Extensibella: Extensibella Example: unsat

Language Specification

File: syntax.sos

Module unsat_proofs:lrat

/*
  Variables are integers
*/
lit ::= pos(int)
      | neg(int)

Projection lit :


clause ::= emptyClause
         | or(lit, clause)

Projection clause :


formula ::= emptyFormula
          | and(clause, formula)

Projection formula :





/*
  Clause ID is an integer
*/
proof ::= emptyLrat(int, [int])
        | addLrupProof(int, clause, [int], proof)
        | deleteLratProof(int, proof)

Projection proof : [(int, clause)]

File: sat.sos

[Reduce File] [Raw File]

Module unsat_proofs:lrat

Judgment sat_clause : [lit] clause*
Judgment sat_formula : [lit] formula*

mem L A
------------------------ [SC-Here]
sat_clause A or(L, Rest)


sat_clause A Rest
------------------------ [SC-Later]
sat_clause A or(L, Rest)



-------------------------- [SF-Empty]
sat_formula A emptyFormula


sat_clause A C
sat_formula A Rest
-------------------------- [SF-And]
sat_formula A and(C, Rest)




Judgment negate_lit : lit* lit

------------------------ [N-Pos]
negate_lit pos(V) neg(V)


------------------------ [N-Neg]
negate_lit neg(V) pos(V)




Judgment unsat_clause : [lit] clause*

-------------------------- [USC-EmptyClause]
unsat_clause A emptyClause


negate_lit L NL
mem NL A
unsat_clause A Rest
-------------------------- [USC-Step]
unsat_clause A or(L, Rest)

File: check.sos

[Reduce File] [Raw File]

Module unsat_proofs:lrat


Fixed Judgment proveFormula : formula proof

formulaToKnown 1 F KnownClauses
checkProof KnownClauses Prf
=============================== [ProveFormula]
proveFormula F Prf





/*Turn a formula into a list of known clauses, numbering them with the
  first argument*/
Judgment formulaToKnown : int formula* [(int, clause)]

--------------------------------- [FTK-Empty]
formulaToKnown ID emptyFormula []


ID + 1 = NewID
formulaToKnown NewID Rest KRest
--------------------------------------------- [FTK-And]
formulaToKnown ID and(C, Rest) (ID, C)::KRest





Judgment checkProof : [(int, clause)] proof*

rupProof Known emptyClause Prf
----------------------------------- [CP-EmptyLrat]
checkProof Known emptyLrat(ID, Prf)


remove_all Known ID KRest
rupProof Known C Prf
checkProof (ID, C)::KRest Rest
----------------------------------------------- [CP-AddLrup]
checkProof Known addLrupProof(ID, C, Prf, Rest)


select (ID, C) KRest Known
checkProof KRest Rest
------------------------------------------ [CP-DeleteLrat]
checkProof Known deleteLratProof(ID, Rest)


Extensibella_Stand_In{
  Known |{proof}- P ~~> P_P
  checkProof Known P_P
  ------------------------- [CP-Q]
  checkProof Known P
}



Judgment gatherLits : clause* [lit]

------------------------- [GL-EmptyClause]
gatherLits emptyClause []


gatherLits Rest LRest
------------------------------- [GL-Or]
gatherLits or(L, Rest) L::LRest




Fixed Judgment negateLitList : [lit] [lit]

=================== [NLL-Nil]
negateLitList [] []


negate_lit L N
negateLitList LRest NRest
=================================== [NLL-Cons]
negateLitList (L::LRest) (N::NRest)




                         /*known clauses, clause, proof*/
Fixed Judgment rupProof : [(int, clause)] clause [int]
                          /*known clauses, assignment, proof*/
Fixed Judgment rupProof_help : [(int, clause)] [lit] [int]

gatherLits C Lits
negateLitList Lits A
rupProof_help Known A Prf
========================= [RUPP]
rupProof Known C Prf



lookup Known ID C
unsat_clause A C
========================= [RUPPH-End]
rupProof_help Known A [ID]


lookup Known ID C
unit_clause A C L
rupProof_help Known L::A Prf
============================= [RUPPH-Step]
rupProof_help Known A ID::Prf




                     /*assignment, clause, unit ID*/
Judgment unit_clause : [lit] clause* lit

!mem L A
negate_lit L NL
!mem NL A
unsat_clause A C
------------------------ [UC-Here]
unit_clause A or(L, C) L


negate_lit L NL
mem NL A
unit_clause A C UL
------------------------- [UC-Later]
unit_clause A or(L, C) UL





/*remove all the bindings for the given ID
  succeeds even if no bindings are present*/
Fixed Judgment remove_all : [(int, clause)] int [(int, clause)]

================== [RA-Nil]
remove_all [] I []


remove_all IRest I Rest
=============================== [RA-Remove]
remove_all (I, C)::IRest I Rest


A != I
remove_all IRest I Rest
======================================= [RA-Step]
remove_all (A, C)::IRest I (A, C)::Rest

Reasoning

[Show All Proofs] [Hide All Proofs] [Raw File]

Click on a command or tactic to see a detailed view of its use.

Module unsat_proofs:lrat.

/********************************************************************
 *                           PROJECTIONS                            *
 ********************************************************************/
Projection_Constraint proj_lit_unique : forall L LA LB,
  ProjA : |{lit}- L ~~> LA ->
  ProjB : |{lit}- L ~~> LB ->
  LA = LB.
Projection_Constraint proj_lit_is : forall L LT,
  Proj : |{lit}- L ~~> LT ->
  IsL : is_lit L ->
  is_lit LT.

Projection_Constraint proj_clause_unique : forall C CA CB,
  ProjA : |{clause}- C ~~> CA ->
  ProjB : |{clause}- C ~~> CB ->
  CA = CB.
Projection_Constraint proj_clause_is : forall C CT,
  Proj : |{clause}- C ~~> CT ->
  IsC : is_clause C ->
  is_clause CT.

Projection_Constraint proj_formula_unique : forall F FA FB,
  ProjA : |{formula}- F ~~> FA ->
  ProjB : |{formula}- F ~~> FB ->
  FA = FB.
Projection_Constraint proj_formula_is : forall F FT,
  Proj : |{formula}- F ~~> FT ->
  IsF : is_formula F ->
  is_formula FT.

%Have proj_proof_is later because, relying on the known clauses as
%the projection may, it might be it also relies on other relations
%that use them, and then we want properties of them.


/********************************************************************
 *                           IS EXT_INDS                            *
 ********************************************************************/
Proj_Rel is_clause C.
Ext_Ind forall C, is_clause C. [Show Proof]

%emptyClause
 search.
%or
 apply IH to R2. search.

Proj_Rel is_formula F.
Ext_Ind forall F, is_formula F. [Show Proof]

%emptyFormula
 search.
%and
 apply IH to R2. search.

/*
  Don't have Ext_Ind for is_proof because the projection can depend on
  the provability of the clause, so getting that for arbitrary proofs
  without adding checkProof is not possible, and adding checkProof is
  an unreasonable addition for Ext_Ind for is_proof.
*/


/********************************************************************
 *                        DECIDABLE EQUALITY                        *
 ********************************************************************/
%Make this a fixed type as there is nothing else reasonable to add
Extensible_Theorem
  is_lit_pos_or_neg : forall L,
    IsL : is_lit L ->
    exists I, L = pos I \/ L = neg I
  on IsL. [Show Proof]

%pos
 search.
%neg
 search.

Theorem is_lit_eq_or_not : forall L1 L2,
  is_lit L1 -> is_lit L2 -> L1 = L2 \/ (L1 = L2 -> false). [Show Proof]

intros IsL1 IsL2. Or1: apply is_lit_pos_or_neg to IsL1.
Or2: apply is_lit_pos_or_neg to IsL2. case Or1.
  %pos
   case Or2.
     %pos
      Is1: case IsL1. Is2: case IsL2.
      Or: apply is_integer_eq_or_not to Is1 Is2. N: case Or.
        %I = I1
         search.
        %I != I1
         right. intros E. case E. backchain N.
     %neg
      right. intros E. case E.
  %neg
   case Or2.
     %pos
      right. intros E. case E.
     %neg
      Is1: case IsL1. Is2: case IsL2.
      Or: apply is_integer_eq_or_not to Is1 Is2. N: case Or.
        %I = I1
         search.
        %I != I1
         right. intros E. case E. backchain N.


Extensible_Theorem
  is_clause_empty_or_not : forall C,
    IsC : is_clause C ->
    emptyClause = C \/ (emptyClause = C -> false)
  on IsC. [Show Proof]

%emptyClause
 search.
%or
 right. intros E. case E.
Extensible_Theorem
  is_clause_or_or_not : forall C,
    IsC : is_clause C ->
    (exists L R, or L R = C) \/ ((exists L R, or L R = C) -> false)
  on IsC. [Show Proof]

%emptyClause
 right. intros E. case E.
%or
 search.
Extensible_Theorem
  is_clause_eq_or_not : forall C1 C2,
    IsC1 : is_clause C1 ->
    IsC2 : is_clause C2 ->
    C1 = C2 \/ (C1 = C2 -> false)
  on IsC1. [Show Proof]

%emptyClause
 Or: apply is_clause_empty_or_not to IsC2. Eq: case Or.
   %eq
    search.
   %not eq
    search.
%or
 Or: apply is_clause_or_or_not to IsC2. Form: case Or.
   %has form
    Is: case IsC2. Or: apply is_lit_eq_or_not to Is IsC3.
    NEq: case Or.
      %lits equal
       Or: apply IH to IsC4 Is1. NEq: case Or.
         %rest of clause equal
          search.
         %rest unequal
          right. intros E. case E. backchain NEq.
      %lits unequal
       right. intros E. case E. backchain NEq.
   %does not have form
    right. intros E. case E. backchain Form.


