moved set theory and its realizations into Bware repository

3c0b61f8 · MARCHE Claude · f3a91eff · 3c0b61f8 · 3c0b61f8 · 3c0b61f8
Commit 3c0b61f8 authored Oct 29, 2012 by MARCHE Claude
15 changed files
--- a/.gitignore
+++ b/.gitignore
@@ -204,3 +204,4 @@ pvsbin/
 /src/jessie/config.status
 /src/jessie/Makefile
 /src/jessie/ptests_local_config.ml
+/src/jessie/tests/basic/result/*.log
\ No newline at end of file
--- a/Makefile.in
+++ b/Makefile.in
@@ -848,17 +848,13 @@ COQLIBS_NUMBER = $(addprefix lib/coq/number/, $(COQLIBS_NUMBER_FILES))
 COQLIBS_SET_FILES = Set
 COQLIBS_SET = $(addprefix lib/coq/set/, $(COQLIBS_SET_FILES))

-COQLIBS_SETTHEORY_FILES = Interval PowerSet Relation Identity Image \
-	InverseDomRan Function
-COQLIBS_SETTHEORY = $(addprefix lib/coq/settheory/, $(COQLIBS_SETTHEORY_FILES))
-
 ifeq (@enable_coq_fp_libs@,yes)
 COQLIBS_FP_FILES = Rounding SingleFormat Single DoubleFormat Double
 COQLIBS_FP_ALL_FILES = GenFloat $(COQLIBS_FP_FILES)
 COQLIBS_FP = $(addprefix lib/coq/floating_point/, $(COQLIBS_FP_ALL_FILES))
 endif

-COQLIBS_FILES = lib/coq/BuiltIn $(COQLIBS_INT) $(COQLIBS_REAL) $(COQLIBS_NUMBER) $(COQLIBS_SET) $(COQLIBS_SETTHEORY) $(COQLIBS_FP)
+COQLIBS_FILES = lib/coq/BuiltIn $(COQLIBS_INT) $(COQLIBS_REAL) $(COQLIBS_NUMBER) $(COQLIBS_SET) $(COQLIBS_FP)

 COQV  = $(addsuffix .v,  $(COQLIBS_FILES))
 COQVO = $(addsuffix .vo, $(COQLIBS_FILES))
@@ -884,8 +880,6 @@ drivers/coq-realizations.aux: Makefile
 	echo 'theory number.'"$$f"' meta "realized_theory" "number.'"$$f"'", "" end'; done; \
 	for f in $(COQLIBS_SET_FILES); do \
 	echo 'theory set.'"$$f"' meta "realized_theory" "set.'"$$f"'", "" end'; done; \
-	for f in $(COQLIBS_SETTHEORY_FILES); do \
-	echo 'theory settheory.'"$$f"' meta "realized_theory" "settheory.'"$$f"'", "" end'; done; \
 	for f in $(COQLIBS_FP_FILES); do \
 	echo 'theory floating_point.'"$$f"' meta "realized_theory" "floating_point.'"$$f"'", "" end'; done; \
 	) > $@
@@ -903,8 +897,6 @@ install_no_local::
 	cp $(addsuffix .vo, $(COQLIBS_NUMBER)) $(LIBDIR)/why3/coq/number/
 	mkdir -p $(LIBDIR)/why3/coq/set
 	cp $(addsuffix .vo, $(COQLIBS_SET)) $(LIBDIR)/why3/coq/set/
-	mkdir -p $(LIBDIR)/why3/coq/settheory
-	cp $(addsuffix .vo, $(COQLIBS_SETTHEORY)) $(LIBDIR)/why3/coq/settheory/
 ifeq (@enable_coq_fp_libs@,yes)
 	mkdir -p $(LIBDIR)/why3/coq/floating_point
 	cp $(addsuffix .vo, $(COQLIBS_FP)) $(LIBDIR)/why3/coq/floating_point/
@@ -924,7 +916,7 @@ depend: $(COQVD)
 clean::
 	rm -f $(COQVO) $(COQVD) $(addsuffix .glob, $(COQLIBS_FILES))

