond CS1 *
SA2 : subst X R T TS1 *
SA3 : subst X R F FS1 *
SB : subst X R Cond CS1
SB1 : subst X R T TS1
SB2 : subst X R F FS1
Is : is_e Cond
Is1 : is_e T
Is2 : is_e F
============================
app (app CS1 TS1) FS1 = app (app CS1 TS1) FS1
< search.
Proof completed.
< Prove lambda_calculus:host:eval_unique.
Subgoal 5:
Variables: VB
IH : forall E VA VB, is_e E -> eval E VA * -> eval E VB -> VA = VB
IsE : is_e trueE
EvA : eval trueE (abs "a" (abs "b" (var "a"))) @
EvB : eval trueE VB
============================
abs "a" (abs "b" (var "a")) = VB
< case EvB.
Subgoal 5:
IH : forall E VA VB, is_e E -> eval E VA * -> eval E VB -> VA = VB
IsE : is_e trueE
EvA : eval trueE (abs "a" (abs "b" (var "a"))) @
============================
abs "a" (abs "b" (var "a")) = abs "a" (abs "b" (var "a"))
< search.
Subgoal 6:
Variables: VB
IH : forall E VA VB, is_e E -> eval E VA * -> eval E VB -> VA = VB
IsE : is_e falseE
EvA : eval falseE (abs "a" (abs "b" (var "b"))) @
EvB : eval falseE VB
============================
abs "a" (abs "b" (var "b")) = VB
< case EvB.
Subgoal 6:
IH : forall E VA VB, is_e E -> eval E VA * -> eval E VB -> VA = VB
IsE : is_e falseE
EvA : eval falseE (abs "a" (abs "b" (var "b"))) @
============================
abs "a" (abs "b" (var "b")) = abs "a" (abs "b" (var "b"))
< search.
Subgoal 7:
Variables: VA VB F T Cond
IH : forall E VA VB, is_e E -> eval E VA * -> eval E VB -> VA = VB
IsE : is_e (if Cond T F)
EvA : eval (if Cond T F) VA @
EvB : eval (if Cond T F) VB
EvA1 : eval (app (app Cond T) F) VA *
============================
VA = VB
< EvB: case EvB.
Subgoal 7:
Variables: VA VB F T Cond
IH : forall E VA VB, is_e E -> eval E VA * -> eval E VB -> VA = VB
IsE : is_e (if Cond T F)
EvA : eval (if Cond T F) VA @
EvA1 : eval (app (app Cond T) F) VA *
EvB : eval (app (app Cond T) F) VB
============================
VA = VB
< Is: case IsE.
Subgoal 7:
Variables: VA VB F T Cond
IH : forall E VA VB, is_e E -> eval E VA * -> eval E VB -> VA = VB
EvA : eval (if Cond T F) VA @
EvA1 : eval (app (app Cond T) F) VA *
EvB : eval (app (app Cond T) F) VB
Is : is_e Cond
Is1 : is_e T
Is2 : is_e F
============================
VA = VB
< apply IH to _ EvA1 EvB.
Subgoal 7:
Variables: VB F T Cond
IH : forall E VA VB, is_e E -> eval E VA * -> eval E VB -> VA = VB
EvA : eval (if Cond T F) VB @
EvA1 : eval (app (app Cond T) F) VB *
EvB : eval (app (app Cond T) F) VB
Is : is_e Cond
Is1 : is_e T
Is2 : is_e F
============================
VB = VB
< search.
Proof completed.
< Prove_Constraint lambda_calculus:host:proj_subst.
Subgoal 1:
Variables: X R S
Proj : |{e}- trueE ~~> abs "a" (abs "b" (var "a"))
IsE : is_e trueE
IsX : is_string X
IsR : is_e R
S : subst X R trueE S
============================
exists S', subst X R (abs "a" (abs "b" (var "a"))) S'
< OrA: apply is_string_eq_or_not to IsX _ with
S2 = "a".
Subgoal 1:
Variables: X R S
Proj : |{e}- trueE ~~> abs "a" (abs "b" (var "a"))
IsE : is_e trueE
IsX : is_string X
IsR : is_e R
S : subst X R trueE S
OrA : X = "a" \/ (X = "a" -> false)
============================
exists S', subst X R (abs "a" (abs "b" (var "a"))) S'
< OrB: apply is_string_eq_or_not to IsX _ with
S2 = "b".
