Lean migration: typeclass-based parameter passing, as in the Agda original

The port had flattened Agda's instance arguments ({{flA}}, {{evaluator}}, {{latticeInterpretation}}, {{validEvaluator}}) into explicitly threaded values (fhL, E, I, hE). Restore them as typeclasses: - Spa.FiniteHeightLattice: now actually used — Fixedpoint takes the instance instead of a FixedHeight value; FiniteMap gets the missing instance (height = ks.length * height B), so varsFixedHeight / statesFixedHeight / signFixedHeight / constFixedHeight plumbing disappears (instance bottoms are defeq to the old ones) - Spa.Analysis.Forward.Evaluation: StmtEvaluator/ExprEvaluator become classes; the Valid* Props become Prop-classes, as in Agda - Spa.Analysis.Forward.Adapters: the expr→stmt adapter and its validity are instances (Agda: the ExprToStmtAdapter instances) - LatticeInterpretation is a class; sign/const interpretations, evaluators and validity proofs are instances; use sites read like the Agda module applications: result SignLattice prog Proof simplifications (same theorems, proofs factored): - Spa.Lattice.AboveBelow.monotone₂_of_strict: any ⊥-strict/⊤-dominated operation on a flat lattice is monotone — replaces the four near- identical case bashes per analysis (postulates in Agda) - Spa.Lattice.AboveBelow.interp_sup_of/interp_inf_of: the shared flat- lattice interpretation case analysis, making interpSign_sup/inf and interpConst_sup/inf one-liners lake build green with zero warnings; lake exe spa output verified byte-identical (diff) to the previous, Agda-verified output. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-06-09 23:32:38 -07:00
parent b26d6b5acd
commit b16f14fdfd
12 changed files with 338 additions and 407 deletions
--- a/lean/Spa/Fixedpoint.lean
+++ b/lean/Spa/Fixedpoint.lean
@@ -7,6 +7,10 @@ steps, or we would build a `<`-chain longer than the longest one. We
 deliberately do *not* use mathlib's `OrderHom.lfp` (different proof approach,
 and not computable).

+As in Agda — where the module took `{{flA : IsFiniteHeightLattice A h …}}` —
+the finite-height structure arrives by instance resolution
+(`[FiniteHeightLattice α]`); only `f` and its monotonicity are explicit.
+
 Correspondence:
  doStep             ↦ Spa.Fixedpoint.doStep   (the chain argument now carries
                                                 `a₁ = ⊥` and its length in the
@@ -21,55 +25,58 @@ import Spa.Lattice

 namespace Spa.Fixedpoint

-variable {α : Type*} [Lattice α] [DecidableEq α] {h : ℕ}
+open FiniteHeightLattice (height fixedHeight)
+
+variable {α : Type*} [Lattice α] [DecidableEq α] [FiniteHeightLattice α]

 /-- Agda: `doStep`. `g` is gas; the invariant `c.length + g = h + 1` guarantees
 that when gas runs out the chain contradicts boundedness. -/
-def doStep (fh : FixedHeight α h) (f : α → α) (hf : Monotone f) :
-    ∀ (g : ℕ) (c : LTSeries α), c.length + g = h + 1 →
+def doStep (f : α → α) (hf : Monotone f) :
+    ∀ (g : ℕ) (c : LTSeries α), c.length + g = height (α := α) + 1 →
      c.last ≤ f c.last → {a : α // a = f a}
  | 0, c, hlen, _ =>
-    absurd (fh.bounded c) (by omega)
+    absurd ((fixedHeight (α := α)).bounded c) (by omega)
  | g + 1, c, hlen, hle =>
    if heq : c.last = f c.last then
      ⟨c.last, heq⟩
    else
-      doStep fh f hf g (c.snoc (f c.last) (lt_of_le_of_ne hle heq))
+      doStep f hf g (c.snoc (f c.last) (lt_of_le_of_ne hle heq))
        (by simp [RelSeries.snoc]; omega)
        (by rw [RelSeries.last_snoc]; exact hf hle)

 /-- Agda: `fix`. Start iterating from `⊥`. -/
-def fix (fh : FixedHeight α h) (f : α → α) (hf : Monotone f) : {a : α // a = f a} :=
-  doStep fh f hf (h + 1) (RelSeries.singleton _ fh.bot)
+def fix (f : α → α) (hf : Monotone f) : {a : α // a = f a} :=
+  doStep f hf (height (α := α) + 1) (RelSeries.singleton _ (FiniteHeightLattice.bot α))
    (by simp)
-    (by simpa [RelSeries.last_singleton] using fh.bot_le (f fh.bot))
+    (by simpa [RelSeries.last_singleton]
+          using FiniteHeightLattice.bot_le α (f (FiniteHeightLattice.bot α)))

 /-- Agda: `aᶠ`. -/
-def aFix (fh : FixedHeight α h) (f : α → α) (hf : Monotone f) : α :=
-  (fix fh f hf).1
+def aFix (f : α → α) (hf : Monotone f) : α :=
+  (fix f hf).1

 /-- Agda: `aᶠ≈faᶠ`. -/
-theorem aFix_eq (fh : FixedHeight α h) (f : α → α) (hf : Monotone f) :
-    aFix fh f hf = f (aFix fh f hf) :=
-  (fix fh f hf).2
+theorem aFix_eq (f : α → α) (hf : Monotone f) :
+    aFix f hf = f (aFix f hf) :=
+  (fix f hf).2

 /-- Agda: `stepPreservesLess` — iteration stays below any fixed point. -/
-theorem doStep_le (fh : FixedHeight α h) (f : α → α) (hf : Monotone f)
+theorem doStep_le (f : α → α) (hf : Monotone f)
    {b : α} (hb : b = f b) :
-    ∀ (g : ℕ) (c : LTSeries α) (hlen : c.length + g = h + 1)
+    ∀ (g : ℕ) (c : LTSeries α) (hlen : c.length + g = height (α := α) + 1)
      (hle : c.last ≤ f c.last), c.last ≤ b →
-      (doStep fh f hf g c hlen hle : α) ≤ b
-  | 0, c, hlen, _ => fun _ => absurd (fh.bounded c) (by omega)
+      (doStep f hf g c hlen hle : α) ≤ b
+  | 0, c, hlen, _ => fun _ => absurd ((fixedHeight (α := α)).bounded c) (by omega)
  | g + 1, c, hlen, hle => fun hcb => by
    rw [doStep]
    split
    · exact hcb
-    · exact doStep_le fh f hf hb g _ _ _
+    · exact doStep_le f hf hb g _ _ _
        (by rw [RelSeries.last_snoc]; exact le_of_le_of_eq (hf hcb) hb.symm)

 /-- Agda: `aᶠ≼` — `aFix` is below every fixed point of `f`. -/
-theorem aFix_le (fh : FixedHeight α h) (f : α → α) (hf : Monotone f)
-    {a : α} (ha : a = f a) : aFix fh f hf ≤ a :=
-  doStep_le fh f hf ha _ _ _ _ (by simpa using fh.bot_le a)
+theorem aFix_le (f : α → α) (hf : Monotone f)
+    {a : α} (ha : a = f a) : aFix f hf ≤ a :=
+  doStep_le f hf ha _ _ _ _ (by simpa using FiniteHeightLattice.bot_le α a)

 end Spa.Fixedpoint