Require Import Infrastructure.
Require Import Env.
Require Import Rel.
Require Import RelStable.
Require Import Transp.
Require Import SupportFacts.
Require Import EquivarianceFacts.
Require Import RelExtra.
Require Import RelGood.
Require Import SubstEnv.

Inductive prel {A B: Type} : Type :=
| Bottom

| PRel: env (rel A B) → rel A B → prel.

Inductive prel_leq {A B: Type} : @prel A B → @prel A B → Prop :=
| PRelLeqBot: ∀ prel,
    prel_leq Bottom prel
| PRelLeqPointwise: ∀ g1 g2 this1 this2,
    dom g2 [=] dom g1 →
    (∀ x gx1 gx2,
        get x g1 = Some gx1 →
        get x g2 = Some gx2 →
        RelIncl gx1 gx2
    ) →
    RelIncl this1 this2 →
    prel_leq (PRel g1 this1) (PRel g2 this2).

Lemma prel_leq_refl {A B} (pR: @prel A B):
  prel_leq pR pR.
Proof.
  destruct pR as [| g this].
  - apply PRelLeqBot.
  - apply PRelLeqPointwise.
    + reflexivity.
    + intros x gx1 gx2 H1 H2. assert (gx1 = gx2) by congruence.
      subst. reflexivity.
    + reflexivity.
Qed.

Lemma prel_leq_trans {A B} (pR1: @prel A B) (pR2: @prel A B) (pR3: @prel A B):
  prel_leq pR1 pR2 →
  prel_leq pR2 pR3 →
  prel_leq pR1 pR3.
Proof.
  intros H12 H23.
  destruct pR1 as [| g1 this1]; [ solve [apply PRelLeqBot] |].
  destruct pR2 as [| g2 this2]; [ solve [inversion H12] |].
  destruct pR3 as [| g3 this3]; [ solve [inversion H23] |].
  inversion H12; subst.
  inversion H23; subst.
  apply PRelLeqPointwise.
  - transitivity (dom g2); assumption.
  - intros x gx1 gx3 Hx1 Hx3.
    case_eq (get x g2); intros.
    + rename r into gx2. transitivity gx2; eauto.
    + exfalso. apply get_notin_dom in H. apply get_in_dom in Hx3. fsetdec.
  - transitivity this2; assumption.
Qed.

Add Parametric Relation (A B: Type): (@prel A B) (@prel_leq A B)
    reflexivity proved by prel_leq_refl
    transitivity proved by prel_leq_trans
      as prel_leq_Rel.

Inductive prel_equiv {A B: Type} : @prel A B → @prel A B → Prop :=
| PRelEquivBot:
    prel_equiv Bottom Bottom
| PRelEquivPointwise: ∀ g1 g2 this1 this2,
    dom g2 [=] dom g1 →
    (∀ x gx1 gx2,
        get x g1 = Some gx1 →
        get x g2 = Some gx2 →
        RelEquiv gx1 gx2
    ) →
    RelEquiv this1 this2 →
    prel_equiv (PRel g1 this1) (PRel g2 this2).

Lemma prel_equiv_sym {A B} (pR1 pR2: @prel A B):
  prel_equiv pR1 pR2 →
  prel_equiv pR2 pR1.
Proof.
  intro H. destruct H.
  - apply PRelEquivBot.
  - apply PRelEquivPointwise.
    + symmetry. assumption.
    + intros. symmetry. eauto.
    + symmetry. assumption.
Qed.

Lemma prel_equiv_leq1 {A B} (pR1 pR2: @prel A B):
  prel_equiv pR1 pR2 →
  prel_leq pR1 pR2.
Proof.
  intros H. destruct H.
  - apply PRelLeqBot.
  - apply PRelLeqPointwise; eauto.
Qed.
Hint Resolve prel_equiv_leq1: core.

Lemma prel_equiv_leq2 {A B} (pR1 pR2: @prel A B):
  prel_equiv pR1 pR2 →
  prel_leq pR2 pR1.
Proof.
  intro H. apply prel_equiv_sym in H.
  apply prel_equiv_leq1; assumption.
Qed.
Hint Resolve prel_equiv_leq2: core.

Lemma prel_leq_antisym {A B} (pR1 pR2: @prel A B):
  prel_leq pR1 pR2 →
  prel_leq pR2 pR1 →
  prel_equiv pR1 pR2.
Proof.
  intros H12 H21. destruct H12; inversion H21; subst.
  - apply PRelEquivBot.
  - apply PRelEquivPointwise.
    + fsetdec.
    + intros. apply RelIncl_antisym; eauto.
    + apply RelIncl_antisym; assumption.
Qed.

Lemma prel_equiv_refl {A B} (prel: @prel A B):
  prel_equiv prel prel.
Proof.
  apply prel_leq_antisym; reflexivity.
Qed.

Lemma prel_equiv_trans {A B} (pR1: @prel A B) (pR2: @prel A B) (pR3: @prel A B):
  prel_equiv pR1 pR2 →
  prel_equiv pR2 pR3 →
  prel_equiv pR1 pR3.
Proof.
  intros H12 H23.
  apply prel_leq_antisym; transitivity pR2; auto.
Qed.

Add Parametric Relation (A B: Type): (@prel A B) (@prel_equiv A B)
    reflexivity proved by prel_equiv_refl
    symmetry proved by prel_equiv_sym
    transitivity proved by prel_equiv_trans
      as prel_equiv_Rel.

Require Import Setoid.