Subgoal 1:
Variables: X R S
Proj : |{e}- trueE ~~> abs "a" (abs "b" (var "a"))
IsE : is_e trueE
IsX : is_string X
IsR : is_e R
S : subst X R trueE S
OrA : X = "a" \/ (X = "a" -> false)
OrB : X = "b" \/ (X = "b" -> false)
============================
exists S', subst X R (abs "a" (abs "b" (var "a"))) S'
< A: case OrA.
Subgoal 1.1:
Variables: R S
Proj : |{e}- trueE ~~> abs "a" (abs "b" (var "a"))
IsE : is_e trueE
IsX : is_string "a"
IsR : is_e R
S : subst "a" R trueE S
OrB : "a" = "b" \/ ("a" = "b" -> false)
============================
exists S', subst "a" R (abs "a" (abs "b" (var "a"))) S'
< search.
Subgoal 1.2:
Variables: X R S
Proj : |{e}- trueE ~~> abs "a" (abs "b" (var "a"))
IsE : is_e trueE
IsX : is_string X
IsR : is_e R
S : subst X R trueE S
OrB : X = "b" \/ (X = "b" -> false)
A : X = "a" -> false
============================
exists S', subst X R (abs "a" (abs "b" (var "a"))) S'
< B: case OrB.
Subgoal 1.2.1:
Variables: R S
Proj : |{e}- trueE ~~> abs "a" (abs "b" (var "a"))
IsE : is_e trueE
IsX : is_string "b"
IsR : is_e R
S : subst "b" R trueE S
A : "b" = "a" -> false
============================
exists S', subst "b" R (abs "a" (abs "b" (var "a"))) S'
< search.
Subgoal 1.2.2:
Variables: X R S
Proj : |{e}- trueE ~~> abs "a" (abs "b" (var "a"))
IsE : is_e trueE
IsX : is_string X
IsR : is_e R
S : subst X R trueE S
A : X = "a" -> false
B : X = "b" -> false
============================
exists S', subst X R (abs "a" (abs "b" (var "a"))) S'
< search.
Subgoal 2:
Variables: X R S
Proj : |{e}- falseE ~~> abs "a" (abs "b" (var "b"))
IsE : is_e falseE
IsX : is_string X
IsR : is_e R
S : subst X R falseE S
============================
exists S', subst X R (abs "a" (abs "b" (var "b"))) S'
< OrA: apply is_string_eq_or_not to IsX _ with
S2 = "a".
Subgoal 2:
Variables: X R S
Proj : |{e}- falseE ~~> abs "a" (abs "b" (var "b"))
IsE : is_e falseE
IsX : is_string X
IsR : is_e R
S : subst X R falseE S
OrA : X = "a" \/ (X = "a" -> false)
============================
exists S', subst X R (abs "a" (abs "b" (var "b"))) S'
< OrB: apply is_string_eq_or_not to IsX _ with
S2 = "b".
Subgoal 2:
Variables: X R S
Proj : |{e}- falseE ~~> abs "a" (abs "b" (var "b"))
IsE : is_e falseE
IsX : is_string X
IsR : is_e R
S : subst X R falseE S
OrA : X = "a" \/ (X = "a" -> false)
OrB : X = "b" \/ (X = "b" -> false)
============================
exists S', subst X R (abs "a" (abs "b" (var "b"))) S'
< A: case OrA.
Subgoal 2.1:
Variables: R S
Proj : |{e}- falseE ~~> abs "a" (abs "b" (var "b"))
IsE : is_e falseE
IsX : is_string "a"
IsR : is_e R
S : subst "a" R falseE S
OrB : "a" = "b" \/ ("a" = "b" -> false)
============================
exists S', subst "a" R (abs "a" (abs "b" (var "b"))) S'
< search.
Subgoal 2.2:
Variables: X R S
Proj : |{e}- falseE ~~> abs "a" (abs "b" (var "b"))
IsE : is_e falseE
IsX : is_string X
IsR : is_e R
S : subst X R falseE S
OrB : X = "b" \/ (X = "b" -> false)
A : X = "a" -> false
============================
exists S', subst X R (abs "a" (abs "b" (var "b"))) S'
< B: case OrB.