Extensible_Theorem
  is_formula_empty_or_not : forall F,
    IsF : is_formula F ->
    F = emptyFormula \/ (F = emptyFormula -> false)
  on IsF. [Show Proof]

%emptyFormula
 search.
%and
 search.
Extensible_Theorem
  is_formula_and_or_not : forall F,
    IsF : is_formula F ->
    (exists C F', F = unsat_proofs:lrat:and C F') \/
    ((exists C F', F = unsat_proofs:lrat:and C F') -> false)
  on IsF. [Show Proof]

%emptyFormula
 search.
%and
 search.
Extensible_Theorem
  is_formula_eq_or_not : forall F1 F2,
    IsF1 : is_formula F1 ->
    IsF2 : is_formula F2 ->
    F1 = F2 \/ (F1 = F2 -> false)
  on IsF1. [Show Proof]

%emptyFormula
 Or: apply is_formula_empty_or_not to IsF2. N: case Or.
   %emptyFormula
    search.
   %not emptyFormula
    right. intros E. case E. backchain N.
%and
 Or: apply is_formula_and_or_not to IsF2. N: case Or.
   %and
    Is': case IsF2. Or: apply is_clause_eq_or_not to IsF3 Is'.
    N: case Or.
      %Clause = C
       Or: apply IH to IsF4 Is'1. N: case Or.
         %Formula = F'
          search.
         %Formula != F'
          right. intros E. case E. backchain N.
      %Clause != C
       right. intros E. case E. backchain N.
   %not and
    right. intros E. case E. backchain N.


Theorem is_list_integer_eq_or_not : forall L1 L2,
  is_list is_integer L1 -> is_list is_integer L2 ->
  L1 = L2 \/ (L1 = L2 -> false). [Show Proof]

induction on 1. intros IsL1 IsL2. Is: case IsL1.
  %nil
   Is': case IsL2.
     %nil
      search.
     %cons
      search.
  %cons
   Is': case IsL2.
     %nil
      search.
     %cons
      Or: apply is_integer_eq_or_not to Is Is'. N: case Or.
        %H = H1
         Or: apply IH to Is1 Is'1. N: case Or.
           %T = T1
            search.
           %T != T1
            right. intros E. case E. backchain N.
        %H != H1
         right. intros E. case E. backchain N.





/********************************************************************
 *                           LIST HELPERS                           *
 ********************************************************************/
Theorem lookup_after_select : forall Known ID ID' C C' KRest,
  is_list (is_pair is_integer is_clause) Known -> is_integer ID' ->
  (forall I C1 C2, mem (I, C1) Known ->
                   mem (I, C2) Known -> C1 = C2) ->
  select (ID, C) KRest Known -> lookup KRest ID' C' ->
  lookup Known ID' C'. [Show Proof]

induction on 4. intros IsK IsID' GCL Slct Lkp. Slct: case Slct.
  %Slct-First
   Is: case IsK. Is: case Is.
   Or: apply is_integer_eq_or_not to IsID' Is. Eq: case Or.
     %ID = ID'
      M1: apply lookup_mem to Lkp.
      M2: assert mem (ID, C') ((ID, C)::KRest).
      M3: assert mem (ID, C) ((ID, C)::KRest).
      apply GCL to M2 M3. search.
     %ID = ID' -> false
      unfold. intros E. case E. backchain Eq. search.
  %Slct-Later
   Is: case IsK. Lkp: case Lkp.
     %Lkp-Here
      search.
     %Lkp-Later
      assert forall I C1 C2, mem (I, C1) L2 -> mem (I, C2) L2 ->
                             C1 = C2.
        intros MA MB. MA': assert mem (I1, C1) ((K, V)::L2).
        MB': assert mem (I1, C2) ((K, V)::L2). apply GCL to MA' MB'.
        search.
      apply IH to Is1 IsID' _ Slct Lkp1. search.


Theorem mem_is : forall Known (IDC : pair integer clause),
  is_list (is_pair is_integer is_clause) Known -> mem IDC Known ->
  exists ID C, IDC = (ID, C) /\ is_integer ID /\ is_clause C. [Show Proof]

induction on 2. intros Is Mem. Mem: case Mem.
  %Mem-Here
   Is: case Is. case Is. search.
  %Mem-Later
   Is: case Is. apply IH to _ Mem. search.


Theorem mem_is_lit : forall Assignment L,
  is_list is_lit Assignment -> mem L Assignment -> is_lit L. [Show Proof]

induction on 2. intros Is Mem. Mem: case Mem.
  %Mem-Here
   Is: case Is. search.
  %Mem-Later
   Is: case Is. apply IH to _ Mem. search.


Theorem select_is : forall Known KRest IDC,
  is_list (is_pair is_integer is_clause) Known ->
  select IDC KRest Known ->
  is_list (is_pair is_integer is_clause) KRest. [Show Proof]

induction on 2. intros Is Slct. Slct: case Slct.
  %Slct-First
   case Is. search.
  %Slct-Later
   Is: case Is. apply IH to _ Slct. search.


Theorem select_is_picked : forall Known IDC KRest,
  is_list (is_pair is_integer is_clause) Known ->
  select IDC KRest Known ->
  is_pair is_integer is_clause IDC. [Show Proof]

induction on 2. intros Is Slct. Slct: case Slct.
  %Slct-First
   case Is. search.
  %Slct-Later
   case Is. apply IH to _ Slct. search.


Theorem is_list_lit_mem_or_not : forall A L,
  is_list is_lit A -> is_lit L ->
  mem L A \/ (mem L A -> false). [Show Proof]

induction on 1. intros IsA IsL. IsA: case IsA.
  %Nil
   right. intros M. case M.
  %Cons
   Or: apply is_lit_eq_or_not to IsL IsA. EqL: case Or.
     %L = L1
      search.
     %L = L1 -> false
      Or: apply IH to IsA1 IsL. MemRest: case Or.
        %mem L Rest
         search.
        %mem L Rest -> false
         right. intros Mem. Mem: case Mem. backchain EqL.
         backchain MemRest.


Theorem is_list_lit_subset_or_not : forall A B,
  is_list is_lit A -> is_list is_lit B ->
  (forall X, mem X A -> mem X B) \/
  exists X, mem X A /\ (mem X B -> false). [Show Proof]

induction on 1. intros IsA IsB. IsA: case IsA.
  %nil
   left. intros M. case M.
  %cons
   Or: apply is_list_lit_mem_or_not to IsB IsA. M: case Or.
     %mem H B
      Or: apply IH to IsA1 IsB. Sub: case Or.
        %forall X, mem X T -> mem X B
         left. intros Mem. Mem: case Mem.
           %X = H
            search.
           %mem X T
            backchain Sub.
        %exists X, mem X T /\ (mem X B -> false)
         right. search.
     %mem H B -> false
      right. search.


Theorem is_list_mem_lookup : forall Known ID C,
  is_list (is_pair is_integer is_clause) Known ->
  mem (ID, C) Known -> is_integer ID ->
  exists C', lookup Known ID C'. [Show Proof]

induction on 2. intros IsK Mem IsID. Mem: case Mem.
  %Mem-Here
   search.
  %Mem-Later
   Is: case IsK. Is: case Is.
   Or: apply is_integer_eq_or_not to Is IsID. Eq: case Or.
     %A = ID
      search.
     %A = ID -> false
      apply IH to Is1 Mem IsID. search.


Theorem lookup_is_value : forall K ID C,
  is_list (is_pair is_integer is_clause) K -> lookup K ID C ->
  is_clause C. [Show Proof]

induction on 2. intros IsK Lkp. Lkp: case Lkp.
  %Lkp-Here
   Is: case IsK. case Is. search.
  %Lkp-Later
   Is: case IsK. apply IH to Is1 Lkp1. search.


Theorem lookup_is_key : forall K ID C,
  is_list (is_pair is_integer is_clause) K -> lookup K ID C ->
  is_integer ID. [Show Proof]

induction on 2. intros IsK Lkp. Lkp: case Lkp.
  %Lkp-Here
   Is: case IsK. case Is. search.
  %Lkp-Later
   Is: case IsK. apply IH to Is1 Lkp1. search.


