Adopt lemma as the default keyword

Convert every theorem to lemma (mathlib's default) except the headline results a reader of each module seeks out: analyze_correct (Forward/Sign/Constant), aFix_eq/aFix_le (Fixedpoint), trace (Language), and Stmt.cfg_sufficient (Language/Properties). lemma and theorem are interchangeable keywords, so no references change. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-25 13:59:08 -05:00
parent 5c9c8ac55c
commit e2df847139
20 changed files with 143 additions and 143 deletions
--- a/lean/Spa/Analysis/Constant.lean
+++ b/lean/Spa/Analysis/Constant.lean
@@ -27,13 +27,13 @@ def minus : ConstLattice → ConstLattice → ConstLattice
  | _, top => top
  | mk z₁, mk z₂ => mk (z₁ - z₂)

-theorem plus_mono₂ : Monotone₂ plus :=
+lemma plus_mono₂ : Monotone₂ plus :=
  AboveBelow.monotone₂_of_strict plus
    (fun y => by cases y <;> rfl) (fun x => by cases x <;> rfl)
    (fun y hy => by cases y <;> first | exact absurd rfl hy | rfl)
    (fun x hx => by cases x <;> first | exact absurd rfl hx | rfl)

-theorem minus_mono₂ : Monotone₂ minus :=
+lemma minus_mono₂ : Monotone₂ minus :=
  AboveBelow.monotone₂_of_strict minus
    (fun y => by cases y <;> rfl) (fun x => by cases x <;> rfl)
    (fun y hy => by cases y <;> first | exact absurd rfl hy | rfl)
@@ -44,7 +44,7 @@ def interpConst : ConstLattice → Value → Prop
  | .top, _ => True
  | .mk z, v => v = .int z

-theorem interpConst_mk_disjoint {z₁ z₂ : ℤ} (hne : z₁ ≠ z₂) {v : Value} :
+lemma interpConst_mk_disjoint {z₁ z₂ : ℤ} (hne : z₁ ≠ z₂) {v : Value} :
    ¬(interpConst (.mk z₁) v ∧ interpConst (.mk z₂) v) := by
  rintro ⟨h₁, h₂⟩
  rw [h₁] at h₂
@@ -65,7 +65,7 @@ def eval : Expr → VariableValues ConstLattice prog → ConstLattice
    if h : FiniteMap.MemKey k vs then (FiniteMap.locate h).1 else .top
  | .num n, _ => .mk n

-theorem eval_mono (e : Expr) : Monotone (eval prog e) := by
+lemma eval_mono (e : Expr) : Monotone (eval prog e) := by
  induction e with
  | add e₁ e₂ ih₁ ih₂ =>
    intro vs₁ vs₂ h
@@ -93,7 +93,7 @@ instance exprEvaluator : ExprEvaluator ConstLattice prog :=
 def output : String :=
  show' (result ConstLattice prog)

-theorem plus_valid {g₁ g₂ : ConstLattice} {z₁ z₂ : ℤ}
+lemma plus_valid {g₁ g₂ : ConstLattice} {z₁ z₂ : ℤ}
    (h₁ : ⟦g₁⟧ (.int z₁)) (h₂ : ⟦g₂⟧ (.int z₂)) :
    ⟦plus g₁ g₂⟧ (.int (z₁ + z₂)) := by
  rcases g₁ with _ | _ | c₁
@@ -110,7 +110,7 @@ theorem plus_valid {g₁ g₂ : ConstLattice} {z₁ z₂ : ℤ}
      show Value.int (z₁ + z₂) = Value.int (c₁ + c₂)
      rw [hz₁, hz₂]