Subgoal 2.2.1:
Variables: R S
Proj : |{e}- falseE ~~> abs "a" (abs "b" (var "b"))
IsE : is_e falseE
IsX : is_string "b"
IsR : is_e R
S : subst "b" R falseE S
A : "b" = "a" -> false
============================
exists S', subst "b" R (abs "a" (abs "b" (var "b"))) S'
< search.
Subgoal 2.2.2:
Variables: X R S
Proj : |{e}- falseE ~~> abs "a" (abs "b" (var "b"))
IsE : is_e falseE
IsX : is_string X
IsR : is_e R
S : subst X R falseE S
A : X = "a" -> false
B : X = "b" -> false
============================
exists S', subst X R (abs "a" (abs "b" (var "b"))) S'
< search.
Subgoal 3:
Variables: X R S F T Cond
Proj : |{e}- if Cond T F ~~> app (app Cond T) F
IsE : is_e (if Cond T F)
IsX : is_string X
IsR : is_e R
S : subst X R (if Cond T F) S
============================
exists S', subst X R (app (app Cond T) F) S'
< Is: case IsE.
Subgoal 3:
Variables: X R S F T Cond
Proj : |{e}- if Cond T F ~~> app (app Cond T) F
IsX : is_string X
IsR : is_e R
S : subst X R (if Cond T F) S
Is : is_e Cond
Is1 : is_e T
Is2 : is_e F
============================
exists S', subst X R (app (app Cond T) F) S'
< S: case S.
Subgoal 3:
Variables: X R F T Cond FS TS CS
Proj : |{e}- if Cond T F ~~> app (app Cond T) F
IsX : is_string X
IsR : is_e R
Is : is_e Cond
Is1 : is_e T
Is2 : is_e F
S : subst X R Cond CS
S1 : subst X R T TS
S2 : subst X R F FS
============================
exists S', subst X R (app (app Cond T) F) S'
< search.
Proof completed.
< Prove_Constraint lambda_calculus:host:proj_subst_same.
Subgoal 1:
Variables: X R S S'
Proj : |{e}- trueE ~~> abs "a" (abs "b" (var "a"))
IsE : is_e trueE
IsX : is_string X
IsR : is_e R
S : subst X R trueE S
S' : subst X R (abs "a" (abs "b" (var "a"))) S'
============================
S = S'
< case S.
Subgoal 1:
Variables: X R S'
Proj : |{e}- trueE ~~> abs "a" (abs "b" (var "a"))
IsE : is_e trueE
IsX : is_string X
IsR : is_e R
S' : subst X R (abs "a" (abs "b" (var "a"))) S'
============================
abs "a" (abs "b" (var "a")) = S'
< S': case S'.
Subgoal 1.1:
Variables: R
Proj : |{e}- trueE ~~> abs "a" (abs "b" (var "a"))
IsE : is_e trueE
IsX : is_string "a"
IsR : is_e R
============================
abs "a" (abs "b" (var "a")) = abs "a" (abs "b" (var "a"))
< search.
Subgoal 1.2:
Variables: X R B
Proj : |{e}- trueE ~~> abs "a" (abs "b" (var "a"))
IsE : is_e trueE
IsX : is_string X
IsR : is_e R
S' : X = "a" -> false
S'1 : subst X R (abs "b" (var "a")) B
============================
abs "a" (abs "b" (var "a")) = abs "a" B
< T: case S'1.
Subgoal 1.2.1:
Variables: R
Proj : |{e}- trueE ~~> abs "a" (abs "b" (var "a"))
IsE : is_e trueE
IsX : is_string "b"
IsR : is_e R
S' : "b" = "a" -> false
============================
abs "a" (abs "b" (var "a")) = abs "a" (abs "b" (var "a"))
< search.
Subgoal 1.2.2:
Variables: X R B1
Proj : |{e}- trueE ~~> abs "a" (abs "b" (var "a"))
IsE : is_e trueE
IsX : is_string X
IsR : is_e R
S' : X = "a" -> false
T : X = "b" -> false
T1 : subst X R (var "a") B1
============================
abs "a" (abs "b" (var "a")) = abs "a" (abs "b" B1)
< U: case T1.