Theorem is_pair_eq_or_not : forall (PA PB : pair integer clause),
  is_pair is_integer is_clause PA ->
  is_pair is_integer is_clause PB ->
  PA = PB \/ (PA = PB -> false). [Show Proof]

intros IsPA IsPB. IsA: case IsPA. IsB: case IsPB.
Or: apply is_integer_eq_or_not to IsA IsB. Eq: case Or.
  %A = A1
   Or: apply is_clause_eq_or_not to IsA1 IsB1. Eq: case Or.
     %B = B1
      search.
     %B != B1
      right. intros E. case E. backchain Eq.
  %A != A1
   right. intros E. case E. backchain Eq.


Theorem is_count_exists : forall L IDC,
  is_list (is_pair is_integer is_clause) L ->
  is_pair is_integer is_clause IDC ->
  exists N, count IDC L N. [Show Proof]

induction on 1. intros IsL IsIDC. Is: case IsL.
  %is_list []
   search.
  %is_list (H::T)
   Or: apply is_pair_eq_or_not to IsIDC Is. C: apply IH to Is1 IsIDC.
   Eq: case Or.
     %IDC = H
      IsN: apply count_is_integer to C.
      apply plus_integer_total to _ IsN with N1 = 1. search.
     %IDC = H -> false
      search.


Theorem all_count_0_nil : forall L,
  is_list (is_pair is_integer is_clause) L ->
  (forall X N, count X L N -> N = 0) ->
  L = []. [Show Proof]

intros IsL Count0. Is: case IsL.
  %is_list []
   search.
  %is_list (H::T)
   C: apply is_count_exists to Is1 Is.
   IsN: apply count_is_integer to C.
   P: apply plus_integer_total to _ IsN with N1 = 1.
   C': assert count H (H::T) N3. apply Count0 to C'.
   GEq: apply count_geq_0 to C.
   Or: apply greatereq_integer_greater_or_eq to GEq. L: case Or.
     %N > 0
      G: apply greater_plus_positive to _ _ P _.
      L': assert 0 < 1. apply greater_less_impossible to G L'.
     %N = 0
      case P.


Theorem counts_permutation : forall L P,
  is_list (is_pair is_integer is_clause) L ->
  is_list (is_pair is_integer is_clause) P ->
  (forall X NL NP, is_pair is_integer is_clause X ->
                   count X L NL -> count X P NP -> NL = NP) ->
  permutation L P. [Show Proof]

induction on 1. intros IsL IsP Same. Is: case IsL (keep).
  %IsL:  is_list []
   IsP': case IsP (keep).
     %IsP:  is_list []
      search.
     %IsP:  is_list (H::T)
      CL: assert count H [] 0. CP: apply is_count_exists to IsP IsP'.
      apply Same to _ CL CP. CP: case CP.
        %Cnt-ConsEq
         GEq: apply count_geq_0 to CP.
         Or: apply greatereq_integer_greater_or_eq to GEq. E: case Or.
           %N1 > 0
            IsN1: apply count_is_integer to CP.
            G: apply greater_plus_positive to _ _ CP1 _.
            L: assert 0 < 1. apply greater_less_impossible to G L.
           %N1 = 0
            case CP1.
        %Cnt-ConsNeq
         apply CP to _.
  %IsL:  is_list (H::T)
   CLH: apply is_count_exists to IsL Is.
   CPH: apply is_count_exists to IsP Is.
   G: apply count_greater_0 to CLH. apply Same to _ CLH CPH.
   M: apply count_mem to CPH G. S: apply mem_select to M.
   IsL': assert is_list (is_pair is_integer is_clause) L'.
     case Is. apply select_is to _ S. search.
   assert forall X NL NP, is_pair is_integer is_clause X ->
                          count X T NL -> count X L' NP -> NL = NP.
     intros IsX CT CL'. Or: apply is_pair_eq_or_not to Is IsX.
     E: case Or.
       %H = X
        IsNP: apply count_is_integer to CL'.
        PlusNP: apply plus_integer_total to _ IsNP with N1 = 1.
        CXP: apply count_select to CL' S PlusNP.
        IsNL: apply count_is_integer to CT.
        PlusNL: apply plus_integer_total to _ IsNL with N1 = 1.
        CXL: assert count X (X::T) N2. apply Same to _ CXL CXP.
        P: apply plus_integer_comm to _ _ PlusNP.
        M: apply plus_minus_same_integer to _ _ P.
        P': apply plus_integer_comm to _ _ PlusNL.
        M': apply plus_minus_same_integer to _ _ P'.
        apply minus_integer_unique to M1 M'. search.
       %H = X -> false
        assert X = H -> false. intros A. case A. backchain E.
        CXP: apply count_select_neq to CL' S _.
        CXL: assert count X (H::T) NL. apply Same to _ CXL CXP.
        search.
   apply IH to Is1 IsL' _. search.


Theorem selects_permutation : forall L P IDC LRest PRest,
  is_list (is_pair is_integer is_clause) L ->
  is_list (is_pair is_integer is_clause) P ->
  permutation L P -> select IDC LRest L -> select IDC PRest P ->
  permutation LRest PRest. [Show Proof]

intros IsL IsP Prm SL SP.
IsLRest: assert is_list (is_pair is_integer is_clause) LRest.
  M: apply select_mem to SL. apply mem_is to IsL M.
  apply select_is to IsL SL. search.
IsPRest: assert is_list (is_pair is_integer is_clause) PRest.
  M: apply select_mem to SP. apply mem_is to IsP M.
  apply select_is to IsP SP. search.
assert forall X NL NP, is_pair is_integer is_clause X ->
                count X LRest NL -> count X PRest NP -> NL = NP.
  intros IsX CL CP. M: apply select_mem to SL.
  Is: apply mem_is to _ M.
  IsPair: assert is_pair is_integer is_clause (ID, C).
  Or: apply is_pair_eq_or_not to IsX IsPair. Eq: case Or.
    %X = (ID, C)
     IsNL: apply count_is_integer to CL.
     PL: apply plus_integer_total to _ IsNL with N1 = 1.
     IsNP: apply count_is_integer to CP.
     PP: apply plus_integer_total to _ IsNP with N1 = 1.
     CLFull: apply count_select to CL SL PL.
     CPFull: apply count_select to CP SP PP.
     apply permutation_counts to Prm CLFull CPFull.
     NP+: apply plus_integer_comm to _ _ PP.
     MP: apply plus_minus_same_integer to _ _ NP+.
     NL+: apply plus_integer_comm to _ _ PL.
     ML: apply plus_minus_same_integer to _ _ NL+.
     apply minus_integer_unique to MP ML. search.
    %X = (ID, C) -> false
     CLFull: apply count_select_neq to CL SL Eq .
     CPFull: apply count_select_neq to CP SP Eq.
     apply permutation_counts to Prm CLFull CPFull. search.
apply counts_permutation to IsLRest IsPRest _. search.


Theorem permutation_reflexive : forall L,
  is_list (is_pair is_integer is_clause) L -> permutation L L. [Show Proof]

induction on 1. intros Is. Is: case Is.
  %nil
   search.
  %cons
   apply IH to Is1. search.


Theorem permutation_is : forall L P,
  is_list (is_pair is_integer is_clause) P -> permutation L P ->
  is_list (is_pair is_integer is_clause) L. [Show Proof]

induction on 2. intros IsP Prm. Prm: case Prm.
  %Prm-Nil
   search.
  %Prm-Cons
   IsRest: apply select_is to IsP Prm. apply IH to IsRest Prm1.
   IsA: apply select_is_picked to IsP Prm. search.





/********************************************************************
 *                               SAT                                *
 ********************************************************************/
/*assignment only has L or -L, not both*/
Define good_assignment : list lit -> prop by
  good_assignment A :=
    forall L NL, mem L A -> negate_lit L NL -> mem NL A -> false.


Theorem good_assignment_sub : forall A B,
  good_assignment A -> (forall X, mem X B -> mem X A) ->
  good_assignment B. [Show Proof]

intros GA Sub. unfold. intros MLB Neg MNLB. GA: case GA.
MLA: apply Sub to MLB. MNLA: apply Sub to MNLB.
apply GA to MLA Neg _.


Extensible_Theorem
  negate_lit_unique : forall L LA LB,
    IsL : is_lit L ->
    NegA : negate_lit L LA ->
    NegB : negate_lit L LB ->
    LA = LB
  on NegA. [Show Proof]

%N-Pos
 case NegB. search.
%N-Neg
 case NegB. search.


Extensible_Theorem
  negate_lit_reverse : forall L NL,
    IsL : is_lit L ->
    Neg : negate_lit L NL ->
    negate_lit NL L
  on Neg. [Show Proof]

%N-Pos
 search.
%N-Neg
 search.


Extensible_Theorem
  negate_lit_not_same : forall L,
    IsL : is_lit L ->
    Neg : negate_lit L L ->
    false
  on Neg.


Extensible_Theorem
  negate_lit_is_lit : forall L NL,
    IsL : is_lit L ->
    Neg : negate_lit L NL ->
    is_lit NL
  on Neg. [Show Proof]

%N-Pos
 case IsL. search.
%N-Neg
 case IsL. search.