-update-coq: update-coq-int update-coq-real update-coq-number update-coq-set update-coq-settheory update-coq-fp
+update-coq: update-coq-int update-coq-real update-coq-number update-coq-set update-coq-fp

 update-coq-int: bin/why3 drivers/coq-realizations.aux theories/int.why
 	for f in $(COQLIBS_INT_ALL_FILES); do WHY3CONFIG="" bin/why3.@OCAMLBEST@ --realize -L theories -D drivers/coq-realize.drv -T int.$$f -o lib/coq/int/; done
@@ -938,9 +930,6 @@ update-coq-number: bin/why3 drivers/coq-realizations.aux theories/number.why
 update-coq-set: bin/why3 drivers/coq-realizations.aux theories/set.why
 	for f in $(COQLIBS_SET_FILES); do WHY3CONFIG="" bin/why3.@OCAMLBEST@ --realize -L theories -D drivers/coq-realize.drv -T set.$$f -o lib/coq/set/; done

-update-coq-settheory: bin/why3 drivers/coq-realizations.aux theories/settheory.why
-	for f in $(COQLIBS_SETTHEORY_FILES); do WHY3CONFIG="" bin/why3.@OCAMLBEST@ --realize -L theories -D drivers/coq-realize.drv -T settheory.$$f -o lib/coq/settheory/; done
-
 update-coq-fp: bin/why3 drivers/coq-realizations.aux theories/floating_point.why
 	for f in $(COQLIBS_FP_FILES); do WHY3CONFIG="" bin/why3.@OCAMLBEST@ --realize -L theories -D drivers/coq-realize.drv -T floating_point.$$f -o lib/coq/floating_point/; done

@@ -1293,8 +1282,7 @@ STDLIBS = algebra \
 	option \
 	real \
 	relations \
-	set \
-	settheory
+	set 
 # function ? sum ? tptp ?

 STDMODS = arith array hashtbl impset pqueue queue random ref stack string

--- a/Version
+++ b/Version
 # Why version
-VERSION=0.73+git
+VERSION=0.80




--- a/doc/intro.tex
+++ b/doc/intro.tex
@@ -22,7 +22,7 @@ extended with
 %\item Hilbert's epsilon construct
 \end{itemize}

-\todo{continue}
+% \todo{continue}

 \section{Organization of this document}


--- a/doc/macros.tex
+++ b/doc/macros.tex

-\newcommand{\todo}[1]{{\Huge\bfseries TODO: #1}}
+% \newcommand{\todo}[1]{{\Huge\bfseries TODO: #1}}

 \newcommand{\why}{\textsf{Why3}\xspace}
 \newcommand{\whyml}{\textsf{WhyML}\xspace}

--- a/doc/manual.tex
+++ b/doc/manual.tex
@@ -91,7 +91,7 @@

 \vfill

-\todo{NE PAS DISTRIBUER TANT QU'IL RESTE DES TODOS}
+% \todo{NE PAS DISTRIBUER TANT QU'IL RESTE DES TODOS}

 %BEGIN LATEX
 \begin{LARGE}
@@ -121,15 +121,15 @@
 \begin{flushleft}

 \begin{tabular}{l}
-$^1$ LRI, CNRS, Univ Paris-Sud, Orsay, F-91405 \\
-$^2$ Inria Saclay -- \^Ile-de-France, Toccata, Palaiseau, F-91120
+$^1$ LRI, CNRS \& University Paris-Sud, Orsay, F-91405 \\
+$^2$ Inria Saclay -- \^Ile-de-France, Palaiseau, F-91120
 \end{tabular}

 %BEGIN LATEX
 \bigskip
 %END LATEX

-  \textcopyright 2010-2012 Univ Paris-Sud, CNRS, Inria
+  \textcopyright 2010-2012 University Paris-Sud, CNRS, Inria

 \urldef{\urlutcat}{\url}{http://frama-c.cea.fr/u3cat}
 \urldef{\urlhilite}{\url}{http://www.open-do.org/projects/hi-lite/}

