2026-06-09 18:36:43 -07:00
|
|
|
|
import Mathlib.Order.Lattice
|
|
|
|
|
|
import Mathlib.Order.RelSeries
|
|
|
|
|
|
|
2026-06-25 15:39:51 -05:00
|
|
|
|
/-!
|
|
|
|
|
|
|
2026-06-25 17:05:21 -05:00
|
|
|
|
# Lattice Definitions
|
2026-06-25 15:39:51 -05:00
|
|
|
|
|
|
|
|
|
|
This file provides some definitions for lattices. It used to be more critical
|
|
|
|
|
|
when this was an Agda project, since it defined (semi)lattices, the ordering
|
|
|
|
|
|
relation, etc. However, these have been lifted into `Mathlib.Order.Lattice`
|
|
|
|
|
|
etc.. What remains are a couple of theorems about folds, as well
|
|
|
|
|
|
as `FiniteHeightLattice`, the core concept of lattice-based static
|
|
|
|
|
|
program analyses. See the documentation on that class for more information. -/
|
|
|
|
|
|
|
2026-06-09 18:36:43 -07:00
|
|
|
|
namespace Spa
|
|
|
|
|
|
|
2026-06-25 15:39:51 -05:00
|
|
|
|
/-- Predicate for binary functions independently monotone in both their arguments. -/
|
2026-06-09 18:36:43 -07:00
|
|
|
|
def Monotone₂ {α β γ : Type*} [Preorder α] [Preorder β] [Preorder γ]
|
|
|
|
|
|
(f : α → β → γ) : Prop :=
|
2026-06-22 18:33:48 -05:00
|
|
|
|
(∀ b, Monotone (f · b)) ∧ (∀ a, Monotone (f a ·))
|
2026-06-09 18:36:43 -07:00
|
|
|
|
|
|
|
|
|
|
section Folds
|
|
|
|
|
|
|
|
|
|
|
|
variable {α β : Type*} [Preorder α] [Preorder β]
|
|
|
|
|
|
|
2026-06-25 15:39:51 -05:00
|
|
|
|
/-- (right) folds are monotonic in both their arguments if the underlying accumulator function is. -/
|
2026-06-25 13:59:08 -05:00
|
|
|
|
lemma foldr_mono {l₁ l₂ : List α} (f : α → β → β) {b₁ b₂ : β}
|
2026-06-09 18:36:43 -07:00
|
|
|
|
(hl : List.Forall₂ (· ≤ ·) l₁ l₂) (hb : b₁ ≤ b₂)
|
2026-06-25 15:39:51 -05:00
|
|
|
|
(hf₁ : ∀ b, Monotone (f · b)) (hf₂ : ∀ a, Monotone (f a ·)) :
|
2026-06-09 18:36:43 -07:00
|
|
|
|
l₁.foldr f b₁ ≤ l₂.foldr f b₂ := by
|
|
|
|
|
|
induction hl with
|
|
|
|
|
|
| nil => exact hb
|
|
|
|
|
|
| cons hxy _ ih =>
|
|
|
|
|
|
exact le_trans (hf₁ _ hxy) (hf₂ _ ih)
|
|
|
|
|
|
|
2026-06-25 15:39:51 -05:00
|
|
|
|
/-- (left) folds are monotinic in both their arguments if the underlying accumulator function is. -/
|
2026-06-25 13:59:08 -05:00
|
|
|
|
lemma foldl_mono {l₁ l₂ : List α} (f : β → α → β) {b₁ b₂ : β}
|
2026-06-09 18:36:43 -07:00
|
|
|
|
(hl : List.Forall₂ (· ≤ ·) l₁ l₂) (hb : b₁ ≤ b₂)
|
2026-06-25 15:39:51 -05:00
|
|
|
|
(hf₁ : ∀ a, Monotone (f · a)) (hf₂ : ∀ b, Monotone (f b ·)) :
|
2026-06-09 18:36:43 -07:00
|
|
|
|
l₁.foldl f b₁ ≤ l₂.foldl f b₂ := by
|
|
|
|
|
|
induction hl generalizing b₁ b₂ with
|
|
|
|
|
|
| nil => exact hb
|
|
|
|
|
|
| cons hxy _ ih =>
|
|
|
|
|
|
exact ih (le_trans (hf₁ _ hb) (hf₂ _ hxy))
|
|
|
|
|
|
|
|
|
|
|
|