Subgoal 1.2.2.1:
Variables: B1
Proj : |{e}- trueE ~~> abs "a" (abs "b" (var "a"))
IsE : is_e trueE
IsX : is_string "a"
IsR : is_e B1
S' : "a" = "a" -> false
T : "a" = "b" -> false
============================
abs "a" (abs "b" (var "a")) = abs "a" (abs "b" B1)
< apply S' to _.
Subgoal 1.2.2.2:
Variables: X R
Proj : |{e}- trueE ~~> abs "a" (abs "b" (var "a"))
IsE : is_e trueE
IsX : is_string X
IsR : is_e R
S' : X = "a" -> false
T : X = "b" -> false
U : X = "a" -> false
============================
abs "a" (abs "b" (var "a")) = abs "a" (abs "b" (var "a"))
< search.
Subgoal 2:
Variables: X R S S'
Proj : |{e}- falseE ~~> abs "a" (abs "b" (var "b"))
IsE : is_e falseE
IsX : is_string X
IsR : is_e R
S : subst X R falseE S
S' : subst X R (abs "a" (abs "b" (var "b"))) S'
============================
S = S'
< case S.
Subgoal 2:
Variables: X R S'
Proj : |{e}- falseE ~~> abs "a" (abs "b" (var "b"))
IsE : is_e falseE
IsX : is_string X
IsR : is_e R
S' : subst X R (abs "a" (abs "b" (var "b"))) S'
============================
abs "a" (abs "b" (var "b")) = S'
< S': case S'.
Subgoal 2.1:
Variables: R
Proj : |{e}- falseE ~~> abs "a" (abs "b" (var "b"))
IsE : is_e falseE
IsX : is_string "a"
IsR : is_e R
============================
abs "a" (abs "b" (var "b")) = abs "a" (abs "b" (var "b"))
< search.
Subgoal 2.2:
Variables: X R B
Proj : |{e}- falseE ~~> abs "a" (abs "b" (var "b"))
IsE : is_e falseE
IsX : is_string X
IsR : is_e R
S' : X = "a" -> false
S'1 : subst X R (abs "b" (var "b")) B
============================
abs "a" (abs "b" (var "b")) = abs "a" B
< T: case S'1.
Subgoal 2.2.1:
Variables: R
Proj : |{e}- falseE ~~> abs "a" (abs "b" (var "b"))
IsE : is_e falseE
IsX : is_string "b"
IsR : is_e R
S' : "b" = "a" -> false
============================
abs "a" (abs "b" (var "b")) = abs "a" (abs "b" (var "b"))
< search.
Subgoal 2.2.2:
Variables: X R B1
Proj : |{e}- falseE ~~> abs "a" (abs "b" (var "b"))
IsE : is_e falseE
IsX : is_string X
IsR : is_e R
S' : X = "a" -> false
T : X = "b" -> false
T1 : subst X R (var "b") B1
============================
abs "a" (abs "b" (var "b")) = abs "a" (abs "b" B1)
< U: case T1.
Subgoal 2.2.2.1:
Variables: B1
Proj : |{e}- falseE ~~> abs "a" (abs "b" (var "b"))
IsE : is_e falseE
IsX : is_string "b"
IsR : is_e B1
S' : "b" = "a" -> false
T : "b" = "b" -> false
============================
abs "a" (abs "b" (var "b")) = abs "a" (abs "b" B1)
< apply T to _.
Subgoal 2.2.2.2:
Variables: X R
Proj : |{e}- falseE ~~> abs "a" (abs "b" (var "b"))
IsE : is_e falseE
IsX : is_string X
IsR : is_e R
S' : X = "a" -> false
T : X = "b" -> false
U : X = "b" -> false
============================
abs "a" (abs "b" (var "b")) = abs "a" (abs "b" (var "b"))
< search.
Subgoal 3:
Variables: X R S S' F T Cond
Proj : |{e}- if Cond T F ~~> app (app Cond T) F
IsE : is_e (if Cond T F)
IsX : is_string X
IsR : is_e R
S : subst X R (if Cond T F) S
S' : subst X R (app (app Cond T) F) S'
============================
S = S'
< S: case S.