Add Parametric Morphism A B: (@prel_leq A B)
    with signature prel_equiv ==> prel_equiv ==> iff
      as prel_leq_morphism_equiv.
Proof.
  intros pR1 pR2 H12 pR3 pR4 H34. split; intro H.
  - transitivity pR1; auto. transitivity pR3; auto.
  - transitivity pR2; auto. transitivity pR4; auto.
Qed.

Add Parametric Morphism A B: (@PRel A B)
    with signature env_rel_incl ++> RelIncl ++> prel_leq
      as PRel_morphism_incl.
Proof.
  intros pR1 pR2 H12 pR3 pR4 H34. apply PRelLeqPointwise.
  - apply env_rel_incl_dom in H12. fsetdec.
  - intros x gx1 gx2 Hx1 Hx2. eapply env_rel_incl_get; eauto.
  - assumption.
Qed.

Add Parametric Morphism A B: (@PRel A B)
    with signature env_rel_equiv ==> RelEquiv ++> prel_equiv
      as PRel_morphism_equiv.
Proof.
  intros pR1 pR2 H12 pR3 pR4 H34.
  apply prel_leq_antisym.
  - apply PRel_morphism_incl; auto using env_rel_incl_refl_equiv.
  - symmetry in H12. symmetry in H34.
    apply PRel_morphism_incl; auto using env_rel_incl_refl_equiv.
Qed.

Definition concretize (S: atoms) (pR: prel) : rel (env term) term :=
  match pR with
  | Bottom ⇒ RelBot
  | PRel g this ⇒
    Rel _ _
        (fun e v ⇒
           all_env good_value e
           ∧ good_value v
           ∧ S [<=] dom e
           ∧ S [=] dom g
           ∧ (∀ x vx gx,
                 x `in` S →
                 get x e = Some vx →
                 get x g = Some gx →
                 in_rel gx vx v)
           ∧ (∀ v', good_value v' → in_rel this v' v)
        )
  end.

Definition range {A} (g: env (rel term A)) (this: rel term A) : rel term A :=
  RelInter
    (Rel _ _ (fun v1 v2 ⇒ ∀ x gx, get x g = Some gx → ∃ v0, good_value v0 ∧ in_rel gx v0 v2))
    (Rel _ _ (fun v1 v2 ⇒ ∀ v, good_value v → in_rel this v v2)).

Lemma range_incl {A} (g1 g2: env (rel term A)) (this1 this2: rel term A) :
  dom g2 [<=] dom g1 →
  (∀ (x : atom) (gx1 gx2 : rel term A),
      get x g1 = Some gx1 → get x g2 = Some gx2 → RelIncl gx1 gx2) →
  RelIncl this1 this2 →
  RelIncl (range g1 this1) (range g2 this2).
Proof.
  intros Hdom Hg Hthis.
  intros u v [Hgv Hthisv]. split.
  - intros x gx Hx.
    case_eq (get x g1); intros.
    + assert (RelIncl r gx) by eauto.
      apply Hgv in H. destruct H as [v0 [Hgood H]].
      ∃ v0. split; [assumption|]. apply H0. assumption.
    + exfalso. apply get_in_dom in Hx. apply get_notin_dom in H. fsetdec.
  - intros v0 Hgood. apply Hthis. apply (Hthisv v0). assumption.
Qed.

Lemma range_equiv {A} (g1 g2: env (rel term A)) (this1 this2: rel term A) :
  dom g1 [=] dom g2 →
  (∀ (x : atom) (gx1 gx2 : rel term A),
      get x g1 = Some gx1 → get x g2 = Some gx2 → RelEquiv gx1 gx2) →
  RelEquiv this1 this2 →
  RelEquiv (range g1 this1) (range g2 this2).
Proof.
  intros Hdom Hg Hthis. apply RelIncl_antisym.
  - apply range_incl; eauto. fsetdec.
  - apply range_incl; eauto. fsetdec.
Qed.

Lemma concretize_pointwise_empty_condition_range S g this :
  RelIncl (range g this) RelBot →
  RelIncl (concretize S (PRel g this)) RelBot.
Proof.
  intro Hrange.
  intros e v [Hegood [Hvgood [Hedom [Hgdom [Hg Hthis]]]]]. simpl.
  apply (Hrange Unit v). simpl. split.
  - intros x gx Hx.
    case_eq (get x e); intros.
    + ∃ t. split.
      × eapply all_env_get; eauto.
      × eapply Hg; eauto. apply get_in_dom in Hx. fsetdec.
    + exfalso. apply get_in_dom in Hx. apply get_notin_dom in H. fsetdec.
  - assumption.
Qed.

Lemma concretize_pointwise_empty_condition S g this :
  ((∃ x gx, x `in` S ∧ get x g = Some gx ∧ RelIncl gx RelBot)
   ∨ RelIncl this RelBot) →
  RelIncl (concretize S (PRel g this)) RelBot.
Proof.
  intro H.
  apply concretize_pointwise_empty_condition_range.
  destruct H as [[x [gx [HxS [Hget Hincl]]]] | Hincl ].
  - intros u v [Hg Hthis].
    apply Hg in Hget. destruct Hget as [v0 [Hgood Hv0]].
    apply (Hincl v0 v). assumption.
  - intros u v [Hg Hthis]. simpl.
    apply (Hincl Unit v).
    apply Hthis. auto with good_rel.
Qed.