-theorem minus_valid {g₁ g₂ : ConstLattice} {z₁ z₂ : ℤ}
+lemma minus_valid {g₁ g₂ : ConstLattice} {z₁ z₂ : ℤ}
    (h₁ : ⟦g₁⟧ (.int z₁)) (h₂ : ⟦g₂⟧ (.int z₂)) :
    ⟦minus g₁ g₂⟧ (.int (z₁ - z₂)) := by
  rcases g₁ with _ | _ | c₁
--- a/lean/Spa/Analysis/Forward.lean
+++ b/lean/Spa/Analysis/Forward.lean
@@ -13,7 +13,7 @@ def updateVariablesForState (s : prog.State) (sv : StateVariables L prog) :
    VariableValues L prog :=
  (prog.code s).foldl (fun vs bs => E.eval s bs vs) (variablesAt s sv)

-theorem updateVariablesForState_mono (s : prog.State) :
+lemma updateVariablesForState_mono (s : prog.State) :
    Monotone (updateVariablesForState (L := L) s) := fun _ _ hle =>
  foldl_mono' (prog.code s) _ (E.eval_mono s ·) (variablesAt_le hle s)

@@ -21,15 +21,15 @@ def updateAll (sv : StateVariables L prog) : StateVariables L prog :=
  FiniteMap.generalizedUpdate id updateVariablesForState
    prog.states sv

-theorem updateAll_mono : Monotone (updateAll (L := L) (prog := prog)) :=
+lemma updateAll_mono : Monotone (updateAll (L := L) (prog := prog)) :=
  FiniteMap.generalizedUpdate_monotone monotone_id updateVariablesForState_mono

-theorem updateAll_mem_eq {s : prog.State} {vs : VariableValues L prog}
+lemma updateAll_mem_eq {s : prog.State} {vs : VariableValues L prog}
    {sv : StateVariables L prog} (hmem : (s, vs) ∈ updateAll sv) :
    vs = updateVariablesForState s sv :=
  FiniteMap.generalizedUpdate_mem_eq (prog.states_complete s) hmem

-theorem variablesAt_updateAll (s : prog.State) (sv : StateVariables L prog) :
+lemma variablesAt_updateAll (s : prog.State) (sv : StateVariables L prog) :
    variablesAt s (updateAll sv) = updateVariablesForState s sv :=
  updateAll_mem_eq (variablesAt_mem s (updateAll sv))

@@ -38,7 +38,7 @@ variable [FiniteHeightLattice L]
 def analyze (sv : StateVariables L prog) : StateVariables L prog :=
  updateAll (joinAll sv)

-theorem analyze_mono : Monotone (analyze (L := L) (prog := prog)) := fun _ _ hle =>
+lemma analyze_mono : Monotone (analyze (L := L) (prog := prog)) := fun _ _ hle =>
  updateAll_mono (joinAll_mono hle)

 variable [DecidableEq L]
@@ -48,10 +48,10 @@ def result : StateVariables L prog :=
  Fixedpoint.aFix analyze analyze_mono

 variable (L prog) in
-theorem result_eq : result L prog = analyze (result L prog) :=
+lemma result_eq : result L prog = analyze (result L prog) :=
  Fixedpoint.aFix_eq analyze analyze_mono

-theorem joinForKey_initialState :
+lemma joinForKey_initialState :
    joinForKey prog.initialState (result L prog) = botV L prog := by
  rw [joinForKey, prog.incoming_initialState_eq_nil]
  rfl
@@ -59,7 +59,7 @@ theorem joinForKey_initialState :
 variable [I : LatticeInterpretation L] [V : ValidStmtEvaluator L prog]

 omit [FiniteHeightLattice L] [DecidableEq L] in
-theorem eval_fold_valid {s : prog.State} {bss : List BasicStmt}
+lemma eval_fold_valid {s : prog.State} {bss : List BasicStmt}
    {vs : VariableValues L prog} {ρ₁ ρ₂ : Env}
    (hbss : EvalBasicStmts ρ₁ bss ρ₂) (hvs : ⟦ vs ⟧ ρ₁) :
    ⟦ bss.foldl (fun vs bs => E.eval s bs vs) vs ⟧ ρ₂ := by
@@ -68,7 +68,7 @@ theorem eval_fold_valid {s : prog.State} {bss : List BasicStmt}
  | cons hbs _ ih => exact ih (ValidStmtEvaluator.valid hbs hvs)

