Skip to content

New lemmas for stdlib#1053

Open
namasikanam wants to merge 5 commits into
mainfrom
lemmas-from-oram
Open

New lemmas for stdlib#1053
namasikanam wants to merge 5 commits into
mainfrom
lemmas-from-oram

Conversation

@namasikanam

@namasikanam namasikanam commented Jun 19, 2026

Copy link
Copy Markdown
Collaborator

This is the first part of the auxiliary lemmas used in the oram proofs. My current plan is to create 5 PRs (~2k LoC) in total.

I will make sure all the proofs are either written by human, or first generated by LLM and then carefully edited step by step by myself.

@oskgo

oskgo commented Jun 19, 2026

Copy link
Copy Markdown
Contributor

It seems like applying some_not_none is going to be no more helpful than destructuring the argument.

Some of the proofs for the option lemmas can also be significantly simplified by destructuring. omap_some_oget can be proven with just by case x.

@namasikanam

namasikanam commented Jun 19, 2026

Copy link
Copy Markdown
Collaborator Author

It seems like applying some_not_none is going to be no more helpful than destructuring the argument.

Some of the proofs for the option lemmas can also be significantly simplified by destructuring. omap_some_oget can be proven with just by case x.

Thanks. This makes lots of sense. I feel that I learned the proper way of handling option. I removed the all lemmas related to option except the following one, which I feel useful and I hope it's also useful for others.

lemma oget_ext ['a] (x y : 'a option) :
     x <> None
  => y <> None
  => oget x = oget y
  => x = y.
proof. by case x; case y. qed.

oskgo
oskgo requested changes Jun 20, 2026
View reviewed changes

@oskgo oskgo left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Had a look at the rest now.

Comment thread theories/algebra/Ring.ec
lemma expr1 x: exp x 1 = x.
proof. by rewrite /exp /= iterop1. qed.

lemma exprE (x : t) n : 0 <= n => exp x n = iter n (( * ) x) oner.

@oskgo oskgo Jun 20, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is only the non-negative case. It should be called something like exprE_ge0 instead.

Comment thread theories/analysis/RealExp.ec
by apply/eq_sym; apply: inj_rexpr eq => /#.
qed.

lemma rpow_mono_base_ge1 (x n m : real) :

@oskgo oskgo Jun 20, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is rexpr_hmono with a weaker side condition. Generally we prefer changing existing lemmas when a new one would be strictly more applicable. Also change rexpr_hmono_ltr to match the new rexpr_hmono.

Comment thread theories/datatypes/Int.ec
lemma maxzz : idempotent max by smt().
lemma minzz : idempotent min by smt().

@oskgo oskgo Jun 20, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There should be a matching lemma for max.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@oskgo oskgo oskgo requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@namasikanam @oskgo