Lemma build_env_from_good_rels g v :
  uniq g →
  all_env good_vrel g →
  (∀ (x : atom) (gx : rel term term),
      get x g = Some gx → ∃ v0 : term, good_value v0 ∧ in_rel gx v0 v) →
  ∃ e : env term,
    all_env good_value e ∧
    dom g [=] dom e ∧
    (∀ (x : atom) (vx : term) (gx : rel term term),
     get x e = Some vx → get x g = Some gx → in_rel gx vx v).
Proof.
  intros Huniq Hggood Hg.
  env induction g.
  - ∃ nil. split; [| split]; auto.
    + reflexivity.
    + intros. exfalso. simpl in ×. congruence.
  - simpl in Hggood. destruct Hggood as [Hgooda Hggood].
    destruct IHg as [e [Hegood [Hedom H]]]; auto.
    + solve_uniq.
    + intros y gy Hy.
      destruct (x == y); subst.
      × exfalso. apply get_in_dom in Hy. solve_uniq.
      × apply (Hg y gy). simpl. destruct (y == x); congruence.
    + destruct (Hg x a) as [vx [Hgoodx Hx]].
      { simpl. destruct (x == x); congruence. }
      ∃ ((x, vx) :: e). split; [| split].
      × split; auto.
      × simpl. fsetdec.
      × { intros y vy gy Hgete Hgetg.
          simpl in Hgete. simpl in Hgetg.
          destruct (y == x); subst.
          - congruence.
          - eauto.
        }
Qed.

Lemma build_env_in_concretize S g this v :
  S [=] dom g →
  uniq g →
  all_env good_vrel g →
  good_vrel this →
  (∀ (x : atom) (gx : rel term term),
      get x g = Some gx → ∃ v0 : term, good_value v0 ∧ in_rel gx v0 v) →
  (∀ v' : term, good_value v' → in_rel this v' v) →
  ∃ e : env term, in_rel (concretize S (PRel g this)) e v.
Proof.
  intros Hgdom Huniq Hggood Hthisgood Hg Hthis.
  destruct (build_env_from_good_rels g v) as [e [Hegood [Hedom Heg]]]; auto.
  ∃ e. split; [| split; [| split; [| split; [| split]]]]; auto.
  - assert (in_rel this Unit v) by eauto with good_rel. eauto.
  - fsetdec.
  - intros. eauto.
Qed.

Lemma concretize_incl_range_incl S g1 this1 g2 this2:
  S [=] dom g1 →
  uniq g1 →
  all_env good_vrel g1 →
  good_vrel this1 →
  RelIncl (concretize S (PRel g1 this1)) (concretize S (PRel g2 this2)) →
  RelIncl (range g1 this1) (range g2 this2).
Proof.
  intros Hdom1 Huniq1 Hgoodg1 Hgoodthis1 Hincl.
  intros u v [Hg1 Hthis1]. simpl in Hg1, Hthis1.
  destruct (build_env_in_concretize S g1 this1 v) as [e Hev]; auto.
  apply Hincl in Hev. clear Hincl.
  destruct Hev as [Hegood [Hvgood [Hedom [Hg2dom [Hg2 Hthis2]]]]].
  split; simpl; auto.
  intros x gx Hx2.
  assert (∃ vx, get x e = Some vx) as [vx Hxe].
  { case_eq (get x e); intros; eauto.
    exfalso. apply get_in_dom in Hx2. apply get_notin_dom in H. fsetdec.
  }
  ∃ vx. split.
  + eapply all_env_get; eauto.
  + eapply Hg2; eauto. apply get_in_dom in Hx2. fsetdec.
Qed.

Lemma concretize_incl_range_incl_bottom S g this :
  S [=] dom g →
  uniq g →
  all_env good_vrel g →
  good_vrel this →
  RelIncl (concretize S (PRel g this)) RelBot →
  RelIncl (range g this) RelBot.
Proof.
  intros Hgdom Huniq Hggood Hthisgood H.
  rewrite (concretize_incl_range_incl S g this nil RelBot); auto.
  - intros v1 v2 [Hnil Hbot]. simpl in ×.
    apply (Hbot Unit); auto with good_rel.
  - rewrite H. apply RelBot_bot.
Qed.

Lemma concretize_update S g this e x gx vx v:
  all_env good_vrel g →
  get x g = Some gx →
  in_rel gx vx v →
  in_rel (concretize S (PRel g this)) e v →
  in_rel (concretize S (PRel g this)) ((x, vx) :: e) v.
Proof.
  intros Hggood Hxget Hrx Hev.
  destruct Hev as [Hegood [Hvgood [Hdome [Hdomg [Hg Hthis]]]]].
  split; [ split | split; [| split; [| split; [| split]]]]; simpl; auto.
  - assert (good_vrel gx) by (eapply all_env_get; eauto). eauto.
  - fsetdec.
  - intros y vy gy HyS Hygete Hygetg.
    destruct (y == x); subst; eauto. congruence.
Qed.

Lemma concretize_monotonic S pR1 pR2:
  prel_leq pR1 pR2 →
  RelIncl (concretize S pR1) (concretize S pR2).
Proof.
  intros Hleq e v Hev.
  destruct Hleq.
  - destruct Hev.
  - destruct Hev as [Hegood [Hvgood [Hdome [Hdomg [Hg Hthis]]]]].
    split; [| split; [| split; [| split; [| split ] ] ] ].
    + assumption.
    + assumption.
    + assumption.
    + fsetdec.
    + intros x vx gx2 Hx Hget Hget2.
      case_eq (get x g1); intros.
      × eapply H0; eauto.
      × exfalso. apply get_in_dom in Hget2. apply get_notin_dom in H2. fsetdec.
    + intros v' Hvgood'. apply H1; auto.
Qed.