Extensible_Theorem
  negate_lit_is_lit_back : forall L NL,
    IsNL : is_lit NL ->
    Neg : negate_lit L NL ->
    is_lit L
  on Neg. [Show Proof]

%N-Pos
 case IsNL. search.
%N-Neg
 case IsNL. search.


Extensible_Theorem
  negate_lit_exists : forall L,
    IsL : is_lit L ->
    exists NL, negate_lit L NL
  on IsL. [Show Proof]

%is_lit (pos I)
 search.
%is_lit (neg I)
 search.


%Projections are equisatisfiable with their projecting clauses
Projection_Constraint sat_clause_ext_to_proj : forall C C' Sat,
  |{clause}- C ~~> C' -> is_list is_lit Sat -> is_clause C ->
  sat_clause Sat C -> sat_clause Sat C'.
Projection_Constraint sat_clause_proj_to_ext : forall C C' Sat,
  |{clause}- C ~~> C' -> is_list is_lit Sat -> is_clause C ->
  sat_clause Sat C' -> sat_clause Sat C.
Projection_Constraint unsat_clause_ext_to_proj : forall C C' Unsat,
  |{clause}- C ~~> C' -> is_list is_lit Unsat -> is_clause C ->
  unsat_clause Unsat C -> unsat_clause Unsat C'.
Projection_Constraint unsat_clause_proj_to_ext : forall C C' Unsat,
  |{clause}- C ~~> C' -> is_list is_lit Unsat -> is_clause C ->
  unsat_clause Unsat C' -> unsat_clause Unsat C.


%Projections are equisatisfiable with their projecting formulas
Projection_Constraint sat_formula_ext_to_proj : forall F F' Sat,
  |{formula}- F ~~> F' -> is_list is_lit Sat -> sat_formula Sat F ->
  sat_formula Sat F'.
Projection_Constraint sat_formula_proj_to_ext : forall F F' Sat,
  |{formula}- F ~~> F' -> is_list is_lit Sat -> sat_formula Sat F' ->
  sat_formula Sat F.


Extensible_Theorem
  unsat_sat_clause : forall A C,
    IsC : is_clause C ->
    IsA : is_list is_lit A ->
    UNSAT : unsat_clause A C ->
    SAT : sat_clause A C ->
    GA : good_assignment A ->
    false
  on UNSAT. [Show Proof]

%USC-EmptyClause
 SAT: case SAT.
%USC-Step
 SAT: case SAT.
   %SC-Here
    GA: case GA. apply GA to SAT _ UNSAT2.
   %SC-Later
    case IsC. apply IH to _ _ UNSAT3 SAT GA.


Extensible_Theorem
  sat_clause_orderless : forall A1 A2 C,
    IsC : is_clause C ->
    IsA1 : is_list is_lit A1 ->
    IsA2 : is_list is_lit A2 ->
    SAT : sat_clause A1 C ->
    MemA1A2 : (forall L, mem L A1 -> mem L A2) ->
    sat_clause A2 C
  on SAT. [Show Proof]

%SC-Here
 apply MemA1A2 to _. search.
%SC-Later
 case IsC. apply IH to _ _ _ SAT1 _. search.


Extensible_Theorem
  sat_formula_orderless : forall A1 A2 F,
    IsF : is_formula F ->
    IsA1 : is_list is_lit A1 ->
    IsA2 : is_list is_lit A2 ->
    SAT : sat_formula A1 F ->
    MemA1A2 : (forall L, mem L A1 -> mem L A2) ->
    sat_formula A2 F
  on SAT. [Show Proof]

%SF-Empty
 search.
%SF-And
 case IsF. apply IH to _ _ _ SAT2 _.
 apply sat_clause_orderless to _ _ _ _ _. search.


Extensible_Theorem
  unsat_clause_orderless : forall A1 A2 C,
    IsC : is_clause C ->
    IsA1 : is_list is_lit A1 ->
    IsA2 : is_list is_lit A2 ->
    UNSAT : unsat_clause A1 C ->
    MemA1A2 : (forall L, mem L A1 -> mem L A2) ->
    unsat_clause A2 C
  on UNSAT. [Show Proof]

%USC-EmptyClause
 search.
%USC-Step
 case IsC. apply IH to _ _ _ UNSAT3 _. apply MemA1A2 to UNSAT2.
 search.





/********************************************************************
 *                          UNSAT PROOFS                            *
 ********************************************************************/
Extensible_Theorem
  unit_clause_is : forall A C L,
    IsC : is_clause C ->
    IsA : is_list is_lit A ->
    Unit : unit_clause A C L ->
    is_lit L
  on Unit. [Show Proof]

%UC-Here
 case IsC. search.
%UC-Later
 Is: case IsC. apply IH to _ _ Unit3. search.


Extensible_Theorem
  unit_clause_unique : forall A B C LA LB,
    IsC : is_clause C ->
    IsA : is_list is_lit A ->
    IsB : is_list is_lit B ->
    UnitA : unit_clause A C LA ->
    UnitB : unit_clause B C LB ->
    Prm : permutation A B ->
    LA = LB
  on UnitA. [Show Proof]

%UC-Here for UnitA
 UnitB: case UnitB.
   %UC-Here for UnitB
    search.
   %UC-Later for UnitB
    IsLA: apply unit_clause_is to _ _ UnitA. Is: case IsC.
    IsLB: apply unit_clause_is to _ _ UnitB2.
    apply negate_lit_unique to _ UnitA2 UnitB.
    P: apply permutation_symmetric to Prm.
    MemA: apply permutation_mem to P UnitB1. apply UnitA3 to MemA.
%UC-Later for UnitA
 UnitB: case UnitB.
   %UC-Here for UnitB
    MemB: apply permutation_mem to Prm UnitA2. Is: case IsC.
    apply negate_lit_unique to _ UnitA1 UnitB1. apply UnitB2 to MemB.
   %UC-Later for UnitB
    case IsC. apply IH to _ _ _ UnitA3 _ _. search.


Extensible_Theorem
  unit_clause_not_assigned : forall A C L,
    IsC : is_clause C ->
    IsA : is_list is_lit A ->
    UC : unit_clause A C L ->
    Mem : mem L A ->
    false
  on UC. [Show Proof]

%UC-Here
 backchain UC1.
%UC-Later
 case IsC. apply IH to _ _ UC3 Mem.


Extensible_Theorem
  unit_clause_not_assigned_negate : forall A C L NL,
    IsC : is_clause C ->
    IsA : is_list is_lit A ->
    UC : unit_clause A C L ->
    Neg : negate_lit L NL ->
    Mem : mem NL A ->
    false
  on UC. [Show Proof]

%UC-Here
 backchain UC3. apply unit_clause_is to _ _ UC.
 apply negate_lit_unique to _ Neg UC2. search.
%UC-Later
 case IsC. apply IH to _ _ UC3 _ _.


Extensible_Theorem
  unit_clause_expand : forall A C L E,
    IsC : is_clause C ->
    IsA : is_list is_lit A ->
    IsE : is_list is_lit E ->
    UC : unit_clause A C L ->
    SAT : sat_clause E C ->
    GA_A : good_assignment A ->
    GA_E : good_assignment E ->
    Expand : (forall L, mem L A -> mem L E) ->
    mem L E
  on UC. [Show Proof]

%UC-Here
 SAT: case SAT.
   %SC-Here
    search.
   %SC-Later
    Is: case IsC.
    UCE: apply unsat_clause_orderless to _ _ _ UC4 Expand.
    apply unsat_sat_clause to _ _ UCE SAT _.
%UC-Later
 SAT: case SAT.
   %SC-Here
    GA_A: case GA_A. Is: case IsC.
    Neg: apply negate_lit_reverse to _ UC1.
    apply GA_A to UC2 Neg _. GA_E: case GA_E.
    apply GA_E to SAT UC1 _. apply Expand to UC2. search.
   %SC-Later
    case IsC. apply IH to _ _ _ UC3 _ _ _ _. search.


Extensible_Theorem
  unit_clause_add : forall A S C L,
    IsC : is_clause C ->
    IsA : is_list is_lit A ->
    IsS : is_list is_lit S ->
    UC : unit_clause A C L ->
    Mem : mem L S ->
    sat_clause S C
  on UC. [Show Proof]

%UC-Here
 search.
%UC-Later
 case IsC. apply IH to _ _ _ UC3 _. search.


Theorem remove_all_no_lookup : forall Known ID KRest,
  remove_all Known ID KRest -> no_lookup KRest ID. [Show Proof]

induction on 1. intros RA. RA: case RA.
  %RA-Nil
   search.
  %RA-Remove
   apply IH to RA. search.
  %RA-Step
   apply IH to RA1. search.

Theorem remove_all_no_mem : forall Known ID KRest C,
  remove_all Known ID KRest -> mem (ID, C) KRest -> false. [Show Proof]

induction on 1. intros RA M. RA: case RA.
  %RA-Nil
   case M.
  %RA-Remove
   apply IH to RA M.
  %RA-Step
   M: case M.
     %Mem-Here
      backchain RA.
     %Mem-Later
      apply IH to RA1 M.