 omit [FiniteHeightLattice L] [DecidableEq L] in
-theorem updateVariablesForState_matches {s : prog.State}
+lemma updateVariablesForState_matches {s : prog.State}
    {sv : StateVariables L prog} {ρ₁ ρ₂ : Env}
    (hbss : EvalBasicStmts ρ₁ (prog.code s) ρ₂)
    (hvs : ⟦ variablesAt s sv ⟧ ρ₁) :
@@ -76,14 +76,14 @@ theorem updateVariablesForState_matches {s : prog.State}
  eval_fold_valid hbss hvs

 omit [FiniteHeightLattice L] [DecidableEq L] in
-theorem updateAll_matches {s : prog.State} {sv : StateVariables L prog}
+lemma updateAll_matches {s : prog.State} {sv : StateVariables L prog}
    {ρ₁ ρ₂ : Env} (hbss : EvalBasicStmts ρ₁ (prog.code s) ρ₂)
    (hvs : ⟦ variablesAt s sv ⟧ ρ₁) :
    ⟦ variablesAt s (updateAll sv) ⟧ ρ₂ := by
  rw [variablesAt_updateAll]
  exact updateVariablesForState_matches hbss hvs

-theorem stepTrace {s₁ : prog.State} {ρ₁ ρ₂ : Env}
+lemma stepTrace {s₁ : prog.State} {ρ₁ ρ₂ : Env}
    (hjoin : ⟦ joinForKey s₁ (result L prog) ⟧ ρ₁)
    (hbss : EvalBasicStmts ρ₁ (prog.code s₁) ρ₂) :
    ⟦ variablesAt s₁ (result L prog) ⟧ ρ₂ := by
@@ -92,7 +92,7 @@ theorem stepTrace {s₁ : prog.State} {ρ₁ ρ₂ : Env}
  rw [variablesAt_joinAll]
  exact hjoin

-theorem walkTrace {s₁ s₂ : prog.State} {ρ₁ ρ₂ : Env}
+lemma walkTrace {s₁ s₂ : prog.State} {ρ₁ ρ₂ : Env}
    (hjoin : ⟦ joinForKey s₁ (result L prog) ⟧ ρ₁)
    (tr : Trace prog.cfg s₁ s₂ ρ₁ ρ₂) :
    ⟦ variablesAt s₂ (result L prog) ⟧ ρ₂ := by
@@ -108,7 +108,7 @@ theorem walkTrace {s₁ s₂ : prog.State} {ρ₁ ρ₂ : Env}
    exact ih (interp_foldr hstep hmem)

 omit V in
-theorem interp_joinForKey_initialState :
+lemma interp_joinForKey_initialState :
    ⟦ joinForKey prog.initialState (result L prog) ⟧ [] := by
  rw [joinForKey_initialState]
  exact interp_botV_nil
--- a/lean/Spa/Analysis/Forward/Adapters.lean
+++ b/lean/Spa/Analysis/Forward/Adapters.lean
@@ -10,7 +10,7 @@ def updateVariablesFromExpression (k : String) (e : Expr)
    (vs : VariableValues L prog) : VariableValues L prog :=
  FiniteMap.generalizedUpdate id (fun _ vs => E.eval e vs) [k] vs

-theorem updateVariablesFromExpression_mono (k : String) (e : Expr) :
+lemma updateVariablesFromExpression_mono (k : String) (e : Expr) :
    Monotone (updateVariablesFromExpression (L := L) (prog := prog) k e) :=
  FiniteMap.generalizedUpdate_monotone monotone_id (fun _ => E.eval_mono e)

@@ -20,7 +20,7 @@ def evalBasicStmt (_ : prog.State) (bs : BasicStmt)
  | .assign k e => updateVariablesFromExpression k e vs
  | .noop => vs