Add Parametric Morphism: concretize
    with signature AtomSetImpl.Equal ==> prel_equiv ==> RelEquiv
      as concretize_morphism_equiv.
Proof.
  intros S1 S2 HS pR1 pR2 HPr.
  inversion HPr; subst; simpl.
  - reflexivity.
  - intros e v. simpl.
    apply iff_split; [ reflexivity |].
    apply iff_split; [ reflexivity |].
    apply iff_split; [ rewrite HS; reflexivity |].
    apply iff_split; [ rewrite HS; rewrite H; reflexivity |].
    apply iff_split.
    + split; intros Hg x vx gx HxS Hxe Hxg.
      × { case_eq (get x g1); intros.
          - rewrite <- (H0 x r gx); auto.
            apply (Hg x); auto.
            fsetdec.
          - exfalso. apply get_in_dom in Hxg. apply get_notin_dom in H2. fsetdec.
        }
      × { case_eq (get x g2); intros.
          - rewrite (H0 x gx r); auto.
            apply (Hg x); auto.
            fsetdec.
          - exfalso. apply get_in_dom in Hxg. apply get_notin_dom in H2. fsetdec.
        }
    + split; intros Hthis v' Hgoodv'.
      × rewrite <- H1. eauto.
      × rewrite H1. eauto.
Qed.

Lemma concretize_stable S pR: stable_rel (concretize S pR).
Proof.
  intros e v Hev. destruct pR as [| g this]; [ solve [destruct Hev] |].
  destruct Hev as [Hegood [Hvgood [Hdome [Hdomg [Hg Hthis]]]]].
  intros e' Hgood Hleq. split; [| split; [| split; [| split; [| split ] ] ] ].
  - assumption.
  - assumption.
  - rewrite Hdome. apply leq_env_dom. assumption.
  - fsetdec.
  - intros x vx gx Hx Hgete' Hgetg.
    case_eq (get x e); intros.
    + assert (vx = t).
      { apply Hleq in H. congruence. }
      subst t. eauto.
    + exfalso. apply get_notin_dom in H. fsetdec.
  - intros v' Hvgood'. apply Hthis. assumption.
Qed.
Hint Resolve concretize_stable: stable_rel.

Lemma concretize_good S pR :
  good_rel (concretize S pR).
Proof.
  destruct pR as [| g this ]; auto with good_rel.
  intros e v [Hegood [Hvgood H]].
  split; assumption.
Qed.
Hint Resolve concretize_good: good_rel.

Lemma concretize_dom_rel S pR :
  dom_rel S (concretize S pR).
Proof.
  intros e v Hev.
  destruct pR as [| g this]; simpl in Hev; tauto.
Qed.
Hint Resolve concretize_dom_rel: dom_rel.

Definition concretize_env (E: env (@prel term term)) : env (rel (env term) term) :=
  map_env_dom (fun _ pR S ⇒ concretize S pR) E.

Lemma concretize_env_spec E1 x pR E2 R:
  x `notin` dom E2 →
  get x (concretize_env (E2 ++ [(x, pR)] ++ E1)) = Some R →
  RelEquiv R (concretize (dom E1) pR).
Proof.
  intros Hx Hget.
  apply map_env_dom_spec with (equal := RelEquiv) in Hget; auto.
  intros y a S1 S2 HS. rewrite HS. reflexivity.
Qed.

Lemma concretize_env_dom E:
  dom (concretize_env E) [=] dom E.
Proof.
  apply map_env_dom_dom.
Qed.

Lemma concretize_env_uniq E:
  uniq E ↔ uniq (concretize_env E).
Proof.
  apply map_env_dom_uniq.
Qed.

Definition transp_prel x y pR :=
  match pR with
  | Bottom ⇒ Bottom
  | PRel g this ⇒
    PRel
      (transp_env_vrel x y g)
      (transp_vrel x y this)
  end.

Lemma transp_prel_refl x pR:
  prel_equiv (transp_prel x x pR) pR.
Proof.
  destruct pR as [| g this]; simpl.
  - reflexivity.
  - rewrite transp_env_vrel_refl. rewrite transp_vrel_refl. reflexivity.
Qed.

Lemma transp_prel_sym x y pR:
  prel_equiv (transp_prel x y pR) (transp_prel y x pR).
Proof.
  destruct pR as [| g this]; simpl.
  - reflexivity.
  - rewrite transp_env_vrel_swap. rewrite transp_vrel_swap. reflexivity.
Qed.

Lemma transp_prel_involution x y pR:
  prel_equiv (transp_prel x y (transp_prel x y pR)) pR.
Proof.
  destruct pR as [| g this]; simpl.
  - reflexivity.
  - rewrite transp_env_vrel_involution. rewrite transp_vrel_involution. reflexivity.
Qed.

Definition supported_prel S pR : Prop :=
  match pR with
  | Bottom ⇒ True
  | PRel g this ⇒
    supported_env_vrel S g
    ∧ supported_vrel S this
  end.

Lemma supported_prel_subset S1 S2 pR :
  S1 [<=] S2 →
  supported_prel S1 pR →
  supported_prel S2 pR.
Proof.
  intros Hincl H. destruct pR as [| g this ]; simpl in ×.
  - trivial.
  - destruct H as [Hg Hthis].
    split.
    + eauto using supported_env_vrel_subset.
    + eauto using supported_vrel_subset.
Qed.

Lemma transp_prel_fresh_eq S x y pR :
  supported_prel S pR →
  x `notin` S →
  y `notin` S →
  prel_equiv (transp_prel x y pR) pR.
Proof.
  intros Hsupp Hx Hy. destruct pR as [| g this]; simpl in ×.
  - reflexivity.
  - destruct Hsupp as [Hsupp1 Hsupp2].
    rewrite (transp_env_vrel_fresh_eq S x y); auto.
    rewrite (transp_vrel_fresh_eq S x y); auto.
    reflexivity.
Qed.