--- a/lib/coq/settheory/Function.v
+++ b/lib/coq/settheory/Function.v
--- a/lib/coq/settheory/Identity.v
+++ b/lib/coq/settheory/Identity.v
-(* This file is generated by Why3's Coq-realize driver *)
-(* Beware! Only edit allowed sections below    *)
-Require Import BuiltIn.
-Require BuiltIn.
-Require set.Set.
-Require settheory.Relation.
-Require settheory.InverseDomRan.
-Require settheory.Function.
-
-Import set.Set.
-
-(* Why3 goal *)
-Definition id: forall {a:Type} {a_WT:WhyType a}, (set.Set.set a) ->
-  (set.Set.set (a* a)%type).
-intros a a_WT s.
-exact (fun p => match p with (x,y) => s x /\ x=y end).
-Defined.
-
-(* Why3 goal *)
-Lemma id_def : forall {a:Type} {a_WT:WhyType a}, forall (x:a) (y:a)
-  (s:(set.Set.set a)), (set.Set.mem (x, y) (id s)) <-> ((set.Set.mem x s) /\
-  (x = y)).
-intros a a_WT x y s.
-unfold id, mem; tauto.
-Qed.
-
-Import settheory.InverseDomRan.
-
-(* Why3 goal *)
-Lemma id_dom : forall {a:Type} {a_WT:WhyType a}, forall (s:(set.Set.set a)),
-  ((settheory.InverseDomRan.dom (id s)) = s).
-intros a a_WT s.
-apply predicate_extensionality.
-unfold id, dom, mem; split.
-unfold mem.
-intros (y, (h1, h2)); auto.
-unfold mem.
-intro h.
-exists x; tauto.
-Qed.
-
-(* Why3 goal *)
-Lemma id_ran : forall {a:Type} {a_WT:WhyType a}, forall (s:(set.Set.set a)),
-  ((settheory.InverseDomRan.ran (id s)) = s).
-intros a a_WT s.
-apply predicate_extensionality.
-unfold id, ran, mem; split.
-unfold mem.
-intros (y, (h1, h2)); subst; auto.
-unfold mem.
-intro h.
-exists x; tauto.
-Qed.
-
-(* Why3 goal *)
-Lemma id_fun : forall {a:Type} {a_WT:WhyType a}, forall (s:(set.Set.set a)),
-  (set.Set.mem (id s) (settheory.Function.infix_plmngt s s)).
-intros a a_WT s.
-unfold Function.infix_plmngt, mem.
-split.
-rewrite id_dom.
-apply subset_refl.
-split.
-rewrite id_ran.
-apply subset_refl.
-unfold id; intuition.
-subst; auto.
-Qed.
-
-(* Why3 goal *)
-Lemma id_total_fun : forall {a:Type} {a_WT:WhyType a}, forall (s:(set.Set.set
-  a)), (set.Set.mem (id s) (settheory.Function.infix_mnmngt s s)).
-intros a a_WT s.
-unfold Function.infix_mnmngt, mem.
-split.
-apply id_fun.
-apply id_dom.
-Qed.
-
-
--- a/lib/coq/settheory/Image.v
+++ b/lib/coq/settheory/Image.v
-(* This file is generated by Why3's Coq-realize driver *)
-(* Beware! Only edit allowed sections below    *)
-Require Import BuiltIn.
-Require BuiltIn.
-Require set.Set.
-Require settheory.Relation.
-
-Import set.Set.
-
-(* Why3 goal *)
-Definition image: forall {a:Type} {a_WT:WhyType a} {b:Type} {b_WT:WhyType b},
-  (set.Set.set (a* b)%type) -> (set.Set.set a) -> (set.Set.set b).
-intros a a_WT b b_WT r s.
-exact (fun y => exists x:a, mem x s /\ mem (x,y) r).
-Defined.
-
-(* Why3 goal *)
-Lemma mem_image : forall {a:Type} {a_WT:WhyType a} {b:Type} {b_WT:WhyType b},
-  forall (r:(set.Set.set (a* b)%type)) (dom:(set.Set.set a)) (y:b),
-  (set.Set.mem y (image r dom)) <-> exists x:a, (set.Set.mem x dom) /\
-  (set.Set.mem (x, y) r).
-intros a a_WT b b_WT r dom y.
-unfold image, mem; intuition.
-Qed.
-
-(* Why3 goal *)
-Lemma image_union : forall {a:Type} {a_WT:WhyType a}
-  {b:Type} {b_WT:WhyType b}, forall (r:(set.Set.set (a* b)%type))
-  (s:(set.Set.set a)) (t:(set.Set.set a)), ((image r (set.Set.union s
-  t)) = (set.Set.union (image r s) (image r t))).