-theorem evalBasicStmt_mono (s : prog.State) (bs : BasicStmt) :
+lemma evalBasicStmt_mono (s : prog.State) (bs : BasicStmt) :
    Monotone (evalBasicStmt (L := L) (prog := prog) s bs) := by
  cases bs with
  | assign k e => exact updateVariablesFromExpression_mono k e
--- a/lean/Spa/Analysis/Forward/Lattices.lean
+++ b/lean/Spa/Analysis/Forward/Lattices.lean
@@ -18,7 +18,7 @@ def botV [FiniteHeightLattice L] : VariableValues L prog :=
 variable {L prog}

 omit [Lattice L] in
-theorem states_memKey (s : prog.State) (sv : StateVariables L prog) :
+lemma states_memKey (s : prog.State) (sv : StateVariables L prog) :
    FiniteMap.MemKey s sv :=
  FiniteMap.MemKey_iff.mpr (prog.states_complete s)

@@ -27,11 +27,11 @@ def variablesAt (s : prog.State) (sv : StateVariables L prog) :
  (FiniteMap.locate (states_memKey s sv)).1

 omit [Lattice L] in
-theorem variablesAt_mem (s : prog.State) (sv : StateVariables L prog) :
+lemma variablesAt_mem (s : prog.State) (sv : StateVariables L prog) :
    (s, variablesAt s sv) ∈ sv :=
  (FiniteMap.locate (states_memKey s sv)).2

-theorem variablesAt_le {sv₁ sv₂ : StateVariables L prog} (hle : sv₁ ≤ sv₂)
+lemma variablesAt_le {sv₁ sv₂ : StateVariables L prog} (hle : sv₁ ≤ sv₂)
    (s : prog.State) : variablesAt s sv₁ ≤ variablesAt s sv₂ :=
  FiniteMap.le_of_mem_mem prog.states_nodup hle
    (variablesAt_mem s sv₁) (variablesAt_mem s sv₂)
@@ -42,7 +42,7 @@ def joinForKey (k : prog.State) (sv : StateVariables L prog) :
    VariableValues L prog :=
  (sv.valuesAt (prog.incoming k)).foldr (· ⊔ ·) (botV L prog)

-theorem joinForKey_mono (k : prog.State) :
+lemma joinForKey_mono (k : prog.State) :
    Monotone (joinForKey (L := L) k) := by
  intro sv₁ sv₂ hle
  exact foldr_mono _ (FiniteMap.valuesAt_le hle (prog.incoming k)) (le_refl _)
@@ -52,15 +52,15 @@ theorem joinForKey_mono (k : prog.State) :
 def joinAll (sv : StateVariables L prog) : StateVariables L prog :=
  FiniteMap.generalizedUpdate id joinForKey prog.states sv

-theorem joinAll_mono : Monotone (joinAll (L := L) (prog := prog)) :=
+lemma joinAll_mono : Monotone (joinAll (L := L) (prog := prog)) :=
  FiniteMap.generalizedUpdate_monotone monotone_id joinForKey_mono

-theorem joinAll_mem_eq {s : prog.State} {vs : VariableValues L prog}
+lemma joinAll_mem_eq {s : prog.State} {vs : VariableValues L prog}
    {sv : StateVariables L prog} (h : (s, vs) ∈ joinAll sv) :
    vs = joinForKey s sv :=
  FiniteMap.generalizedUpdate_mem_eq (prog.states_complete s) h

-theorem variablesAt_joinAll (s : prog.State) (sv : StateVariables L prog) :
+lemma variablesAt_joinAll (s : prog.State) (sv : StateVariables L prog) :
    variablesAt s (joinAll sv) = joinForKey s sv :=
  joinAll_mem_eq (variablesAt_mem s (joinAll sv))

