use IsSubset instead of Contains

alex-chew · alex-chew · commit bd6f8029f017 · 2023-04-19T14:12:24.000-07:00
diff --git a/src/Collections/Maps/Maps.dfy b/src/Collections/Maps/Maps.dfy
@@ -68,7 +68,7 @@ module {:options "-functionSyntax:4"} Maps {
   ghost predicate IsSubset<X, Y>(m: map<X, Y>, m': map<X, Y>)
   {
     && m.Keys <= m'.Keys
-    && forall x {:trigger EqualOnKey(m, m', x)}{:trigger x in m} :: x in m ==> EqualOnKey(m, m', x)
+    && forall x <- m :: m[x] == m'[x]
   }
 
   /* Union of two maps. Does not require disjoint domains; on the intersection,
@@ -97,18 +97,11 @@ module {:options "-functionSyntax:4"} Maps {
     forall x, x' {:trigger m[x], m[x']} :: x != x' && x in m && x' in m ==> m[x] != m[x']
   }
 
-  ghost predicate {:opaque} Contains<X, Y>(big: map<X, Y>, small: map<X, Y>)
-  {
-    && small.Keys <= big.Keys
-    && forall x <- small :: small[x] == big[x]
-  }
-
-  lemma LemmaContainsPreservesInjectivity<X, Y>(big: map<X, Y>, small: map<X, Y>)
-    requires Contains(big, small)
+  lemma LemmaSubsetIsInjective<X, Y>(small: map<X, Y>, big: map<X, Y>)
+    requires IsSubset(small, big)
     requires Injective(big)
     ensures Injective(small)
   {
-    reveal Contains();
     reveal Injective();
   }
 
@@ -117,15 +110,15 @@ module {:options "-functionSyntax:4"} Maps {
     ensures |m.Keys| == |m.Values|
   {
     if |m| > 0 {
+      reveal Injective();
+
       var x: X :| x in m;
       var y := m[x];
       var m' := Remove(m, x);
-      reveal Contains();
-      assert Contains(m, m');
+      assert IsSubset(m', m);
 
-      reveal Injective();
       assert m'.Values == m.Values - {y};
-      LemmaContainsPreservesInjectivity(m, m');
+      LemmaSubsetIsInjective(m', m);
       LemmaInjectiveImpliesUniqueValues(m');
     }
   }

Original file line number	Diff line number	Diff line change
`@@ -68,7 +68,7 @@ module {:options "-functionSyntax:4"} Maps {`
`68`	`68`	`ghost predicate IsSubset<X, Y>(m: map<X, Y>, m': map<X, Y>)`
`69`	`69`	`{`
`70`	`70`	`&& m.Keys <= m'.Keys`
`71`		`- && forall x {:trigger EqualOnKey(m, m', x)}{:trigger x in m} :: x in m ==> EqualOnKey(m, m', x)`
	`71`	`+ && forall x <- m :: m[x] == m'[x]`
`72`	`72`	`}`
`73`	`73`
`74`	`74`	`/* Union of two maps. Does not require disjoint domains; on the intersection,`
`@@ -97,18 +97,11 @@ module {:options "-functionSyntax:4"} Maps {`
`97`	`97`	`forall x, x' {:trigger m[x], m[x']} :: x != x' && x in m && x' in m ==> m[x] != m[x']`
`98`	`98`	`}`
`99`	`99`
`100`		`- ghost predicate {:opaque} Contains<X, Y>(big: map<X, Y>, small: map<X, Y>)`
`101`		`- {`
`102`		`- && small.Keys <= big.Keys`
`103`		`- && forall x <- small :: small[x] == big[x]`
`104`		`- }`
`105`		`-`
`106`		`- lemma LemmaContainsPreservesInjectivity<X, Y>(big: map<X, Y>, small: map<X, Y>)`
`107`		`- requires Contains(big, small)`
	`100`	`+ lemma LemmaSubsetIsInjective<X, Y>(small: map<X, Y>, big: map<X, Y>)`
	`101`	`+ requires IsSubset(small, big)`
`108`	`102`	`requires Injective(big)`
`109`	`103`	`ensures Injective(small)`
`110`	`104`	`{`
`111`		`- reveal Contains();`
`112`	`105`	`reveal Injective();`
`113`	`106`	`}`
`114`	`107`
`@@ -117,15 +110,15 @@ module {:options "-functionSyntax:4"} Maps {`
`117`	`110`	`ensures \|m.Keys\| == \|m.Values\|`
`118`	`111`	`{`
`119`	`112`	`if \|m\| > 0 {`
	`113`	`+ reveal Injective();`
	`114`	`+`
`120`	`115`	`var x: X :\| x in m;`
`121`	`116`	`var y := m[x];`
`122`	`117`	`var m' := Remove(m, x);`
`123`		`- reveal Contains();`
`124`		`- assert Contains(m, m');`
	`118`	`+ assert IsSubset(m', m);`
`125`	`119`
`126`		`- reveal Injective();`
`127`	`120`	`assert m'.Values == m.Values - {y};`
`128`		`- LemmaContainsPreservesInjectivity(m, m');`
	`121`	`+ LemmaSubsetIsInjective(m', m);`
`129`	`122`	`LemmaInjectiveImpliesUniqueValues(m');`
`130`	`123`	`}`
`131`	`124`	`}`