Lemma transp_prel_trans S x y z pR :
  supported_prel S pR →
  x `notin` S →
  y `notin` S →
  prel_equiv (transp_prel x y (transp_prel y z pR)) (transp_prel x z pR).
Proof.
  intros Hsupp Hx Hy. destruct pR as [| g this]; simpl in ×.
  - reflexivity.
  - destruct Hsupp as [Hsupp1 Hsupp2].
    rewrite (transp_env_vrel_trans S x y z); auto.
    rewrite (transp_vrel_trans S x y z); auto.
    reflexivity.
Qed.

Lemma concretize_supported S pR:
  supported_prel S pR →
  supported_rel S (concretize S pR).
Proof.
  intro H. destruct pR as [| g this ]; simpl in *; auto with supported_rel.
  destruct H as [Hg Hthis].
  intros x y Hx Hy e v. simpl.
  apply iff_split; [| apply iff_split; [| apply iff_split; [| apply iff_split; [| apply iff_split ] ] ] ].
  - rewrite all_env_term_equivariant; auto using good_value_equivariant.
    reflexivity.
  - apply good_value_equivariant.
  - rewrite (atoms_incl_equivariant x y).
    rewrite (transp_atoms_fresh_eq x y S); auto.
    rewrite dom_equivariant_term.
    rewrite transp_env_term_involution.
    reflexivity.
  - reflexivity.
  - split; intros H z vz gz HzS Hzeget Hzgget.
    + apply (in_vrel_equivariant x y).
      assert (supported_vrel S gz) as Hsupp by (eapply supported_env_vrel_get; eauto).
      rewrite (Hsupp x y); auto.
      apply (H (transp_atom x y z)); auto.
      × apply (in_equivariant x y).
        rewrite transp_atom_involution.
        rewrite transp_atoms_fresh_eq; auto.
      × rewrite <- get_transp_env_term_equivariant.
        rewrite Hzeget. reflexivity.
      × rewrite transp_atom_other; [ auto | fsetdec | fsetdec ].
    + apply (in_vrel_equivariant x y).
      assert (supported_vrel S gz) as Hsupp by (eapply supported_env_vrel_get; eauto).
      rewrite (Hsupp x y); auto.
      rewrite transp_term_involution.
      apply (H z); auto.
      apply (get_transp_env_term_Some_equivariant x y).
      rewrite (transp_atom_other x y z); [ | fsetdec | fsetdec ].
      rewrite transp_term_involution.
      assumption.
  - split; intros H v' Hgood.
    + apply (in_vrel_equivariant x y).
      rewrite (Hthis x y); auto.
      assert (fv v' [<=] empty) as Hfv by auto.
      rewrite (transp_term_fresh_eq x y v'); [| fsetdec | fsetdec ].
      apply H; assumption.
    + apply (in_vrel_equivariant x y).
      rewrite (Hthis x y); auto.
      assert (fv v' [<=] empty) as Hfv by auto.
      rewrite (transp_term_fresh_eq x y v'); [| fsetdec | fsetdec ].
      rewrite transp_term_involution.
      apply H; assumption.
Qed.

Definition good_prel S pR : Prop :=
  match pR with
  | Bottom ⇒ True
  | PRel g this ⇒
    S [=] dom g ∧
    uniq g ∧
    all_env good_vrel g ∧
    good_vrel this
  end.

Add Parametric Morphism: good_prel
    with signature AtomSetImpl.Equal ==> eq ==> iff
      as good_prel_morphism_equiv.
Proof.
  intros S1 S2 HS pR. destruct pR; simpl in ×.
  - tauto.
  - rewrite HS. tauto.
Qed.

Definition good_prel0 pR : Prop :=
  match pR with
  | Bottom ⇒ True
  | PRel g this ⇒
    uniq g ∧
    all_env good_vrel g ∧
    good_vrel this
  end.

Definition wf_prel_env (E: env (@prel term term)) : Prop :=
  forall_env_dom (fun _ pR S ⇒ good_prel S pR) E.

Lemma wf_prel_env_spec E1 x pR E2:
  x `notin` dom E2 →
  wf_prel_env (E2 ++ [(x, pR)] ++ E1) →
  good_prel (dom E1) pR.
Proof.
  intros Hx Hwf.
  apply forall_env_dom_spec in Hwf; auto.
  intros y a S1 S2 HS HS1. rewrite <- HS. assumption.
Qed.

Lemma wf_prel_env_cons x pR E:
  wf_prel_env ((x, pR) :: E) ↔
  (good_prel (dom E) pR ∧ wf_prel_env E).
Proof.
  unfold wf_prel_env.
  rewrite forall_env_dom_cons.
  - reflexivity.
  - intros y a S1 S2 HS HS1. rewrite <- HS. assumption.
Qed.

Lemma wf_prel_env_good0 E:
  uniq E →
  wf_prel_env E →
  all_env good_prel0 E.
Proof.
  intros Huniq Hwf.
  env induction E.
  - trivial.
  - simpl in ×. rewrite wf_prel_env_cons in Hwf. destruct Hwf as [Hgood Hwf].
    split.
    + destruct a; simpl in *; tauto.
    + apply IHE; auto. solve_uniq.
Qed.
Hint Resolve wf_prel_env_good0: core.