Subgoal 3:
Variables: X R S' F T Cond FS TS CS
Proj : |{e}- if Cond T F ~~> app (app Cond T) F
IsE : is_e (if Cond T F)
IsX : is_string X
IsR : is_e R
S' : subst X R (app (app Cond T) F) S'
S : subst X R Cond CS
S1 : subst X R T TS
S2 : subst X R F FS
============================
app (app CS TS) FS = S'
< S': case S'.
Subgoal 3:
Variables: X R F T Cond FS TS CS S2 S1
Proj : |{e}- if Cond T F ~~> app (app Cond T) F
IsE : is_e (if Cond T F)
IsX : is_string X
IsR : is_e R
S : subst X R Cond CS
S1 : subst X R T TS
S2 : subst X R F FS
S' : subst X R (app Cond T) S1
S'1 : subst X R F S2
============================
app (app CS TS) FS = app S1 S2
< S'': case S'.
Subgoal 3:
Variables: X R F T Cond FS TS CS S2 S4 S3
Proj : |{e}- if Cond T F ~~> app (app Cond T) F
IsE : is_e (if Cond T F)
IsX : is_string X
IsR : is_e R
S : subst X R Cond CS
S1 : subst X R T TS
S2 : subst X R F FS
S'1 : subst X R F S2
S'' : subst X R Cond S3
S''1 : subst X R T S4
============================
app (app CS TS) FS = app (app S3 S4) S2
< Is: case IsE.
Subgoal 3:
Variables: X R F T Cond FS TS CS S2 S4 S3
Proj : |{e}- if Cond T F ~~> app (app Cond T) F
IsX : is_string X
IsR : is_e R
S : subst X R Cond CS
S1 : subst X R T TS
S2 : subst X R F FS
S'1 : subst X R F S2
S'' : subst X R Cond S3
S''1 : subst X R T S4
Is : is_e Cond
Is1 : is_e T
Is2 : is_e F
============================
app (app CS TS) FS = app (app S3 S4) S2
< apply subst_unique to _ _ _ S S''.
Subgoal 3:
Variables: X R F T Cond FS TS S2 S4 S3
Proj : |{e}- if Cond T F ~~> app (app Cond T) F
IsX : is_string X
IsR : is_e R
S : subst X R Cond S3
S1 : subst X R T TS
S2 : subst X R F FS
S'1 : subst X R F S2
S'' : subst X R Cond S3
S''1 : subst X R T S4
Is : is_e Cond
Is1 : is_e T
Is2 : is_e F
============================
app (app S3 TS) FS = app (app S3 S4) S2
< apply subst_unique to _ _ _ S1 S''1.
Subgoal 3:
Variables: X R F T Cond FS S2 S4 S3
Proj : |{e}- if Cond T F ~~> app (app Cond T) F
IsX : is_string X
IsR : is_e R
S : subst X R Cond S3
S1 : subst X R T S4
S2 : subst X R F FS
S'1 : subst X R F S2
S'' : subst X R Cond S3
S''1 : subst X R T S4
Is : is_e Cond
Is1 : is_e T
Is2 : is_e F
============================
app (app S3 S4) FS = app (app S3 S4) S2
< apply subst_unique to _ _ _ S2 S'1.
Subgoal 3:
Variables: X R F T Cond S2 S4 S3
Proj : |{e}- if Cond T F ~~> app (app Cond T) F
IsX : is_string X
IsR : is_e R
S : subst X R Cond S3
S1 : subst X R T S4
S2 : subst X R F S2
S'1 : subst X R F S2
S'' : subst X R Cond S3
S''1 : subst X R T S4
Is : is_e Cond
Is1 : is_e T
Is2 : is_e F
============================
app (app S3 S4) S2 = app (app S3 S4) S2
< search.
Proof completed.
< Prove_Constraint lambda_calculus:host:proj_eval.
Subgoal 1:
Variables: V
Proj : |{e}- trueE ~~> abs "a" (abs "b" (var "a"))
IsE : is_e trueE
Ev : eval trueE V
============================
exists V', eval (abs "a" (abs "b" (var "a"))) V'
< search.