Theorem remove_all_still_mem : forall Known ID KRest Other C,
  remove_all Known ID KRest -> mem (Other, C) Known ->
  (ID = Other -> false) -> mem (Other, C) KRest. [Show Proof]

induction on 1. intros RA M NEq. RA: case RA.
  %RA-Nil
   case M.
  %RA-Remove
   M: case M.
     %Mem-Here
      apply NEq to _.
     %Mem-Later
      apply IH to RA M NEq. search.
  %RA-Step
   M: case M.
     %Mem-Here
      search.
     %Mem-Later
      apply IH to RA1 M NEq. search.

Theorem remove_all_mem_after : forall Known ID KRest Other C,
  remove_all Known ID KRest -> mem (Other, C) KRest ->
  mem (Other, C) Known. [Show Proof]

induction on 1.  intros RA M. RA: case RA.
  %RA-Nil
   search.
  %RA-Remove
   apply IH to RA M. search.
  %RA-Step
   M: case M.
     %Mem-Here
      search.
     %Mem-Later
      apply IH to RA1 M. search.

Theorem remove_all_lookup_after : forall Known KRest ID Other C,
  remove_all Known ID KRest -> lookup KRest Other C ->
  lookup Known Other C. [Show Proof]

induction on 1. intros RA Lkp. RA: case RA.
  %RA-Nil
   search.
  %RA-Remove
   assert ID = Other -> false.
     intros E. case E. M: apply lookup_mem to Lkp.
     backchain remove_all_no_mem.
   apply IH to RA Lkp. search.
  %RA-Step
   Lkp: case Lkp.
     %Lkp-Here
      search.
     %Lkp-Later
      apply IH to RA1 Lkp1. search.

Theorem remove_all_is : forall Known ID KRest,
  is_list (is_pair is_integer is_clause) Known ->
  remove_all Known ID KRest ->
  is_list (is_pair is_integer is_clause) KRest. [Show Proof]

induction on 2. intros Is RA. RA: case RA.
  %RA-Nil
   search.
  %RA-Remove
   Is: case Is. apply IH to Is1 RA. search.
  %RA-Step
   Is: case Is. apply IH to Is1 RA1. search.

Theorem is_remove_all_exists : forall Known ID,
  is_list (is_pair is_integer is_clause) Known -> is_integer ID ->
  exists KRest, remove_all Known ID KRest. [Show Proof]

induction on 1. intros IsKnown IsID. Is: case IsKnown.
  %nil
   search.
  %cons
   apply IH to Is1 IsID. Is: case Is.
   Or: apply is_integer_eq_or_not to Is IsID. E: case Or.
     %ID = A
      search.
     %ID != A
      search.

Theorem remove_all_counts : forall Known ID KRest IDC N,
  remove_all Known ID KRest -> count IDC Known N ->
  ((exists C, IDC = (ID, C)) -> false) -> count IDC KRest N. [Show Proof]

induction on 1. intros RA C NEq. RA: case RA.
  %RA-Nil
   case C. search.
  %RA-Remove
   C: case C.
     %Cnt-ConsEq
      apply NEq to _.
     %Cnt-ConsNEq
      apply IH to RA C1 NEq. search.
  %RA-Step
   C: case C.
     %Cnt-ConsEq
      apply IH to RA1 C _. search.
     %Cnt-ConsNEq
      apply IH to RA1 C1 _. search.

Theorem remove_all_permutation : forall Known ID KRest P,
  is_list (is_pair is_integer is_clause) Known -> is_integer ID ->
  remove_all Known ID KRest -> permutation Known P ->
  exists P', remove_all P ID P' /\ permutation KRest P'. [Show Proof]

intros IsKnown IsID RA Prm. Prm': apply permutation_symmetric to Prm.
IsP: apply permutation_is to IsKnown Prm'.
RAP: apply is_remove_all_exists to IsP IsID.
IsKRest: apply remove_all_is to IsKnown RA.
IsKRest1: apply remove_all_is to IsP RAP.
assert  forall X NL NP,
          is_pair is_integer is_clause X ->
          count X KRest NL -> count X KRest1 NP -> NL = NP.
  intros IsX CKRest CKRest1. Is: case IsX (keep).
  Or: apply is_integer_eq_or_not to Is IsID. E: case Or.
    %A = ID
     GEq: apply count_geq_0 to CKRest.
     Or: apply greatereq_integer_greater_or_eq to GEq. L: case Or.
       %NL > 0
        M: apply count_mem to CKRest L.
        apply remove_all_no_mem to RA M.
       %NL = 0
        clear GEq. GEq: apply count_geq_0 to CKRest1.
        Or: apply greatereq_integer_greater_or_eq to GEq. L: case Or.
          %NP > 0
           M: apply count_mem to CKRest1 L.
           apply remove_all_no_mem to RAP M.
          %NP = 0
           search.
    %A != ID
     assert (exists C, (A, B) = (ID, C)) -> false.
       intros Ex. case Ex. backchain E.
     CKnown: apply is_count_exists to IsKnown IsX.
     CKRest': apply remove_all_counts to RA CKnown _.
     CP: apply is_count_exists to IsP IsX.
     CKRest1': apply remove_all_counts to RAP CP _.
     apply count_unique to CKRest CKRest'.
     apply count_unique to CKRest1 CKRest1'.
     apply permutation_counts to _ CKnown CP. search.
apply counts_permutation to IsKRest IsKRest1 _. search.


%a good clause list contains at most one binding for each ID
Define good_clause_list : list (pair integer clause) -> prop by
  good_clause_list Known :=
    forall ID C1 KRest C2,
       select (ID, C1) KRest Known -> mem (ID, C2) KRest -> false.


Theorem good_clause_list_drop : forall L IDC,
  good_clause_list ((IDC)::L) -> good_clause_list L. [Show Proof]

intros GCL. GCL: case GCL. unfold. intros S M.
backchain GCL with ID = ID, C1 = C1.


Theorem good_clause_list_select : forall L Rest ID C,
  good_clause_list L -> select (ID, C) Rest L ->
  good_clause_list Rest. [Show Proof]

induction on 2. intros GCL S. S: case S.
  %Slct-First
   apply good_clause_list_drop to GCL. search.
  %Slct-Later
   GCL': apply good_clause_list_drop to GCL. GCL1: apply IH to GCL' S.
   unfold. intros Slct M. Slct: case Slct.
     %Slct-First
      M': apply mem_after_select_before to S M. GCL: case GCL.
      apply GCL to _ M'.
     %Slct-Later
      M: case M.
        %Mem-Here
         MS: apply select_mem to Slct.
         M': apply mem_after_select_before to S MS. GCL: case GCL.
         backchain GCL.
        %Mem-Later
         GCL1: case GCL1. apply GCL1 to Slct M.


Theorem good_clause_list_remove_all : forall Known ID KRest,
  good_clause_list Known -> remove_all Known ID KRest ->
  good_clause_list KRest. [Show Proof]

induction on 2. intros GCL RA. RA: case RA.
  %RA-Nil
   search.
  %RA-Remove
   GCL': apply good_clause_list_drop to GCL. apply IH to GCL' RA.
   search.
  %RA-Step
   GCL': apply good_clause_list_drop to GCL.
   GCLR: apply IH to GCL' RA1. unfold. intros S M. S: case S.
     %Slct-First
      M': apply remove_all_mem_after to RA1 M. GCL: case GCL.
      backchain GCL.
     %Slct-Later
      M': apply select_mem to S.
      MS: apply remove_all_mem_after to RA1 M'. M: case M.
        %Mem-Here
         GCL: case GCL. backchain GCL.
        %Mem-Later
         GCLR: case GCLR. backchain GCLR.


Theorem good_clause_list_add : forall Known ID C,
  good_clause_list Known ->
  ((exists C', mem (ID, C') Known) -> false) ->
  good_clause_list ((ID, C)::Known). [Show Proof]

intros GCL NMem. unfold. intros S M. S: case S.
  %Slct-First
   backchain NMem.
  %Slct-Later
   M: case M.
     %Mem-First
      M: apply select_mem to S. backchain NMem.
     %Mem-Later
      GCL: case GCL. backchain GCL.


Theorem good_clause_list_remove_all_add : forall Known ID KRest C,
  good_clause_list Known -> remove_all Known ID KRest ->
  good_clause_list ((ID, C)::KRest). [Show Proof]

intros GCL RA. apply good_clause_list_remove_all to GCL RA.
backchain good_clause_list_add. intros M. M: case M.
apply remove_all_no_mem to RA M.


Theorem permutation_good_clause_list : forall L P,
  is_list (is_pair is_integer is_clause) P ->
  permutation L P -> good_clause_list L -> good_clause_list P. [Show Proof]

intros IsP Prm GCL. unfold. intros S MK. MS: apply select_mem to S.
Prm': apply permutation_symmetric to Prm.
ML1: apply permutation_mem to Prm' MS. SL: apply mem_select to ML1.
IsL: apply permutation_is to IsP Prm.
P': apply selects_permutation to _ _ Prm' S SL.
ML': apply permutation_mem to P' MK. GCL: case GCL. backchain GCL.