Inductive abstract (S: atoms) (R: rel (env term) term): (@prel term term) → Prop :=
| AbstractEmpty:
    RelIncl R RelBot →
    abstract S R Bottom
| AbstractOther g this:
    ¬ RelIncl R RelBot →
    dom g [=] S →
    (∀ x Rx,
        get x g = Some Rx →
        RelEquiv Rx (Rel _ _ (fun v1 v2 ⇒ ∃ e, S [<=] dom e ∧
                                             get x e = Some v1 ∧
                                             in_rel R e v2))
    ) →
    RelEquiv this (Rel _ _ (fun v1 v2 ⇒ good_value v1 ∧
                                      ∃ e, S [<=] dom e ∧
                                           in_rel R e v2)) →
    abstract S R (PRel g this).

Add Parametric Morphism: abstract
    with signature AtomSetImpl.Equal ==> RelEquiv ==> prel_equiv ==> iff
      as abstract_morphism_equiv.
Proof.
  intros S1 S2 HS R1 R2 HR pR1 pR2 HpR.
  split; intro H; destruct H; inversion HpR; subst.
  - apply AbstractEmpty. rewrite <- HR. assumption.
  - constructor.
    + rewrite <- HR. assumption.
    + fsetdec.
    + intros x Rx Hx.
      case_eq (get x g); intros.
      × transitivity r; [ solve [symmetry; eapply H6; eauto] |].
        rewrite (H1 x r); auto.
        { intros v1 v2. split; intros [e [Hedom [Hget H12]]]; simpl in ×.
          - ∃ e. split; [ fsetdec | split; [ assumption |]]. rewrite <- HR. assumption.
          - ∃ e. split; [ fsetdec | split; [ assumption |]]. rewrite HR. assumption.
        }
      × exfalso. apply get_in_dom in Hx. apply get_notin_dom in H3. fsetdec.
    + rewrite <- H8. rewrite H2.
      intros v1 v2; split; intros [Hgood [e [Hedom H12]]]; simpl in ×.
      × split; [assumption |]. ∃ e. split; [fsetdec|]. rewrite <- HR. assumption.
      × split; [assumption |]. ∃ e. split; [fsetdec|]. rewrite HR. assumption.
  - apply AbstractEmpty. rewrite HR. assumption.
  - constructor.
    + rewrite HR. assumption.
    + fsetdec.
    + intros x Rx Hx.
      case_eq (get x g); intros.
      × transitivity r; [ solve [eapply H7; eauto] |].
        rewrite (H1 x r); auto.
        { intros v1 v2. split; intros [e [Hedom [Hget H12]]]; simpl in ×.
          - ∃ e. split; [ fsetdec | split; [ assumption |] ]. rewrite HR. assumption.
          - ∃ e. split; [ fsetdec | split; [ assumption |] ]. rewrite <- HR. assumption.
        }
      × exfalso. apply get_in_dom in Hx. apply get_notin_dom in H3. fsetdec.
    + rewrite H8. rewrite H2.
      intros v1 v2; split; intros [Hgood [e [Hegood H12]]]; simpl in ×.
      × split; [ assumption |]. ∃ e. split; [fsetdec|]. rewrite HR. assumption.
      × split; [ assumption |]. ∃ e. split; [fsetdec|]. rewrite <- HR. assumption.
Qed.

Lemma abstract_monotonic S R1 R2 pR1 pR2:
  abstract S R1 pR1 →
  abstract S R2 pR2 →
  RelIncl R1 R2 →
  prel_leq pR1 pR2.
Proof.
  intros Habs1 Habs2 Hincl.
  destruct pR1 as [| g1 this1]; inversion Habs1; subst;
    [| destruct pR2 as [| g2 this2]; inversion Habs2; subst ].
  - constructor.
  - exfalso. apply H1. clear H1. transitivity R2; assumption.
  - constructor.
    + fsetdec.
    + intros x gx1 gx2 Hget1 Hget2.
      rewrite (H3 x gx1); auto. erewrite (H7 x gx2); eauto.
      intros v1 v2 [e [Hedom [Hget HR1]]]. ∃ e. split; [fsetdec | split; [ assumption|]].
      apply Hincl. assumption.
    + rewrite H4. rewrite H8.
      intros v1 v2 [Hgood [e [Hedom HR1]]]. split; [ assumption|].
      ∃ e. split; [fsetdec|]. apply Hincl. assumption.
Qed.

Lemma abstract_functional S R pR1 pR2:
  abstract S R pR1 →
  abstract S R pR2 →
  prel_equiv pR1 pR2.
Proof.
  intros H1 H2.
  destruct H1; destruct H2; try contradiction.
  - constructor.
  - constructor.
    + fsetdec.
    + intros x gx1 gx2 Hget1 Hget2.
      erewrite H1; eauto. erewrite <- H5; eauto. reflexivity.
    + rewrite H3. rewrite <- H6. reflexivity.
Qed.

Require Import Classical.

Lemma abstract_inhabited S R:
  ∃ pR, abstract S R pR.
Proof.
  destruct (classic (RelIncl R RelBot)) as [Hincl | Hnotincl].
  - ∃ Bottom. constructor. assumption.
  - ∃ (PRel
         (env_of_atoms
            (fun x ⇒ Rel _ _ (fun v1 v2 ⇒ ∃ e, S [<=] dom e ∧
                                           get x e = Some v1 ∧
                                           in_rel R e v2))
            S
         )
         (Rel _ _ (fun v1 v2 ⇒ good_value v1 ∧ ∃ e, S [<=] dom e ∧ in_rel R e v2))
      ).
    constructor; auto.
    + apply env_of_atoms_dom.
    + intros x Rx Hget.
      apply env_of_atoms_get_inv in Hget. subst. reflexivity.
    + reflexivity.
Qed.