Subgoal 2:
Variables: V
Proj : |{e}- falseE ~~> abs "a" (abs "b" (var "b"))
IsE : is_e falseE
Ev : eval falseE V
============================
exists V', eval (abs "a" (abs "b" (var "b"))) V'
< search.
Subgoal 3:
Variables: V F T Cond
Proj : |{e}- if Cond T F ~~> app (app Cond T) F
IsE : is_e (if Cond T F)
Ev : eval (if Cond T F) V
============================
exists V', eval (app (app Cond T) F) V'
< Ev: case Ev.
Subgoal 3:
Variables: V F T Cond
Proj : |{e}- if Cond T F ~~> app (app Cond T) F
IsE : is_e (if Cond T F)
Ev : eval (app (app Cond T) F) V
============================
exists V', eval (app (app Cond T) F) V'
< search.
Proof completed.
< Prove_Constraint lambda_calculus:host:proj_eval_same.
Subgoal 1:
Variables: V V'
Proj : |{e}- trueE ~~> abs "a" (abs "b" (var "a"))
IsE : is_e trueE
Ev : eval trueE V
Ev' : eval (abs "a" (abs "b" (var "a"))) V'
============================
V = V'
< case Ev.
Subgoal 1:
Variables: V'
Proj : |{e}- trueE ~~> abs "a" (abs "b" (var "a"))
IsE : is_e trueE
Ev' : eval (abs "a" (abs "b" (var "a"))) V'
============================
abs "a" (abs "b" (var "a")) = V'
< case Ev'.
Subgoal 1:
Proj : |{e}- trueE ~~> abs "a" (abs "b" (var "a"))
IsE : is_e trueE
============================
abs "a" (abs "b" (var "a")) = abs "a" (abs "b" (var "a"))
< search.
Subgoal 2:
Variables: V V'
Proj : |{e}- falseE ~~> abs "a" (abs "b" (var "b"))
IsE : is_e falseE
Ev : eval falseE V
Ev' : eval (abs "a" (abs "b" (var "b"))) V'
============================
V = V'
< case Ev.
Subgoal 2:
Variables: V'
Proj : |{e}- falseE ~~> abs "a" (abs "b" (var "b"))
IsE : is_e falseE
Ev' : eval (abs "a" (abs "b" (var "b"))) V'
============================
abs "a" (abs "b" (var "b")) = V'
< case Ev'.
Subgoal 2:
Proj : |{e}- falseE ~~> abs "a" (abs "b" (var "b"))
IsE : is_e falseE
============================
abs "a" (abs "b" (var "b")) = abs "a" (abs "b" (var "b"))
< search.
Subgoal 3:
Variables: V V' F T Cond
Proj : |{e}- if Cond T F ~~> app (app Cond T) F
IsE : is_e (if Cond T F)
Ev : eval (if Cond T F) V
Ev' : eval (app (app Cond T) F) V'
============================
V = V'
< Ev: case Ev.
Subgoal 3:
Variables: V V' F T Cond
Proj : |{e}- if Cond T F ~~> app (app Cond T) F
IsE : is_e (if Cond T F)
Ev' : eval (app (app Cond T) F) V'
Ev : eval (app (app Cond T) F) V
============================
V = V'
< case IsE.
Subgoal 3:
Variables: V V' F T Cond
Proj : |{e}- if Cond T F ~~> app (app Cond T) F
Ev' : eval (app (app Cond T) F) V'
Ev : eval (app (app Cond T) F) V
H1 : is_e Cond
H2 : is_e T
H3 : is_e F
============================
V = V'
< apply eval_unique to _ Ev' Ev.
Subgoal 3:
Variables: V F T Cond
Proj : |{e}- if Cond T F ~~> app (app Cond T) F
Ev' : eval (app (app Cond T) F) V
Ev : eval (app (app Cond T) F) V
H1 : is_e Cond
H2 : is_e T
H3 : is_e F
============================
V = V
< search.
Proof completed.
< Add_Ext_Size lambda_calculus:host:eval.
Proof completed.
< Add_Proj_Rel lambda_calculus:host:eval.