-intros a a_WT b b_WT r s t.
-apply predicate_extensionality; intros y.
-unfold image, union, mem.
-split.
-intros (x, ([h1 | h2] & h3)).
-left; exists x; auto.
-right; exists x; auto.
-intros [(x, h) | (x, h)]; exists x; intuition.
-Qed.
-
-(* Why3 goal *)
-Lemma image_add : forall {a:Type} {a_WT:WhyType a} {b:Type} {b_WT:WhyType b},
-  forall (r:(set.Set.set (a* b)%type)) (dom:(set.Set.set a)) (x:a), ((image r
-  (set.Set.add x dom)) = (set.Set.union (image r (set.Set.add x
-  (set.Set.empty :(set.Set.set a)))) (image r dom))).
-intros a a_WT b b_WT r dom z.
-apply predicate_extensionality; intros y.
-unfold image, union, add, mem.
-split.
-intros (x, ([h1 | h2] & h3)).
-left; exists x; auto.
-right; exists x; auto.
-intros [(x, h) | (x, h)].
-exists x; intuition.
-elimtype False; apply H1.
-exists x; intuition.
-Qed.
-
-
--- a/lib/coq/settheory/Interval.v
+++ b/lib/coq/settheory/Interval.v
-(* This file is generated by Why3's Coq-realize driver *)
-(* Beware! Only edit allowed sections below    *)
-Require Import BuiltIn.
-Require BuiltIn.
-Require int.Int.
-Require set.Set.
-
-Open Scope Z_scope.
-Import set.Set.
-
-(* Why3 goal *)
-Definition integer: (set.Set.set Z).
-exact (fun _ => True).
-Defined.
-
-(* Why3 goal *)
-Lemma mem_integer : forall (x:Z), (set.Set.mem x integer).
-easy.
-Qed.
-
-(* Why3 goal *)
-Definition natural: (set.Set.set Z).
-exact (fun n => n >= 0).
-Defined.
-
-(* Why3 goal *)
-Lemma mem_natural : forall (x:Z), (set.Set.mem x natural) <-> (0%Z <= x)%Z.
-intros x.
-unfold natural, mem ; intuition. 
-Qed.
-
-(* Why3 goal *)
-Definition mk: Z -> Z -> (set.Set.set Z).
-intros a b.
-exact (fun n => a <= n <= b).
-Defined.
-
-(* Why3 goal *)
-Lemma mem_interval : forall (x:Z) (a:Z) (b:Z), (set.Set.mem x (mk a b)) <->
-  ((a <= x)%Z /\ (x <= b)%Z).
-intros x a b.
-unfold mk, mem ; tauto.
-Qed.
-
-(* Why3 goal *)
-Lemma interval_empty : forall (a:Z) (b:Z), (b < a)%Z -> ((mk a
-  b) = (set.Set.empty :(set.Set.set Z))).
-intros a b h1.
-apply predicate_extensionality; intro x.
-unfold empty, mk, mem; intuition.
-Qed.
-
-(* Why3 goal *)
-Lemma interval_add : forall (a:Z) (b:Z), (a <= b)%Z -> ((mk a
-  b) = (set.Set.add b (mk a (b - 1%Z)%Z))).
-intros a b h1.
-apply predicate_extensionality; intro x.
-unfold mk, add, mem; intuition; omega.
-Qed.
-
-
-(* Unused content named mem_interval_1
-intros x a b (h1,h2).
-
-Qed.
- *)
--- a/lib/coq/settheory/InverseDomRan.v
+++ b/lib/coq/settheory/InverseDomRan.v
-(* This file is generated by Why3's Coq-realize driver *)
-(* Beware! Only edit allowed sections below    *)
-Require Import BuiltIn.
-Require BuiltIn.
-Require set.Set.
-Require settheory.Relation.
-
-Import set.Set.
-
-(* Why3 goal *)
-Definition inverse: forall {a:Type} {a_WT:WhyType a}
-  {b:Type} {b_WT:WhyType b}, (set.Set.set (a* b)%type) -> (set.Set.set (b*
-  a)%type).
-intros a a_WT b b_WT s.
-exact (fun p => match p with (x,y) => mem (y,x) s end).
-Defined.
-
-(* Why3 goal *)
-Lemma Inverse_def : forall {a:Type} {a_WT:WhyType a}
-  {b:Type} {b_WT:WhyType b}, forall (r:(set.Set.set (a* b)%type)),
-  forall (x:a) (y:b), (set.Set.mem (y, x) (inverse r)) <-> (set.Set.mem (x,
-  y) r).
-intros a a_WT b b_WT r x y.
-unfold inverse, mem; tauto.
-Qed.
-