Lemma adjunction S R pR absR:
  abstract S R absR →
  (good_rel R ∧ dom_rel S R ∧ prel_leq absR pR)
  ↔ RelIncl R (concretize S pR).
Proof.
  intros Habs. split.
  - intros [HRgood [HRdom Hleq]].
    destruct pR as [| g this]; simpl; inversion Hleq; subst; inversion Habs; subst.
    + assumption.
    + rewrite H. apply RelBot_bot.
    + intros e v Hev. simpl. split; [| split; [| split; [| split; [| split ]]]].
      × eauto.
      × eauto.
      × eauto.
      × fsetdec.
      × { intros x vx gx HxS Hxe Hxg.
          case_eq (get x g1); intros.
          - apply (H3 x r gx); auto. rewrite (H6 x r); auto. simpl.
            ∃ e. split; [| split]; eauto.
          - exfalso. apply get_in_dom in Hxg. apply get_notin_dom in H. fsetdec.
        }
      × intros v' Hgood. apply H4. rewrite H7. simpl.
        split; [assumption|].
        ∃ e; split; eauto.
  - intro Hincl. split; [| split ].
    + rewrite Hincl. apply concretize_good.
    + rewrite Hincl. apply concretize_dom_rel.
    + destruct pR as [| g this]; simpl in *; inversion Habs; subst.
      × constructor.
      × contradiction.
      × constructor.
      × { constructor.
          - assert (∃ e v, in_rel R e v) as [e [v Hev]].
            { destruct (classic (∃ e v, in_rel R e v)) as [? | Hnot]; [ assumption |].
              exfalso. apply H. intros e v Hev. simpl. apply Hnot. eauto. }
            apply Hincl in Hev. simpl in Hev.
            destruct Hev as [Hegood [Hvgood [Hdome [Hdomg [Hg Hthig]]]]].
            fsetdec.
          - intros x gx0 gx Hx0 Hx. rewrite (H1 x gx0); auto.
            intros v1 v2 [e [Hedom [Hget Hev]]].
            apply Hincl in Hev. simpl in Hev.
            destruct Hev as [Hegood [Hvgood [HSe [HSg [Hg Hthis]]]]].
            apply (Hg x v1 gx); auto. apply get_in_dom in Hx0. fsetdec.
          - rewrite H2. intros v1 v2 [Hgood [e [Hegood Hev]]].
            apply Hincl in Hev.
            destruct Hev as [Hegood' [Hvgood [HSe [HSg [Hg Hthis]]]]].
            apply Hthis; assumption.
        }
Qed.

Inductive smash {A}: @prel term A → @prel term A → Prop :=
| SmashBottom: smash Bottom Bottom
| SmashPRelEmpty: ∀ g this,
    RelIncl (range g this) RelBot →
    smash (PRel g this) Bottom
| SmashPRelOther: ∀ g this pR,
    ¬ RelIncl (range g this) RelBot →
    prel_equiv pR
               (PRel (map (RelInter (range g this)) g)
                     (RelInter (range g this) this)) →
    smash (PRel g this) pR
.

Lemma smash_functional {A} (pR pR1 pR2: @prel term A) :
  smash pR pR1 →
  smash pR pR2 →
  prel_equiv pR1 pR2.
Proof.
  intros H1 H2.
  destruct H1; inversion H2; subst; try solve [firstorder | reflexivity].
  rewrite H0. rewrite H6. reflexivity.
Qed.

Lemma smash_inhabited {A} (pR: @prel term A):
  ∃ pR', smash pR pR'.
Proof.
  destruct pR as [| g this ].
  - ∃ Bottom. constructor.
  - destruct (classic (RelIncl (range g this) RelBot)).
    + ∃ Bottom. eapply SmashPRelEmpty; eauto.
    + ∃ (PRel (map (RelInter (range g this)) g) (RelInter (range g this) this)).
      apply SmashPRelOther; auto. reflexivity.
Qed.

Lemma smash_monotonic {A} (pR1 pR2 pR3 pR4: @prel term A):
  smash pR1 pR2 →
  smash pR3 pR4 →
  prel_leq pR1 pR3 →
  prel_leq pR2 pR4.
Proof.
  intros H12 H34 Hleq.
  destruct Hleq.
  - inversion H12; subst. constructor.
  - inversion H12; subst.
    + constructor.
    + inversion H34; subst.
      × exfalso.
        apply H4. rewrite <- H7.
        apply range_incl; auto. fsetdec.
      × { rewrite H6. rewrite H8. constructor; auto.
          - repeat rewrite dom_map. fsetdec.
          - intros x gx1 gx2 Hx1 Hx2.
            rewrite get_map in Hx1.
            case_eq (get x g1); intros; rewrite H2 in Hx1; inversion Hx1; subst; clear Hx1.
            rewrite get_map in Hx2.
            case_eq (get x g2); intros; rewrite H3 in Hx2; inversion Hx2; subst; clear Hx2.
            rewrite (H0 x r r0); auto.
            rewrite (range_incl g1 g2 this1 this2); auto.
            + reflexivity.
            + fsetdec.
          - rewrite (range_incl g1 g2 this1 this2); auto.
            + rewrite H1. reflexivity.
            + fsetdec.
        }
Qed.