Theorem good_clause_list_mems : forall L X CA CB,
  good_clause_list L -> mem (X, CA) L -> mem (X, CB) L -> CA = CB. [Show Proof]

induction on 2. intros GCL MA MB. MA: case MA.
  %MA by Mem-Here
   MB: case MB.
     %MB by Mem-Here
      search.
     %MB by Mem-Later
      GCL: case GCL. apply GCL to _ MB.
  %MA by Mem-Later
   MB: case MB.
     %MB by Mem-Here
      GCL: case GCL. apply GCL to _ MA.
     %MB by Mem-Later
      GCL': apply good_clause_list_drop to GCL.
      apply IH to GCL' MA MB. search.


Theorem rupProof_help_all_mem : forall Known A Proof ID,
  rupProof_help Known A Proof -> mem ID Proof ->
  exists C, lookup Known ID C. [Show Proof]

induction on 1. intros RUP Mem. RUP: case RUP.
  %RUPPH-End
   Mem: case Mem. search. case Mem.
  %RUPPH-Step
   Mem: case Mem.
     %Mem-Here
      search.
     %Mem-Later
      apply IH to RUP2 Mem. search.


Theorem rupProof_help_is : forall Known A Proof,
  rupProof_help Known A Proof ->
  is_list (is_pair is_integer is_clause) Known ->
  is_list is_integer Proof. [Show Proof]

induction on 1. intros RUP IsK. RUP: case RUP.
  %RUPPH-End
   apply lookup_is_key to IsK RUP. search.
  %RUPPH-Step
   apply lookup_is_key to IsK RUP. apply IH to RUP2 IsK. search.


Theorem rupProof_help_unsat : forall Known A Sat Proof,
  is_list (is_pair is_integer is_clause) Known ->
  is_list is_lit A -> is_list is_lit Sat ->
  %Having both rup_help (a successful proof line)
  rupProof_help Known A Proof ->
  %and a superset satisfying assignment
  (forall (L : lit), mem L A -> mem L Sat) ->
  (forall (InID : integer) (InC : clause),
      lookup Known InID InC -> sat_clause Sat InC) ->
  %that is a good assignment
  good_assignment A -> good_assignment Sat ->
  %is impossible
  false. [Show Proof]

induction on 4. intros IsKnown IsA IsSat RUP Expand Sat GA_A GA_Sat.
RUP: case RUP.
  %RUPPH-End
   SatC: apply Sat to RUP. M: apply lookup_mem to RUP.
   Is: apply mem_is to _ M.
   UnsatC: apply unsat_clause_orderless to _ _ _ RUP1 Expand.
   apply unsat_sat_clause to _ _ UnsatC SatC _.
  %RUPPH-Step
   Sat: apply Sat to RUP. M: apply lookup_mem to RUP.
   Is: apply mem_is to _ M.
   MemL: apply unit_clause_expand to _ _ _ RUP1 _ GA_A GA_Sat Expand.
   MemImp: assert (forall (X : lit), mem X (L::A) -> mem X Sat).
     intros Mem. Mem: case Mem.
       %Mem-Here
        search.
       %Mem-Later
        backchain Expand.
   IsL: apply unit_clause_is to _ _ RUP1.
   backchain IH with Known = Known, A = L::A, Sat = Sat, Proof = Prf.
   unfold. intros MemL1 NegL1 MemNL. MemL1: case MemL1.
     %Mem-Here
      MemNL: case MemNL.
        %Mem-Here
         apply negate_lit_not_same to _ NegL1.
        %Mem-Later
         apply unit_clause_not_assigned_negate to
            _ _ RUP1 NegL1 MemNL.
     %Mem-Later
      MemNL: case MemNL.
        %Mem-Here
         apply mem_is_lit to _ MemL1.
         apply negate_lit_reverse to _ NegL1.
         apply unit_clause_not_assigned_negate to _ _ RUP1 _ MemL1.
        %Mem-Later
         GA_A: case GA_A. apply GA_A to MemL1 NegL1 _.


Theorem rupProof_help_orderless : forall K1 K2 A Prf,
  is_list (is_pair is_integer is_clause) K1 ->
  is_list (is_pair is_integer is_clause) K2 -> good_clause_list K2 ->
  rupProof_help K1 A Prf ->
  (forall ID C, mem (ID, C) K1 -> mem (ID, C) K2) ->
  rupProof_help K2 A Prf. [Show Proof]

induction on 4. intros IsK1 IsK2 GCL2 RUPPH MemK1K2.
RUPPH: case RUPPH.
  %RUPPH-End
   M1: apply lookup_mem to RUPPH. M2: apply MemK1K2 to M1.
   Is: apply mem_is to IsK1 M1. L: apply is_list_mem_lookup to _ M2 _.
   ML: apply lookup_mem to L.
   apply good_clause_list_mems to GCL2 M2 ML. search.
  %RUPPH-Step
   M1: apply lookup_mem to RUPPH. M2: apply MemK1K2 to M1.
   Is: apply mem_is to IsK1 M1. L: apply is_list_mem_lookup to _ M2 _.
   ML: apply lookup_mem to L. apply good_clause_list_mems to _ M2 ML.
   apply IH to _ _ _ RUPPH2 _. search.


Extensible_Theorem
  gatherLits_is : forall C L,
    IsC : is_clause C ->
    GL : gatherLits C L ->
    is_list is_lit L
  on GL. [Show Proof]

%GL-EmptyClause
 search.
%GL-Or
 Is: case IsC. apply IH to _ GL1. search.


Extensible_Theorem
  gatherLits_exists : forall C,
    IsC : is_clause C ->
    exists L, gatherLits C L
  on IsC. [Show Proof]

%emptyClause
 search.
%or
 apply IH to IsC2. search.


Extensible_Theorem
  gatherLits_permutation : forall C L1 L2,
    IsC : is_clause C ->
    GL1 : gatherLits C L1 ->
    GL2 : gatherLits C L2 ->
    permutation L1 L2
  on GL1. [Show Proof]

%GL-EmptyClause
 case GL2. search.
%GL-Or
 GL2: case GL2. Is: case IsC. apply IH to _ GL3 GL2. search.


Projection_Constraint proj_gatherLits : forall C C' L,
  |{clause}- C ~~> C' -> is_clause C -> gatherLits C L ->
  exists L', gatherLits C' L'.


Projection_Constraint proj_gatherLits_permutation :
  forall C C' L L',
    |{clause}- C ~~> C' -> is_clause C -> gatherLits C L ->
    gatherLits C' L' -> permutation L L'.


Extensible_Theorem
  gatherLits_sat : forall C Lits Sat,
    IsC : is_clause C ->
    IsSat : is_list is_lit Sat ->
    GL : gatherLits C Lits ->
    Sat : sat_clause Sat C ->
    exists L, mem L Lits /\ mem L Sat
  on Sat. [Show Proof]

%SC-Here
 case GL. search.
%SC-Later
 Is: case IsC. GL: case GL. apply IH to _ _ GL Sat1. search.


Extensible_Theorem
  gatherLits_mem_sat : forall C Lits Sat L,
    IsC : is_clause C ->
    IsSat : is_list is_lit Sat ->
    GL : gatherLits C Lits ->
    MemLits : mem L Lits ->
    MemSat : mem L Sat ->
    sat_clause Sat C
  on GL. [Show Proof]

%GL-EmptyClause
 case MemLits.
%GL-Or
 MemLits: case MemLits.
   %L = L1
    search.
   %mem L LRest
    Is: case IsC. apply IH to _ _ GL1 MemLits MemSat. search.


Extensible_Theorem
  gatherLits_unsat : forall C Lits Unsat L,
    GA : good_assignment Unsat ->
    IsC : is_clause C ->
    IsUnsat : is_list is_lit Unsat ->
    GL : gatherLits C Lits ->
    Unsat : unsat_clause Unsat C ->
    MemLits : mem L Lits ->
    MemUnsat : mem L Unsat ->
    false
  on Unsat. [Show Proof]

%USC-EmptyClause
 case GL. case MemLits.
%USC-Step
 GL: case GL. MemLits: case MemLits.
   %Mem-Here (L = L1)
    GA: case GA. apply GA to MemUnsat Unsat1 Unsat2.
   %Mem-Later
    Is: case IsC. apply IH to GA _ _ GL Unsat3 MemLits MemUnsat.


Theorem negateLitList_is : forall L NL,
  is_list is_lit L -> negateLitList L NL -> is_list is_lit NL. [Show Proof]

induction on 2. intros IsL NLL. NLL: case NLL.
  %NLL-Nil
   search.
  %NLL-Cons
   Is: case IsL. apply IH to _ NLL1. apply negate_lit_is_lit to _ NLL.
   search.


Theorem negateLitList_exists : forall L,
  is_list is_lit L -> exists NL, negateLitList L NL. [Show Proof]

induction on 1. intros IsL. Is: case IsL.
  %NLL-Nil
   search.
  %NLL-Cons
   apply negate_lit_exists to Is. apply IH to Is1. search.