@@ -74,12 +74,12 @@ instance : Interp (VariableValues L prog) (Env → Prop) where
    ∀ (k : String) (l : L), (k, l) ∈ vs →
      ∀ (v : Value), Env.Mem (k, v) ρ → I.interp l v

-theorem interp_botV_nil : ⟦ botV L prog ⟧ [] := by
+lemma interp_botV_nil : ⟦ botV L prog ⟧ [] := by
  intro k l _ v hmem
  cases hmem

 omit [FiniteHeightLattice L] in
-theorem interp_sup {vs₁ vs₂ : VariableValues L prog} {ρ : Env}
+lemma interp_sup {vs₁ vs₂ : VariableValues L prog} {ρ : Env}
    (h : ⟦ vs₁⟧ ρ ∨ ⟦ vs₂ ⟧ ρ) : ⟦ vs₁ ⊔ vs₂ ⟧ ρ := by
  intro k l hmem v hv
  obtain ⟨l₁, l₂, rfl, h₁, h₂⟩ := FiniteMap.mem_sup hmem
@@ -87,7 +87,7 @@ theorem interp_sup {vs₁ vs₂ : VariableValues L prog} {ρ : Env}
  · exact I.interp_sup v (Or.inl (h _ _ h₁ _ hv))
  · exact I.interp_sup v (Or.inr (h _ _ h₂ _ hv))

-theorem interp_foldr {vs : VariableValues L prog}
+lemma interp_foldr {vs : VariableValues L prog}
    {vss : List (VariableValues L prog)} {ρ : Env}
    (hvs : ⟦ vs ⟧ ρ) (hmem : vs ∈ vss) :
    ⟦ vss.foldr (· ⊔ ·) (botV L prog) ⟧ ρ := by
--- a/lean/Spa/Analysis/Reaching.lean
+++ b/lean/Spa/Analysis/Reaching.lean
@@ -23,7 +23,7 @@ def eval (s : prog.State) :
    FiniteMap.generalizedUpdate id (fun _ _ => genSet prog s) [k] vs
  | .noop, vs => vs

-theorem eval_mono (s : prog.State) (bs : BasicStmt) :
+lemma eval_mono (s : prog.State) (bs : BasicStmt) :
    Monotone (eval prog s bs) := by
  cases bs with
  | assign k e =>
--- a/lean/Spa/Analysis/Sign.lean
+++ b/lean/Spa/Analysis/Sign.lean
@@ -55,7 +55,7 @@ def minus : SignLattice → SignLattice → SignLattice
  | mk .zero, mk .minus => mk .plus
  | mk .zero, mk .zero => mk .zero

-theorem plus_mono₂ : Monotone₂ plus :=
+lemma plus_mono₂ : Monotone₂ plus :=
  AboveBelow.monotone₂_of_strict plus
    (fun y => by cases y <;> rfl)
    (fun x => by rcases x with _ | _ | s <;> first | rfl | (cases s <;> rfl))
@@ -64,7 +64,7 @@ theorem plus_mono₂ : Monotone₂ plus :=
      rcases x with _ | _ | s <;>
        first | exact absurd rfl hx | rfl | (cases s <;> rfl))

-theorem minus_mono₂ : Monotone₂ minus :=
+lemma minus_mono₂ : Monotone₂ minus :=
  AboveBelow.monotone₂_of_strict minus
    (fun y => by cases y <;> rfl)
    (fun x => by rcases x with _ | _ | s <;> first | rfl | (cases s <;> rfl))
@@ -80,7 +80,7 @@ def interpSign : SignLattice → Value → Prop
  | .mk .zero, v => v = .int 0
  | .mk .minus, v => ∃ n : ℕ, v = .int (-(n + 1))