Add Parametric Morphism A: (@smash A)
    with signature prel_equiv ==> prel_equiv ==> iff
      as smash_morphism_equiv.
Proof.
  assert (∀ (pR1 pR2 pR3 pR4: @prel term A),
             prel_equiv pR1 pR2 →
             prel_equiv pR3 pR4 →
             smash pR1 pR3 →
             smash pR2 pR4).
  { intros pR1 pR2 pR3 pR4 H12 H34 H.
    destruct H12; destruct H34; auto.
    - inversion H.
    - inversion H; subst.
      + constructor. rewrite <- H4.
        apply range_incl; eauto. fsetdec.
      + inversion H7.
    - inversion H; subst.
      constructor.
      + intro Hincl. apply H8. clear H8. rewrite <- Hincl. clear Hincl.
        apply range_incl; eauto. fsetdec.
      + inversion H10; subst. constructor.
        × repeat rewrite dom_map in ×. fsetdec.
        × repeat rewrite dom_map in ×.
          intros x gx3 gx2 Hx3 Hx2.
          assert (∃ gx0, get x g0 = Some gx0) as [gx0 Hx0].
          { case_eq (get x g0); intros; eauto.
            exfalso. apply get_in_dom in Hx3. apply get_notin_dom in H6. fsetdec.
          }
          assert (∃ gx1, get x g1 = Some gx1) as [gx1 Hx1].
          { case_eq (get x g1); intros; eauto.
            exfalso. apply get_in_dom in Hx0. apply get_notin_dom in H6. fsetdec.
          }
          assert (get x (map (RelInter (range g1 this1)) g1) = Some (RelInter (range g1 this1) gx1)) as Hgx1'.
          { rewrite get_map. rewrite Hx1. reflexivity. }
          assert (∃ gx20, get x g2 = Some gx20) as [gx20 Hx20].
          { case_eq (get x g2); intros; eauto.
            exfalso. rewrite get_map in Hx2. rewrite H6 in Hx2. discriminate.
          }
          assert (gx2 = RelInter (range g2 this2) gx20); subst.
          { rewrite get_map in Hx2. rewrite Hx20 in Hx2. congruence. }
          rewrite <- (H4 x gx0 gx3); auto. clear H4.
          rewrite (H13 x gx0 (RelInter (range g1 this1) gx1)); auto. clear H13.
          rewrite (H1 x gx1 gx20); auto.
          rewrite (range_equiv g1 g2 this1 this2); auto; try fsetdec.
          reflexivity.
        × rewrite <- H5. rewrite H14.
          rewrite (range_equiv g1 g2 this1 this2); auto; try fsetdec.
          rewrite H2. reflexivity.
  }
  intros pR1 pR2 H12 pR3 pR4 H34.
  split; intro H'.
  - eauto.
  - symmetry in H12. symmetry in H34. eauto.
Qed.

Lemma smash_leq {A} (pR1 pR2: @prel term A) :
  smash pR1 pR2 →
  prel_leq pR2 pR1.
Proof.
  intro H; destruct H.
  - reflexivity.
  - constructor.
  - rewrite H0. constructor.
    + rewrite dom_map. reflexivity.
    + intros x gx1 gx2 Hx1 Hx2.
      rewrite get_map in Hx1.
      rewrite Hx2 in Hx1. inversion Hx1; subst. clear Hx1.
      apply RelInter_lb2.
    + apply RelInter_lb2.
Qed.

Lemma smash_smash_leq {A} (pR1 pR2 pR3: @prel term A) :
  smash pR1 pR2 →
  smash pR2 pR3 →
  prel_leq pR2 pR3.
Proof.
  intros H12 H23.
  destruct pR1 as [| g1 this1 ]; inversion H12; subst.
  - constructor.
  - constructor.
  - rewrite H3 in H23. rewrite H3. clear H12 H3.
    inversion H23; subst.
    + exfalso. apply H1. clear H1. intros v1 v2 [Hg Hthis]. simpl in Hg, Hthis. simpl.
      apply (H3 v1 v2). clear H3. split; simpl.
      × intros x gx Hx. rewrite get_map in Hx.
        case_eq (get x g1); intros; rewrite H in Hx; inversion Hx; subst; clear Hx.
        destruct (Hg x r H) as [v [Hgoodv Hr]].
        ∃ v. split; [ assumption | split; [| assumption ] ].
        split; simpl; assumption.
      × intros v Hgoodv. split; auto.
    + rewrite H4. clear H4 H23. constructor.
      × repeat rewrite dom_map. reflexivity.
      × intros x gx1 gx2 Hgx1 Hgx2.
        rewrite get_map in Hgx1.
        case_eq (get x g1); intros; rewrite H in Hgx1; inversion Hgx1; subst; clear Hgx1.
        repeat rewrite get_map in Hgx2.
        rewrite H in Hgx2. inversion Hgx2; subst; clear Hgx2.
        intros v1 v2 [[Hg Hthis] Hr]. simpl in Hg, Hthis, Hr.
        split; split; [ | | split | ]; simpl; auto.
        intros y gy Hy. rewrite get_map in Hy.
        case_eq (get y g1); intros; rewrite H0 in Hy; inversion Hy; subst; clear Hy.
        destruct (Hg y r0 H0) as [v [Hgoodv Hr0]].
        ∃ v. split; [| split; [ split |]]; auto.
      × intros v1 v2 [[Hg Hthis] Hthis']. simpl in Hg, Hthis, Hthis'.
        split; [ split | split; [ split |] ]; simpl; auto.
        intros x gx Hx.
        rewrite get_map in Hx.
        case_eq (get x g1); intros; rewrite H in Hx; inversion Hx; subst; clear Hx.
        destruct (Hg x r H) as [v [Hgoodv Hr]].
        ∃ v. split; [| split; [ split |]]; simpl; auto.
Qed.