omit [Preorder α] in
|
2026-06-25 15:39:51 -05:00
|
|
|
|
/-- (right) folds on a particular list are monotonic if the underlying accumulator is monotonic in its accumulator argument. -/
|
2026-06-25 13:59:08 -05:00
|
|
|
|
lemma foldr_mono' (l : List α) (f : α → β → β)
|
2026-06-25 15:39:51 -05:00
|
|
|
|
(hf : ∀ a, Monotone (f a ·)) : Monotone (l.foldr f ·) := by
|
2026-06-09 18:36:43 -07:00
|
|
|
|
intro b₁ b₂ hb
|
|
|
|
|
|
induction l with
|
|
|
|
|
|
| nil => exact hb
|
|
|
|
|
|
| cons x xs ih => exact hf x ih
|
|
|
|
|
|
|
|
|
|
|
|
omit [Preorder α] in
|
2026-06-25 15:39:51 -05:00
|
|
|
|
/-- (left) folds on a particular list are monotonic if the underlying accumulator is monotonic in its accumulator argument. -/
|
2026-06-25 13:59:08 -05:00
|
|
|
|
lemma foldl_mono' (l : List α) (f : β → α → β)
|
2026-06-22 18:33:48 -05:00
|
|
|
|
(hf : ∀ a, Monotone (f · a)) : Monotone fun b => l.foldl f b := by
|
2026-06-09 18:36:43 -07:00
|
|
|
|
intro b₁ b₂ hb
|
|
|
|
|
|
induction l generalizing b₁ b₂ with
|
|
|
|
|
|
| nil => exact hb
|
|
|
|
|
|
| cons x xs ih => exact ih (hf x hb)
|
|
|
|
|
|
|
|
|
|
|
|
end Folds
|
|
|
|
|
|
|
2026-06-25 15:39:51 -05:00
|
|
|
|
/-- Predicate on types with `Preorder` that claims all $<$ chains in the type have at most `n` comparisons. -/
|
2026-06-09 18:36:43 -07:00
|
|
|
|
def BoundedChains (α : Type*) [Preorder α] (n : ℕ) : Prop :=
|
|
|
|
|
|
∀ c : LTSeries α, c.length ≤ n
|
|
|
|
|
|
|
2026-06-25 15:39:51 -05:00
|
|
|
|
/-- A finite height lattice is a lattice in which all chains $a < \ldots < z$ have a maximum height `height`. -/
|
2026-06-25 18:42:28 -05:00
|
|
|
|
class FiniteHeightLattice (α : Type*) extends Lattice α where
|
|
|
|
|
|
longestChain : LTSeries α
|
|
|
|
|
|
chains_bounded : BoundedChains α longestChain.length
|
|
|
|
|
|
|
|
|
|
|
|
-- a < ... < z
|
|
|
|
|
|
-- ----------- length <= height
|
2026-06-09 18:36:43 -07:00
|
|
|
|
|
2026-06-24 13:30:27 -05:00
|
|
|
|
namespace FiniteHeightLattice
|
2026-06-09 18:36:43 -07:00
|
|
|
|
|
2026-06-25 18:42:28 -05:00
|
|
|
|
def height (α : Type*) [FiniteHeightLattice α] : ℕ :=
|
|
|
|
|
|
(longestChain (α := α)).length
|
|
|
|
|
|
|
|
|
|
|
|
variable (α : Type*) [FiniteHeightLattice α]
|
|
|
|
|
|
|
|
|
|
|
|
instance (priority := 100) : Bot α := ⟨(longestChain (α := α)).head⟩
|
|
|
|
|
|
instance (priority := 100) : Top α := ⟨(longestChain (α := α)).last⟩
|
2026-06-09 18:36:43 -07:00
|
|
|
|
|
2026-06-25 15:39:51 -05:00
|
|
|
|
/-- The bottom element `⊥` of a finite height lattice is _actually_ the least element. -/
|
2026-06-25 13:59:08 -05:00
|
|
|
|
lemma bot_le (a : α) : (⊥ : α) ≤ a := by
|
2026-06-22 18:33:48 -05:00
|
|
|
|
by_cases heq : ⊥ ⊓ a = ⊥
|