-theorem interpSign_mk_disjoint {s₁ s₂ : Sign} (hne : s₁ ≠ s₂) {v : Value} :
+lemma interpSign_mk_disjoint {s₁ s₂ : Sign} (hne : s₁ ≠ s₂) {v : Value} :
    ¬(interpSign (.mk s₁) v ∧ interpSign (.mk s₂) v) := by
  rintro ⟨h₁, h₂⟩
  rcases s₁ <;> rcases s₂ <;> try exact hne rfl
@@ -125,7 +125,7 @@ def eval : Expr → VariableValues SignLattice prog → SignLattice
  | .num 0, _ => .mk .zero
  | .num (_ + 1), _ => .mk .plus

-theorem eval_mono (e : Expr) : Monotone (eval prog e) := by
+lemma eval_mono (e : Expr) : Monotone (eval prog e) := by
  induction e with
  | add e₁ e₂ ih₁ ih₂ =>
    intro vs₁ vs₂ h
@@ -154,18 +154,18 @@ def output : String :=
  show' (result SignLattice prog)

 /-- A nonneg-shifted interpretation `∃ n : ℕ, z = n + 1` just means `z` is positive. -/
-private theorem int_pos_iff (z : ℤ) : (∃ n : ℕ, z = (n : ℤ) + 1) ↔ 0 < z := by
+private lemma int_pos_iff (z : ℤ) : (∃ n : ℕ, z = (n : ℤ) + 1) ↔ 0 < z := by
  constructor
  · rintro ⟨n, rfl⟩; omega
  · intro h; exact ⟨(z - 1).toNat, by omega⟩

 /-- Dually, `∃ n : ℕ, z = -(n + 1)` just means `z` is negative. -/
-private theorem int_neg_iff (z : ℤ) : (∃ n : ℕ, z = -((n : ℤ) + 1)) ↔ z < 0 := by
+private lemma int_neg_iff (z : ℤ) : (∃ n : ℕ, z = -((n : ℤ) + 1)) ↔ z < 0 := by
  constructor
  · rintro ⟨n, rfl⟩; omega
  · intro h; exact ⟨(-z - 1).toNat, by omega⟩

-theorem plus_valid {g₁ g₂ : SignLattice} {z₁ z₂ : ℤ}
+lemma plus_valid {g₁ g₂ : SignLattice} {z₁ z₂ : ℤ}
    (h₁ : ⟦g₁⟧ (.int z₁)) (h₂ : ⟦g₂⟧ (.int z₂)) :
    ⟦plus g₁ g₂⟧ (.int (z₁ + z₂)) := by
  rcases g₁ with _ | _ | s₁ <;> rcases g₂ with _ | _ | s₂ <;>
@@ -174,7 +174,7 @@ theorem plus_valid {g₁ g₂ : SignLattice} {z₁ z₂ : ℤ}
      at h₁ h₂ ⊢ <;>
    omega

-theorem minus_valid {g₁ g₂ : SignLattice} {z₁ z₂ : ℤ}
+lemma minus_valid {g₁ g₂ : SignLattice} {z₁ z₂ : ℤ}
    (h₁ : ⟦g₁⟧ (.int z₁)) (h₂ : ⟦g₂⟧ (.int z₂)) :
    ⟦minus g₁ g₂⟧ (.int (z₁ - z₂)) := by
  rcases g₁ with _ | _ | s₁ <;> rcases g₂ with _ | _ | s₂ <;>
--- a/lean/Spa/Analysis/Utils.lean
+++ b/lean/Spa/Analysis/Utils.lean
@@ -2,7 +2,7 @@ import Spa.Lattice

 namespace Spa

-theorem eval_combine₂ {O : Type*} [Preorder O] {combine : O → O → O}
+lemma eval_combine₂ {O : Type*} [Preorder O] {combine : O → O → O}
    (hmono : Monotone₂ combine) {o₁ o₂ o₃ o₄ : O}
    (h₁ : o₁ ≤ o₃) (h₂ : o₂ ≤ o₄) : combine o₁ o₂ ≤ combine o₃ o₄ :=
  le_trans (hmono.1 o₂ h₁) (hmono.2 o₃ h₂)