-(* Why3 goal *)
-Definition dom: forall {a:Type} {a_WT:WhyType a} {b:Type} {b_WT:WhyType b},
-  (set.Set.set (a* b)%type) -> (set.Set.set a).
-intros a a_WT b b_WT s.
-exact (fun x => exists y, mem (x,y) s).
-Defined.
-
-(* Why3 goal *)
-Lemma dom_def : forall {a:Type} {a_WT:WhyType a} {b:Type} {b_WT:WhyType b},
-  forall (r:(set.Set.set (a* b)%type)), forall (x:a), (set.Set.mem x
-  (dom r)) <-> exists y:b, (set.Set.mem (x, y) r).
-intros a a_WT b b_WT r x.
-unfold dom; intuition.
-Qed.
-
-(* Why3 goal *)
-Definition ran: forall {a:Type} {a_WT:WhyType a} {b:Type} {b_WT:WhyType b},
-  (set.Set.set (a* b)%type) -> (set.Set.set b).
-intros a a_WT b b_WT s.
-exact (fun y => exists x, mem (x,y) s).
-Defined.
-
-(* Why3 goal *)
-Lemma ran_def : forall {a:Type} {a_WT:WhyType a} {b:Type} {b_WT:WhyType b},
-  forall (r:(set.Set.set (a* b)%type)), forall (y:b), (set.Set.mem y
-  (ran r)) <-> exists x:a, (set.Set.mem (x, y) r).
-intros a a_WT b b_WT r y.
-unfold ran; intuition.
-Qed.
-
-(* Why3 goal *)
-Lemma dom_empty : forall {a:Type} {a_WT:WhyType a} {b:Type} {b_WT:WhyType b},
-  ((dom (set.Set.empty :(set.Set.set (a*
-  b)%type))) = (set.Set.empty :(set.Set.set a))).
-intros a a_WT b b_WT.
-apply extensionality; intro x.
-rewrite dom_def.
-split.
-intros (y,h); auto.
-unfold mem, empty; intuition.
-Qed.
-
-(* Why3 goal *)
-Lemma dom_add : forall {a:Type} {a_WT:WhyType a} {b:Type} {b_WT:WhyType b},
-  forall (f:(set.Set.set (a* b)%type)) (x:a) (y:b), ((dom (set.Set.add (x, y)
-  f)) = (set.Set.add x (dom f))).
-intros a a_WT b b_WT f x y.
-apply extensionality.
-intro z.
-rewrite add_def1.
-do 2 rewrite dom_def.
-split.
-intro H; destruct H.
-rewrite add_def1 in H.
-destruct H.
-inversion H; intuition.
-right; exists x0; auto.
-intro H; destruct H.
-subst z.
-exists y; rewrite add_def1; auto.
-destruct H.
-exists x0; rewrite add_def1; auto.
-Qed.
-
-
--- a/lib/coq/settheory/PowerSet.v
+++ b/lib/coq/settheory/PowerSet.v
-(* This file is generated by Why3's Coq-realize driver *)
-(* Beware! Only edit allowed sections below    *)
-Require Import BuiltIn.
-Require BuiltIn.
-Require set.Set.
-
-Import set.Set.
-
-(* Why3 goal *)
-Definition power: forall {a:Type} {a_WT:WhyType a}, (set.Set.set a) ->
-  (set.Set.set (set.Set.set a)).
-intros a a_WT s.
-exact (fun x => subset x s).
-Defined.
-
-(* Why3 goal *)
-Lemma mem_power : forall {a:Type} {a_WT:WhyType a}, forall (x:(set.Set.set
-  a)) (y:(set.Set.set a)), (set.Set.mem x (power y)) <-> (set.Set.subset x
-  y).
-intros a a_WT x y.
-now unfold power, mem.
-Qed.
-
-
--- a/lib/coq/settheory/Relation.v
+++ b/lib/coq/settheory/Relation.v
-(* This file is generated by Why3's Coq-realize driver *)
-(* Beware! Only edit allowed sections below    *)
-Require Import BuiltIn.
-Require BuiltIn.
-Require set.Set.
-
-(* Why3 assumption *)
-Definition rel (a:Type) {a_WT:WhyType a} (b:Type) {b_WT:WhyType b} :=
-  (set.Set.set (a* b)%type).
-
-
--- a/lib/coq/settheory/Sequence.v
+++ b/lib/coq/settheory/Sequence.v
-(* This file is generated by Why3's Coq driver *)
-(* Beware! Only edit allowed sections below    *)
-Require Import BuiltIn.
-Require BuiltIn.
-Require int.Int.
-Require set.Set.
-Require settheory.Interval.
-Require settheory.Relation.
-Require settheory.InverseDomRan.