Theorem negateLitList_mem_negate_before : forall X NL L NX,
   is_list is_lit NL -> mem X NL -> negateLitList L NL ->
   negate_lit X NX -> mem NX L. [Show Proof]

induction on 2. intros IsNL Mem NLL Neg. Mem: case Mem.
  %Mem-Here
   NLL: case NLL. Is: case IsNL.
   apply negate_lit_is_lit_back to _ NLL.
   NegXL1: apply negate_lit_reverse to _ NLL.
   apply negate_lit_unique to _ Neg NegXL1. search.
  %Mem-Later
   NLL: case NLL. case IsNL. apply IH to _ Mem _ _. search.


Extensible_Theorem
  negate_lits_unsat : forall C L NL,
    IsC : is_clause C ->
    GL : gatherLits C L ->
    NLL : negateLitList L NL ->
    unsat_clause NL C
  on GL. [Show Proof]

%GL-EmptyClause
 search.
%GL-Or
 NLL: case NLL. Is: case IsC. UC: apply IH to _ GL1 NLL1.
 apply negate_lit_is_lit to _ NLL. apply gatherLits_is to _ GL1.
 apply negateLitList_is to _ NLL1.
 apply unsat_clause_orderless to _ _ _ UC _ with A2 = N::NRest. search.


Theorem rupProof_all_mem : forall Known C Proof ID,
  rupProof Known C Proof -> mem ID Proof ->
  exists C', lookup Known ID C'. [Show Proof]

intros RUP Mem. RUP: case RUP.
apply rupProof_help_all_mem to RUP2 Mem. search.


Theorem rupProof_is : forall Known C Proof,
  rupProof Known C Proof ->
  is_list (is_pair is_integer is_clause) Known ->
  is_list is_integer Proof. [Show Proof]

intros RUP IsK. RUP: case RUP. apply rupProof_help_is to RUP2 IsK.
search.


Theorem rupProof_maintains_sat : forall Known C Prf Sat,
  is_list (is_pair is_integer is_clause) Known ->
  is_list is_lit Sat ->
  rupProof Known C Prf ->
  (forall ID InC, lookup Known ID InC -> sat_clause Sat InC) ->
  is_clause C -> is_list is_lit Sat -> good_assignment Sat ->
  exists S, is_list is_lit S /\ good_assignment S /\
            (forall L, mem L Sat -> mem L S) /\ sat_clause S C. [Show Proof]

intros IsKnown IsSat RUP Sat IsC IsSat GA_Sat. RUP: case RUP.
IsLits: apply gatherLits_is to IsC RUP.
IsA: apply negateLitList_is to IsLits RUP1.
Or: apply is_list_lit_subset_or_not to IsA IsSat. Sub: case Or.
  %forall X, mem X A -> mem X Sat
   apply good_assignment_sub to GA_Sat Sub.
   apply rupProof_help_unsat to _ _ _ RUP2 Sub Sat _ GA_Sat.
  %exists X, mem X A /\ (mem X Sat -> false)
   IsX: apply mem_is_lit to _ Sub.
   Neg: apply negate_lit_exists to IsX.
   IsNX: apply negate_lit_is_lit to IsX Neg.
   Or: apply is_list_lit_mem_or_not to IsSat IsNX. MemNXSat: case Or.
     %mem NX Sat
      exists Sat. split.
        %is_list is_lit Sat
         search.
        %good_assignment Sat
         search.
        %forall L, mem L Sat -> mem L Sat
         search.
        %sat_clause Sat C
         NegNLX: apply negate_lit_reverse to _ Neg.
         apply negateLitList_mem_negate_before to _ Sub RUP1 _.
         apply gatherLits_mem_sat to _ _ RUP _ MemNXSat. search.
     %mem NX Sat -> false
      exists NL::Sat. split.
        %is_list is_lit (NX::Sat)
         search.
        %good_assignment (NX::Sat)
         unfold. intros ML NegL MNL. ML: case ML.
           %L = NX
            NegNXX: apply negate_lit_reverse to _ Neg.
            apply negate_lit_unique to _ NegL NegNXX. MNL: case MNL.
              %X = Nx
               apply negate_lit_not_same to _ NegL.
              %mem X Sat
               apply Sub1 to MNL.
           %mem L Sat
            MNL: case MNL.
              %NL = NX
               NegNXX: apply negate_lit_reverse to _ Neg.
               apply mem_is_lit to _ ML.
               NegNXL: apply negate_lit_reverse to _ NegL.
               apply negate_lit_unique to _ NegNXX NegNXL.
               apply Sub1 to ML.
              %mem NL Sat
               GA: case GA_Sat. apply GA to ML NegL MNL.
        %forall L, mem L Sat -> mem L (NX::Sat)
         search.
        %sat_clause (NX::Sat) C
         apply negateLitList_mem_negate_before to _ Sub RUP1 _.
         apply gatherLits_mem_sat to _ _ RUP _ _ with Sat = NL::Sat.
         search.


Theorem rupProof_orderless : forall K1 K2 C Prf,
  is_list (is_pair is_integer is_clause) K1 ->
  is_list (is_pair is_integer is_clause) K2 ->
  good_clause_list K2 -> rupProof K1 C Prf ->
  (forall ID C', mem (ID, C') K1 -> mem (ID, C') K2) ->
  rupProof K2 C Prf. [Show Proof]

intros IsK1 IsK2 GCL RUP MemK1K2. RUP: case RUP.
apply rupProof_help_orderless to IsK1 IsK2 GCL RUP2 MemK1K2. search.


Theorem rupProof_permutation : forall K1 K2 C Prf,
  is_list (is_pair is_integer is_clause) K1 ->
  is_list (is_pair is_integer is_clause) K2 ->
  good_clause_list K2 -> rupProof K1 C Prf -> permutation K1 K2 ->
  rupProof K2 C Prf. [Show Proof]

intros IsK1 IsK2 GCL RUP Prm.
MemBoth: assert forall ID C', mem (ID, C') K1 -> mem (ID, C') K2.
  intros M. apply permutation_mem to Prm M. search.
apply rupProof_orderless to IsK1 IsK2 GCL RUP MemBoth. search.





/********************************************************************
 *                          CHECK PROOF                             *
 ********************************************************************/
/*
 Don't have proj_proof_unique because there could be multiple ways to
 prove a clause, so it doesn't necessarily make sense to say the proof
 hint needs to be the same
*/
Projection_Constraint proj_proof_is : forall Known P PT,
  Proj : Known |{proof}- P ~~> PT ->
  IsP : is_proof P ->
  IsKnown : is_list (is_pair is_integer is_clause) Known ->
  GCL : good_clause_list Known ->
  is_proof PT.


/*
 While it isn't unique, we can get the same projection with an
 extended clause set, since all the clauses we need for the proof are
 present in both.
*/
Projection_Constraint proj_proof_extend : forall Known P PT Known',
  Proj : Known |{proof}- P ~~> PT ->
  IsP : is_proof P ->
  IsKnown : is_list (is_pair is_integer is_clause) Known ->
  IsKnown' : is_list (is_pair is_integer is_clause) Known' ->
  GCL : good_clause_list Known ->
  GCL' : good_clause_list Known' ->
  Mems : (forall ID C, mem (ID, C) Known -> mem (ID, C) Known') ->
  Known' |{proof}- P ~~> PT.


%lemma for the next theorem
Theorem sat_lemma : forall ID C Known KRest S,
  (forall CID InC, lookup ((ID, C)::Known) CID InC ->
  sat_clause S InC) -> remove_all Known ID KRest ->
  forall CID InC, lookup ((ID, C)::KRest) CID InC -> sat_clause S InC. [Show Proof]

intros AllSat RA Lkp. Lkp: case Lkp.
  %Lkp-Here
   backchain AllSat.
  %Lkp-Later
   apply remove_all_lookup_after to RA Lkp1. backchain AllSat.


Extensible_Theorem
  check_proof_correct : forall Known P Sat,
    IsP : is_proof P ->
    IsSat : is_list is_lit Sat ->
    GA_Sat : good_assignment Sat ->
    GCL : good_clause_list Known ->
    IsKnown : is_list (is_pair is_integer is_clause) Known ->
    %The unsat proof checks out
    CP : checkProof Known P ->
    %and there is a satisfying assignment for the existing clauses---
    Sat : (forall CID C, lookup Known CID C -> sat_clause Sat C) ->
    %this is impossible
    false
  on CP. [Show Proof]

%CP-EmptyLrat
 assert good_assignment []. unfold. intros M. case M.
 assert forall L, mem L [] -> mem L Sat. intros M. case M.
 S: apply rupProof_maintains_sat to _ _ CP1 Sat _ IsSat GA_Sat.
 case S3.
%CP-AddLrup
 GA_Empty: assert good_assignment []. unfold. intros M. case M.
 ExpandEmpty: assert forall L, mem L [] -> mem L Sat. intros M. case M.
 Is: case IsP.
 S: apply rupProof_maintains_sat to _ _ CP2 Sat _ IsSat GA_Sat.
 NewSat: assert forall CID InC, lookup ((ID, C)::Known) CID InC ->
                                sat_clause S InC.
   intros Lkp. Lkp: case Lkp.
     %CID = ID, InC = C
      search.
     %lookup Known CID InC
      SC: apply Sat to Lkp1. M: apply lookup_mem to Lkp1.
      Is: apply mem_is to _ M.
      apply sat_clause_orderless to _ _ _ SC _. search.
 GCL_New: apply good_clause_list_remove_all_add to GCL CP1 with C = C.
 IsKRest: apply remove_all_is to IsKnown CP1.
 apply IH to Is3 S S1 GCL_New _ CP3 _. backchain sat_lemma.
%CP-DeleteLrat
 Is: case IsP.
 SatKRest: assert forall CID C, lookup KRest CID C -> sat_clause Sat C.
   assert forall I C1 C2,
            mem (I, C1) Known -> mem (I, C2) Known -> C1 = C2.
     intros MA MB. apply good_clause_list_mems to _ MA MB. search.
   intros Lkp. MemKRest: apply lookup_mem to Lkp.
   MemKnown: apply mem_after_select_before to CP1 MemKRest.
   apply mem_is to IsKnown MemKnown.
   apply lookup_after_select to IsKnown _ _ CP1 Lkp. backchain Sat.
 GCL_KRest: apply good_clause_list_select to GCL CP1.
 IsKRest: apply select_is to IsKnown CP1.
 apply IH to Is1 IsSat GA_Sat GCL_KRest IsKRest CP2 SatKRest.


