--> ****************************************************************
-->  Proof scores for verifications of properties
-->      eq rev1(rev1(L:List) = L .
-->      eq rev2(L1:List,L2:List) = rev1(L1) @ L2 .
--> ****************************************************************

--> -----------------------------------------------------------------
--> parametrized lists (i.e. generic lists)
--> -----------------------------------------------------------------
mod! LIST (X :: TRIV) {
[List]
op nil : -> List {constr} .
op _|_ : Elt.X List -> List {constr} .
}

--> -----------------------------------------------------------------
--> lists with append operation _@_ 
--> -----------------------------------------------------------------
mod! LIST@(X :: TRIV) {
pr(LIST(X))
-- append operation over List
op _@_ : List List -> List .
eq [@1]: nil @ L2:List = L2 .                   
eq [@2]: (E:Elt | L1:List) @ L2:List = E | (L1 @ L2) .   
}

--> ================================================================
--> Proof score for proving that nil is right-identity of _@_ (@ri)
-->   'eq[@ri]: L:List @ nil = L .'
--> with the induction on the L:List
--> ----------------------------------------------------------------
-- proof with SpecCalc/CITP
select LIST@ .
:goal{eq[@ri]: L:List @ nil = L .}
-- by induction on L
:ind on (L:List) .
-- check
:apply (SI TC RD) .
--> QED
--> ================================================================

--> ================================================================
--> Proof score for proving that _@_ is associative, 
-->  'eq[@assoc]: (L1:List @ L2:List) @ L3:List = L1 @ (L2 @ L3) .'
--> with the induction on the L1:List
--> ----------------------------------------------------------------
-- proof with SpecCalc/CITP
select LIST@ .
:goal{eq[@assoc]: (L1:List @ L2:List) @ L3:List
                  = L1 @ (L2 @ L3) .}
-- by induction on L1
:ind on (L1:List) .
-- check
:apply (SI TC RD) .
--> QED
--> ================================================================

--> ----------------------------------------------------------------
--> lists with associative append _@_
--> ----------------------------------------------------------------
mod! LIST@a(X :: TRIV) {
pr(LIST(X))
-- notice that associativity {assoc} 
-- and right identity [@ri] are already proved
op _@_ : List List -> List {assoc} .
eq [@1]: nil @ L2:List = L2 .
eq [@2]: (E:Elt | L1:List) @ L2:List = E | (L1 @ L2) .
eq [@ri]: L1:List @ nil = L1 .  
}

--> ----------------------------------------------------------------
--> lists with reverse operations
--> ----------------------------------------------------------------
mod! LISTrev(X :: TRIV) {
pr(LIST@a(X))
-- one argument reverse operation
op rev1 : List -> List .
eq rev1(nil) = nil .
eq rev1(E:Elt | L:List) = rev1(L) @ (E | nil) .
-- two arguments reverse operation
op rev2 : List List -> List .
eq rev2(nil,L2:List) = L2 .
eq rev2(E:Elt | L1:List,L2:List) = rev2(L1,E | L2) .
}

--> ================================================================
--> Proof score for proving that rev1 distributes over _@_
--> reversely, i.e.
-->   'eq[rev1@]: rev1(L1:List @ L2:List) = rev1(L2) @ rev1(L1) .'
--> with the induction on L1:List
--> ----------------------------------------------------------------
-- proof with SpecCalc/CITP
select LISTrev .
:goal{eq[rev1@]: rev1(L1:List @ L2:List) = rev1(L2) @ rev1(L1) .}
-- by induction on L1
:ind on (L1:List) .
-- check
:apply (si tc rd) .
--> QED
--> ================================================================

--> ================================================================
--> Proof score for proving that rev1(rev1(_)) is the identity
--> function (rev1rev1), 
--> i.e.  'eq[rev1rev1]: rev1(rev1(L:List) = L .'
--> with the induction on L:List
--> ----------------------------------------------------------------
-- proof with SpecCalc/CITP
mod LISTrev1rev1 {
pr(LISTrev)
-- proved property
eq[rev1@]: rev1(L1:List @ L2:List) = rev1(L2) @ rev1(L1) .
}
select LISTrev1rev1 .
:goal{eq[rev1rev1]: rev1(rev1(L:List)) = L .} .
-- by induction on L
:ind on (L:List) .
-- check
:apply (si tc rd) .
--> QED
--> ================================================================

--> ================================================================
--> Proof score for proving:
-->     'eq[rev2@]: rev2(L1:List,L2:List) = rev1(L1) @ L2 .'
--> with the induction on L1:List
--> ----------------------------------------------------------------
-- proof with CITP
select LISTrev .
:goal{eq[rev2@]: rev2(L1:List,L2:List) = rev1(L1) @ L2 .} .
-- by induction on L
:ind on (L1:List) .
-- check
:apply (si tc rd) .
--> QED
--> ================================================================

--> ****************************************************************
--> enf of file
eof
--> ****************************************************************