-Require settheory.Function.
-Require settheory.Identity.
-
-Import set.Set.
-Open Scope Z_scope.
-
-(* Why3 assumption *)
-Definition seq_length {a:Type} {a_WT:WhyType a}(n:Z) (s:(set.Set.set
-  a)): (set.Set.set (set.Set.set (Z* a)%type)) :=
-  (settheory.Function.infix_mnmngt (settheory.Interval.mk 1%Z n) s).
-
-(* Why3 goal *)
-Definition seq: forall {a:Type} {a_WT:WhyType a}, (set.Set.set a) ->
-  (set.Set.set (set.Set.set (Z* a)%type)).
-intros a a_WT s.
-exact (fun f => exists n:Z, 0 <= n /\ mem f (seq_length n s)).
-Defined.
-
-(* Why3 goal *)
-Definition size: forall {a:Type} {a_WT:WhyType a}, (set.Set.set (Z*
-  a)%type) -> Z.
-
-Defined.
-
-(* Why3 goal *)
-Lemma mem_seq : forall {a:Type} {a_WT:WhyType a}, forall (s:(set.Set.set a))
-  (r:(set.Set.set (Z* a)%type)), (set.Set.mem r (seq s)) <->
-  ((0%Z <= (size r))%Z /\ (set.Set.mem r (seq_length (size r) s))).
-intros a a_WT s r.
-
-Qed.
-
-(* Why3 goal *)
-Lemma seq_as_total_function : forall {a:Type} {a_WT:WhyType a},
-  forall (s:(set.Set.set a)) (r:(set.Set.set (Z* a)%type)), (set.Set.mem r
-  (seq s)) -> (set.Set.mem r
-  (settheory.Function.infix_mnmngt (settheory.Interval.mk 1%Z (size r)) s)).
-intros a a_WT s r h1.
-
-Qed.
-
-(* Why3 goal *)
-Lemma size_def : forall {a:Type} {a_WT:WhyType a}, forall (n:Z)
-  (r:(set.Set.set (Z* a)%type)), ((size r) = n) <-> exists s:(set.Set.set a),
-  (set.Set.mem r (seq_length n s)).
-intros a a_WT n r.
-
-Qed.
-
-
-(* Unused content named mem_seq_length
-intros a a_WT n s.
-
-Qed.
- *)
--- a/theories/settheory.why
+++ b/theories/settheory.why
-
-
-(** {1 A library for Set theory}
-
-this library provides a few Why3 theories that formalize the set
-theory as it is defined in the B-book.
-
-Reference: {h <a href="http://hal.inria.fr/hal-00681781/en/">Discharging Proof Obligations from Atelier B using Multiple Automated Provers</a>}
-
-*)
-
-
-(** {2 Interval}
-
-interval of integers, seen as sets
-
-*)
-
-theory Interval
-
-  use export int.Int
-
-  use export set.Set
-
-  function integer : set int
-
-  axiom mem_integer: forall x:int.mem x integer
-
-  function natural : set int
-
-  axiom mem_natural:
-    forall x:int. mem x natural <-> x >= 0
-
-  function mk int int : set int
-
-  axiom mem_interval:
-    forall x a b : int [mem x (mk a b)].
-      mem x (mk a b) <-> a <= x <= b
-
-  lemma interval_empty :
-     forall a b:int. a > b -> mk a b = empty
-
-  lemma interval_add :
-     forall a b:int. a <= b -> (mk a b) = add b (mk a (b-1))
-
-end
-
-
-(** {2 Power set}
-
-the power set of some set S, i.e the set of subsets of S
-
-*)
-
-
-theory PowerSet
-
-  use export set.Set
-
-  function power (set 'a) : set (set 'a)
-
-  axiom mem_power : forall x y:set 'a [mem x (power y)].
-      mem x (power y) <-> subset x y
-
-end
-
-(** {2 Relations}
-
-Relations between two sets
-
-*)
-
-theory Relation
-
-  use export set.Set
-
-  type rel 'a 'b = set ('a , 'b)
-
-end
-
-(** {2 Composition}
-
-Composition of relations
-
-*)
-
-theory Composition
-
-  use import Relation
-
-  function semicolon (rel 'a 'b) (rel 'b 'c) : (rel 'a 'c)
-
-  axiom semicolon_def:
-    forall x:'a, z:'c, p:rel 'a 'b, q:rel 'b 'c.
-    mem (x,z) (semicolon p q) <->
-      exists y:'b. mem (x,y) p /\ mem (y,z) q
-
-end