Proof completed.
< Prove_Ext_Ind lambda_calculus:host:eval.
Subgoal 5:
IH : forall N E V, <eval {ES}> E V N -> acc N * -> <eval {P}> E V
IH1 : forall N E V, <eval {ES}> E V N ** -> acc N @ -> <eval {P}> E V
R : <eval {ES}> trueE (abs "a" (abs "b" (var "a"))) 1 @@
Acc : acc 1 @
============================
<eval {P}> trueE (abs "a" (abs "b" (var "a")))
< unfold .
Subgoal 5:
IH : forall N E V, <eval {ES}> E V N -> acc N * -> <eval {P}> E V
IH1 : forall N E V, <eval {ES}> E V N ** -> acc N @ -> <eval {P}> E V
R : <eval {ES}> trueE (abs "a" (abs "b" (var "a"))) 1 @@
Acc : acc 1 @
============================
exists E_T, |{e}- trueE ~~> E_T /\ <eval {P}> E_T (abs "a" (abs "b" (var "a")))
< exists abs "a" (abs "b" (var "a")).
Subgoal 5:
IH : forall N E V, <eval {ES}> E V N -> acc N * -> <eval {P}> E V
IH1 : forall N E V, <eval {ES}> E V N ** -> acc N @ -> <eval {P}> E V
R : <eval {ES}> trueE (abs "a" (abs "b" (var "a"))) 1 @@
Acc : acc 1 @
============================
|{e}- trueE ~~> abs "a" (abs "b" (var "a")) /\
<eval {P}> (abs "a" (abs "b" (var "a"))) (abs "a" (abs "b" (var "a")))
< search 7.
Subgoal 6:
IH : forall N E V, <eval {ES}> E V N -> acc N * -> <eval {P}> E V
IH1 : forall N E V, <eval {ES}> E V N ** -> acc N @ -> <eval {P}> E V
R : <eval {ES}> falseE (abs "a" (abs "b" (var "b"))) 1 @@
Acc : acc 1 @
============================
<eval {P}> falseE (abs "a" (abs "b" (var "b")))
< unfold .
Subgoal 6:
IH : forall N E V, <eval {ES}> E V N -> acc N * -> <eval {P}> E V
IH1 : forall N E V, <eval {ES}> E V N ** -> acc N @ -> <eval {P}> E V
R : <eval {ES}> falseE (abs "a" (abs "b" (var "b"))) 1 @@
Acc : acc 1 @
============================
exists E_T,
|{e}- falseE ~~> E_T /\ <eval {P}> E_T (abs "a" (abs "b" (var "b")))
< exists abs "a" (abs "b" (var "b")).
Subgoal 6:
IH : forall N E V, <eval {ES}> E V N -> acc N * -> <eval {P}> E V
IH1 : forall N E V, <eval {ES}> E V N ** -> acc N @ -> <eval {P}> E V
R : <eval {ES}> falseE (abs "a" (abs "b" (var "b"))) 1 @@
Acc : acc 1 @
============================
|{e}- falseE ~~> abs "a" (abs "b" (var "b")) /\
<eval {P}> (abs "a" (abs "b" (var "b"))) (abs "a" (abs "b" (var "b")))
< search 7.
Subgoal 7:
Variables: N V N2 F T Cond
IH : forall N E V, <eval {ES}> E V N -> acc N * -> <eval {P}> E V
IH1 : forall N E V, <eval {ES}> E V N ** -> acc N @ -> <eval {P}> E V
R : <eval {ES}> (if Cond T F) V N @@
Acc : acc N @
R1 : 1 + N2 = N
R2 : <eval {ES}> (app (app Cond T) F) V N2 **
============================
<eval {P}> (if Cond T F) V
< apply ext_size_is_int_eval to R2.
Subgoal 7:
Variables: N V N2 F T Cond
IH : forall N E V, <eval {ES}> E V N -> acc N * -> <eval {P}> E V
IH1 : forall N E V, <eval {ES}> E V N ** -> acc N @ -> <eval {P}> E V
R : <eval {ES}> (if Cond T F) V N @@
Acc : acc N @
R1 : 1 + N2 = N
R2 : <eval {ES}> (app (app Cond T) F) V N2 **
H1 : is_integer N2
============================
<eval {P}> (if Cond T F) V
< L: apply lt_plus_one to R1 _.