2026-06-09 18:36:43 -07:00
|
|
|
|
· exact inf_eq_left.mp heq
|
|
|
|
|
|
· exfalso
|
2026-06-25 18:42:28 -05:00
|
|
|
|
have hlt : ⊥ ⊓ a < (longestChain (α := α)).head :=
|
|
|
|
|
|
lt_of_le_of_ne inf_le_left heq
|
|
|
|
|
|
have hbound := chains_bounded ((longestChain (α := α)).cons (⊥ ⊓ a) hlt)
|
|
|
|
|
|
rw [RelSeries.cons_length] at hbound
|
|
|
|
|
|
omega
|
|
|
|
|
|
|
|
|
|
|
|
/-- The top element `⊤` of a finite height lattice is _actually_ the greatest element. -/
|
|
|
|
|
|
lemma le_top (a : α) : a ≤ (⊤ : α) := by
|
|
|
|
|
|
by_cases heq : a ⊔ ⊤ = ⊤
|
|
|
|
|
|
· exact sup_eq_right.mp heq
|
|
|
|
|
|
· exfalso
|
|
|
|
|
|
have hlt : (longestChain (α := α)).last < a ⊔ ⊤ :=
|
|
|
|
|
|
lt_of_le_of_ne le_sup_right (Ne.symm heq)
|
|
|
|
|
|
have hbound := chains_bounded ((longestChain (α := α)).snoc (a ⊔ ⊤) hlt)
|
|
|
|
|
|
rw [RelSeries.snoc_length] at hbound
|
2026-06-22 18:46:58 -05:00
|
|
|
|
omega
|
2026-06-09 18:36:43 -07:00
|
|
|
|
|
Lean migration: typeclass-based parameter passing, as in the Agda original
The port had flattened Agda's instance arguments ({{flA}}, {{evaluator}},
{{latticeInterpretation}}, {{validEvaluator}}) into explicitly threaded
values (fhL, E, I, hE). Restore them as typeclasses:
- Spa.FiniteHeightLattice: now actually used — Fixedpoint takes the
instance instead of a FixedHeight value; FiniteMap gets the missing
instance (height = ks.length * height B), so varsFixedHeight /
statesFixedHeight / signFixedHeight / constFixedHeight plumbing
disappears (instance bottoms are defeq to the old ones)
- Spa.Analysis.Forward.Evaluation: StmtEvaluator/ExprEvaluator become
classes; the Valid* Props become Prop-classes, as in Agda
- Spa.Analysis.Forward.Adapters: the expr→stmt adapter and its validity
are instances (Agda: the ExprToStmtAdapter instances)
- LatticeInterpretation is a class; sign/const interpretations,
evaluators and validity proofs are instances; use sites read like the
Agda module applications: result SignLattice prog
Proof simplifications (same theorems, proofs factored):
- Spa.Lattice.AboveBelow.monotone₂_of_strict: any ⊥-strict/⊤-dominated
operation on a flat lattice is monotone — replaces the four near-
identical case bashes per analysis (postulates in Agda)
- Spa.Lattice.AboveBelow.interp_sup_of/interp_inf_of: the shared flat-
lattice interpretation case analysis, making interpSign_sup/inf and
interpConst_sup/inf one-liners
lake build green with zero warnings; lake exe spa output verified
byte-identical (diff) to the previous, Agda-verified output.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-06-09 23:32:38 -07:00
|
|
|
|
end FiniteHeightLattice
|
|
|
|
|
|
|
2026-06-09 18:36:43 -07:00
|
|
|
|
end Spa
|