Adjust 'to' to make it easier to reason about

Signed-off-by: Danila Fedorin <danila.fedorin@gmail.com>

Lattice/FiniteValueMap.agda

@@ -19,6 +19,8 @@ open import Data.List using (List; length; []; _∷_)
 open import Utils using (Unique; push; empty)
 open import Data.Product using (_,_)
 open import Data.List.Properties using (∷-injectiveʳ)
+open import Data.List.Relation.Unary.All using (All)
+open import Relation.Nullary using (¬_)
 
 open import Lattice.FiniteMap A B _≈₂_ _⊔₂_ _⊓₂_ ≈-dec-A lB public
 
@@ -35,7 +37,15 @@ module IterProdIsomorphism where
     to {[]} _ ⊤ = (([] , empty) , refl)
     to {k ∷ ks'} (push k≢ks' uks') (v , rest)
         with to uks' rest
-    ...   | ((kvs' , ukvs') , refl) = (((k , v) ∷ kvs' , push k≢ks' ukvs') , refl)
+    ...   | ((kvs' , ukvs') , kvs'≡ks') =
+            let
+                -- This would be easier if we pattern matched on the equiality proof
+                -- to get refl, but that makes it harder to reason about 'to' when
+                -- the arguments are not known to be refl.
+                k≢kvs' = subst (λ ks → All (λ k' → ¬ k ≡ k') ks) (sym kvs'≡ks') k≢ks'
+                kvs≡ks = cong (k ∷_) kvs'≡ks'
+            in
+                (((k , v) ∷ kvs' , push k≢kvs' ukvs') , kvs≡ks)
 
 
     private