Subgoal 7:
Variables: N V N2 F T Cond
IH : forall N E V, <eval {ES}> E V N -> acc N * -> <eval {P}> E V
IH1 : forall N E V, <eval {ES}> E V N ** -> acc N @ -> <eval {P}> E V
R : <eval {ES}> (if Cond T F) V N @@
Acc : acc N @
R1 : 1 + N2 = N
R2 : <eval {ES}> (app (app Cond T) F) V N2 **
H1 : is_integer N2
L : N2 < N
============================
<eval {P}> (if Cond T F) V
< apply ext_size_pos_eval to R2.
Subgoal 7:
Variables: N V N2 F T Cond
IH : forall N E V, <eval {ES}> E V N -> acc N * -> <eval {P}> E V
IH1 : forall N E V, <eval {ES}> E V N ** -> acc N @ -> <eval {P}> E V
R : <eval {ES}> (if Cond T F) V N @@
Acc : acc N @
R1 : 1 + N2 = N
R2 : <eval {ES}> (app (app Cond T) F) V N2 **
H1 : is_integer N2
L : N2 < N
H2 : 0 <= N2
============================
<eval {P}> (if Cond T F) V
< Acc: case Acc.
Subgoal 7:
Variables: N V N2 F T Cond
IH : forall N E V, <eval {ES}> E V N -> acc N * -> <eval {P}> E V
IH1 : forall N E V, <eval {ES}> E V N ** -> acc N @ -> <eval {P}> E V
R : <eval {ES}> (if Cond T F) V N @@
R1 : 1 + N2 = N
R2 : <eval {ES}> (app (app Cond T) F) V N2 **
H1 : is_integer N2
L : N2 < N
H2 : 0 <= N2
Acc : forall M, 0 <= M -> M < N -> acc M *
============================
<eval {P}> (if Cond T F) V
< A: apply Acc to _ L.
Subgoal 7:
Variables: N V N2 F T Cond
IH : forall N E V, <eval {ES}> E V N -> acc N * -> <eval {P}> E V
IH1 : forall N E V, <eval {ES}> E V N ** -> acc N @ -> <eval {P}> E V
R : <eval {ES}> (if Cond T F) V N @@
R1 : 1 + N2 = N
R2 : <eval {ES}> (app (app Cond T) F) V N2 **
H1 : is_integer N2
L : N2 < N
H2 : 0 <= N2
Acc : forall M, 0 <= M -> M < N -> acc M *
A : acc N2 *
============================
<eval {P}> (if Cond T F) V
< apply IH to R2 A.
Subgoal 7:
Variables: N V N2 F T Cond
IH : forall N E V, <eval {ES}> E V N -> acc N * -> <eval {P}> E V
IH1 : forall N E V, <eval {ES}> E V N ** -> acc N @ -> <eval {P}> E V
R : <eval {ES}> (if Cond T F) V N @@
R1 : 1 + N2 = N
R2 : <eval {ES}> (app (app Cond T) F) V N2 **
H1 : is_integer N2
L : N2 < N
H2 : 0 <= N2
Acc : forall M, 0 <= M -> M < N -> acc M *
A : acc N2 *
H3 : <eval {P}> (app (app Cond T) F) V
============================
<eval {P}> (if Cond T F) V
< exists app (app Cond T) F.
Subgoal 7:
Variables: N V N2 F T Cond
IH : forall N E V, <eval {ES}> E V N -> acc N * -> <eval {P}> E V
IH1 : forall N E V, <eval {ES}> E V N ** -> acc N @ -> <eval {P}> E V
R : <eval {ES}> (if Cond T F) V N @@
R1 : 1 + N2 = N
R2 : <eval {ES}> (app (app Cond T) F) V N2 **
H1 : is_integer N2
L : N2 < N
H2 : 0 <= N2
Acc : forall M, 0 <= M -> M < N -> acc M *
A : acc N2 *
H3 : <eval {P}> (app (app Cond T) F) V
============================
<eval {P}> (if Cond T F) V
< search.
Proof completed.