Extensible_Theorem
  checkProof_orderless : forall K1 K2 Prf,
    IsP : is_proof Prf ->
    IsK1 : is_list (is_pair is_integer is_clause) K1 ->
    IsK2 : is_list (is_pair is_integer is_clause) K2 ->
    GCL : good_clause_list K2 ->
    CP : checkProof K1 Prf ->
    Prm : permutation K1 K2 ->
    checkProof K2 Prf
  on CP. [Show Proof]

%CP-EmptyLrat
 apply rupProof_permutation to IsK1 IsK2 GCL CP1 Prm. search.
%CP-AddLrup
 Is: case IsP. Prm': apply permutation_symmetric to Prm.
 GCL_K1: apply permutation_good_clause_list to _ Prm' GCL.
 RUPP: apply rupProof_permutation to IsK1 IsK2 GCL CP2 Prm.
 RA': apply remove_all_permutation to _ _ CP1 Prm.
 Prm': assert permutation ((ID, C)::KRest) ((ID, C)::P').
 GCL_P': apply good_clause_list_remove_all_add to GCL RA' with C = C.
 apply remove_all_is to _ RA'. apply remove_all_is to _ CP1.
 apply IH to Is3 _ _ GCL_P' CP3 _. search.
%CP-DeleteLrat
 Is: case IsP. IsKRest: apply select_is to _ CP1.
 MK1: apply select_mem to CP1.
 MK2: apply permutation_mem to Prm MK1. S: apply mem_select to MK2.
 Prm': apply permutation_symmetric to Prm.
 GCL_K1: apply permutation_good_clause_list to _ Prm' GCL.
 GCL_L': apply good_clause_list_select to GCL S.
 IsL': apply select_is to _ S.
 P': apply selects_permutation to _ _ Prm' _ _.
 PrmSub: apply permutation_symmetric to P'.
 apply IH to Is1 _ _ GCL_L' CP2 PrmSub. search.


Ext_Size checkProof Known P.
Proj_Rel checkProof Known P.
Ext_Ind forall Known P, checkProof Known P with
           IsP : is_proof P,
           IsKnown : is_list (is_pair is_integer is_clause) Known,
           GCL : good_clause_list Known. [Show Proof]

%CP-EmptyLrat
 search.
%CP-AddLrup
 case IsP. apply remove_all_is to _ R1.
 apply good_clause_list_remove_all_add to GCL R1 with C = C.
 apply IH1 to R3 Acc _ _ _. search.
%CP-DeleteLrat
 case IsP. apply select_is to _ R1.
 apply good_clause_list_select to GCL R1. apply IH1 to R2 Acc _ _ _.
 search.


%Projected proof still checks out
Projection_Constraint proj_checkProof : forall Known P P',
  Known |{proof}- P ~~> P' -> checkProof Known P ->
  is_list (is_pair is_integer is_clause) Known ->
  good_clause_list Known ->
  checkProof Known P'.





/********************************************************************
 *                         PROVE FORMULA                            *
 ********************************************************************/
Extensible_Theorem
  formulaToKnown_unique : forall F ID KA KB,
    IsF : is_formula F ->
    IsID : is_integer ID ->
    FTKA : formulaToKnown ID F KA ->
    FTKB : formulaToKnown ID F KB ->
    KA = KB
  on FTKA. [Show Proof]

%FTK-Empty
 case FTKB. search.
%FTK-And
 FTKB: case FTKB. apply plus_integer_unique to FTKA1 FTKB.
 apply plus_integer_is_integer to _ _ FTKA1. case IsF.
 apply IH to _ _ FTKA2 FTKB1. search.


Extensible_Theorem
  formulaToKnown_all_greater : forall F ID K CID C,
    FTK : formulaToKnown ID F K ->
    Mem : mem (CID, C) K ->
    IsID : is_integer ID ->
    CID >= ID
  on FTK. [Show Proof]

%FTK-Empty
 case Mem.
%FTK-And
 Mem: case Mem.
   %Mem-Here
    backchain is_integer_greatereq.
   %Mem-Later
    IsNewID: apply plus_integer_is_integer to _ _ FTK1.
    GEq: apply IH to FTK2 Mem IsNewID.
    G_ID: apply is_integer_greatereq to IsID.
    G_New: apply greatereq_integer__add_positive to G_ID _ FTK1.
    apply greatereq_integer_transitive to GEq G_New. search.


Extensible_Theorem
  formulaToKnown_all_unique : forall F ID K CID CA KRest CB,
    FTK : formulaToKnown ID F K ->
    IsID : is_integer ID ->
    Slct : select (CID, CA) KRest K ->
    Mem : mem (CID, CB) KRest ->
    false
  on FTK. [Show Proof]

%FTK-Empty
 case Slct.
%FTK-And
 IsNewID: apply plus_integer_is_integer to _ _ FTK1.
 G: apply greater_plus_positive to _ _ FTK1 _.
 Slct: case Slct.
   %Slct-First
    GEq: apply formulaToKnown_all_greater to FTK2 Mem IsNewID.
    Or: apply greatereq_integer_greater_or_eq to GEq. Or: case Or.
      %ID > NewID
       L: apply greater_integer_flip_less to Or.
       apply greater_less_impossible to G L.
      %ID = NewID
       apply greater_integer_not_eq to G.
   %Slct-Later
    Mem: case Mem.
      %Mem-Here
       MS: apply select_mem to Slct.
       GEq: apply formulaToKnown_all_greater to FTK2 MS IsNewID.
       Or: apply greatereq_integer_greater_or_eq to GEq. Or: case Or.
         %ID > NewID
          L: apply greater_integer_flip_less to Or.
          apply greater_less_impossible to G L.
         %ID = NewID
          apply greater_integer_not_eq to G.
      %Mem-Later
       apply IH to FTK2 IsNewID Slct Mem.


Extensible_Theorem
  formulaToKnown_sat_formula : forall F ID K A CID C,
    FTK : formulaToKnown ID F K ->
    Sat : sat_formula A F ->
    Mem : mem (CID, C) K ->
    sat_clause A C
  on FTK. [Show Proof]

%FTK-Empty
 case Mem.
%FTK-And
 Sat: case Sat. Mem: case Mem.
   %Mem-Here
    search.
   %Mem-Later
    apply IH to FTK2 Sat1 Mem. search.


Extensible_Theorem
  formulaToKnown_is : forall F ID K,
    IsF : is_formula F ->
    IsID : is_integer ID ->
    FTK : formulaToKnown ID F K ->
    is_list (is_pair is_integer is_clause) K
  on FTK. [Show Proof]

%FTK-Empty
 search.
%FTK-And
 IsNewID: apply plus_integer_is_integer to IsID _ FTK1. Is: case IsF.
 apply IH to Is1 IsNewID FTK2. search.


Theorem proveFormula_correct : forall F Prf Sat,
  is_formula F -> is_proof Prf -> is_list is_lit Sat ->
  good_assignment Sat ->
  %proof checking out  and  formula satisfiable
  proveFormula F Prf -> sat_formula Sat F ->
  %is impossible
  false. [Show Proof]

intros IsF IsP IsSat GA_Sat PF Sat. PF: case PF.
GCL: assert good_clause_list KnownClauses.
  unfold. intros S M. backchain formulaToKnown_all_unique.
SatC: assert forall CID C, lookup KnownClauses CID C ->
                           sat_clause Sat C.
  intros Lkp. M: apply lookup_mem to Lkp.
  apply formulaToKnown_sat_formula to PF Sat M. search.
IsK: apply formulaToKnown_is to IsF _ PF.
apply check_proof_correct to IsP IsSat GA_Sat GCL IsK PF1 SatC.

Extensibella Example: unsat_proofs:lrat

Language Specification

File: syntax.sos

File: sat.sos

File: check.sos

Reasoning